Blog, Linux
MikroTik WiFi CAP Configuration
- Terminology
- CAP device is the abbreviation for Controlled Access Point
- CAPsMAN is the CAP manager and has an enabled CAPsMAN service
- WinBox is a desktop application for managing Mikrotik devices
WinBox can be installed on Linux as a snap package and is probably
the easiest way to connect to a Mikrotik device, since it uses Layer 2 network
communication and therefore does not require an IP address in the LAN subnet.
- MikroTik device
When MikroTik device is first powered up, the default IP address is
192.168.88.1, admin password is empty and the SSID
is Mikrotik. If LAN subnet is different, the easiest way
to change configuration is to connect via WiFi to open the web
configuration at 192.168.88.1.
- Select Quick Set (top right) and select CAP in combobox just below
- Configure network address
- Choose MikroTikCAPsMAN as router identity
- Select Bridge All LAN Ports as router identity
Use UP arrow to revert back to default in options to follow when setting up a configuration
or device settings which refers to some other configuration.
- CAPsMAN manager device
- CAP device (controlled by CAPsMAN)
The easiest way to configure a CAP device is by connecting via WinBox and
linking the device to a CAPsMAN manager.
- Connect to the device using WinBox
- Navigate to Quick Set using the menu on the left
- Set mode (combo box at top) to CAP
- Set Address Acquisition to Automatic
- Set Address Source to Ethernet
- Select Bridge All LAN Ports
- Set Router Identity to a unique name on the LAN
- Change password
- Press OK
- Navigate to Wireless using the menu on the left
- Select the WiFi Interfaces tab
- Press CAP button
- Select Enabled
- Set Interface to wlan1
- Set Certificate to none
- Set Discovery Interface to ether1 (if devices are linked via ethernet)
- Set Bridge to bridgeLocal
- Press OK
- References:
Blog, Linux
Recover a Linux installation after loosing the administrator user password
- Download a Linux live CD
It can be any linux distro as long as your architecture is the same as the installation.
Lets go with Ubuntu desktop, because instructions may be slightly different for different
distros.
https://ubuntu.com/download/desktop/thank-you?version=20.04.2.0&architecture=amd64
- Burn the ISO to a CD
- Boot the machine with lost password from the CD
In the case of Ubuntu, you will have the option to “Install Ubuntu” or “Try Ubuntu”.
Select “Try Ubuntu”, otherwise you risk formatting your disk(s).
(You might have to select a language somewhere in the process)
- Start terminal
When Ubuntu desktop is ready, click on “Activities” or press the Windows button. When
activity search appears, type “term” – the “Terminal” app should appear – open it.
- From the terminal, execute the following:
sudo bash
# You should now be "root" user
Find disks and partitions
Use any combination of the following commands to get information about partitions:
fdisk -l
lsblk
Valid entries should look like this:
/dev/sd*
/dev/nvme*
Create a mount point to work with
mkdir -p /mnt/linux
Figure out on which drive Linux is installed
The partion where Linux is installed, should typically have an “ext4”
filesystem if it is a recent version of Ubuntu, but it may be different if
other options or distros were installed. Here is an example of how you would
check if a partition (e.g. /dev/sda1) contains linux:
mount /dev/sda1 /mnt/linux
ls /mnt/linux/boot
If anyone of these fails, Linux is not on it. You can umount the partition with the following command
if this is the wrong partition before moving on to check another partition:
umount /mnt/linux
Having found a Linux partion, do the following:
chroot /mnt/linux
If this fails, this is not the partition you are looking for. However, if the installation is a x86 installation
it will not work if you booted an amd64 cd. The error message should be very clear and you should
then download an older version of Ubuntu or Lubuntu that is x86 – you can use this link:
https://cdimage.ubuntu.com/lubuntu/releases/18.04.5/release/lubuntu-18.04.5-desktop-i386.iso
Add user or change password
If the chroot command succeeded, you should now be root user in the installed linux and you
can manipulate the users and configuration. To create a temp user with admin rights, do the following:
useradd -d /home/tempadmin -m -s /bin/bash -g users -G sudo tempadmin
passwd tempadmin
(You can also change existing user passwords using passwd command)
Now edit ssh configuration to make sure you can log in via ssh: (this tutorial
assumes openssh-server was installed on the machine.
nano /etc/ssh/sshd_config
You need to comment out “AllowUsers” or “AllowGroups” lines, since they might block your new user.
You also need to enable “PasswordAuthentication yes”
On the server in question, the rest of the settings should be ok. Save the and close the file (Ctrl+X)
Unmount the partition
unmount /mnt/linux
You can now and reboot normally
Once machine is booted completely, follow these steps:
- First log in with your newly created username
- Open a terminal and get the address with one of the following commands:
ip a
ifconfig
Check whether routing and DNS is configured correctly:
ping 8.8.8.8
ping www.google.com
Test ssh access
Now you can test ssh access using the address you got earlier trying to ssh to the machine from a different workstation.
ssh tempadmin@
If the only other machine you have is a Windows without Linux For Windows installed, you can download Putty from
https://www.ssh.com/ssh/putty/download
Check if the user has administrator access
The last thing you need to check is if the user is an administrator:
sudo bash
whoami
You would need to enter your password, but then whoami should report
that you are root.
Disclamer: Anyone using any of these instructions do so at their own risk. Neither the author or anyone or any company related to this site takes any responsibility for effects performing any of the tasks on any device.
Blog, Linux
Get information of underlying hypervisor from Linux VM
Execute the following command in the VM
sudo dmidecode | grep -i -e manufacturer -e product -e vendor
Blog, Linux
Fedora network install via PXE boot – Unix & Linux Stack Exchange
Fedora network install via PXE boot – Unix & Linux Stack Exchange
It is also possible to setup a Proxy DHCP service for PXE. Thus, the existing DHCP server does not need to be changed. A normal Linux system (e.g. a workstation) can then be used to host the preboot execution environment (PXE).
Following steps are necessary to setup a PXE for net-booting a Fedora network install image (assuming also a Fedora host):
Verify the Image
$ gpg --verify Fedora-Server-21-x86_64-CHECKSUM
$ sha256sum --check Fedora-Server-21-x86_64-CHECKSUM
Fedora-Server-netinst-x86_64-21.iso: OK
Mount the Image
mkdir /mnt/iso
mount -o loop Fedora-Server-netinst-x86_64-21.iso /mnt/iso
DHCP Setup
yum install dnsmasq tftp-server syslinux-tftpboot
The tftp-server package is just for creating the directory /var/lib/tftpboot, dnsmasq already has a tftp server integrated.
The config:
cat > /etc/dnsmasq.conf
interface=enp0s25
# and don't bind to 0.0.0.0
bind-interfaces
# extra logging
log-dhcp
dhcp-range=192.168.178.0,proxy
# first IP address is the one of the host
dhcp-boot=pxelinux.0,192.168.178.34,192.168.178.0
pxe-service=x86PC,"Automatic Network Boot",pxelinux
# Specify the IP address of another tftp server
enable-tftp
# default location of tftp-server on Fedora
tftp-root=/var/lib/tftpboot
# disable DNS
port=0
Start it:
systemctl start dnsmasq.service
Setup TFTP directory
Copy all needed files:
cp /mnt/iso/images/pxeboot/initrd.img /var/lib/tftpboot
cp /mnt/iso/images/pxeboot/vmlinuz /var/lib/tftpboot
cp /tftpboot/pxelinux.0 /var/lib/tftpboot
cp /tftpboot/vesamenu.c32 /var/lib/tftpboot
cp /tftpboot/ldlinux.c32 /var/lib/tftpboot
cp /tftpboot/libcom32.c32 /var/lib/tftpboot
cp /tftpboot/libutil.c32 /var/lib/tftpboot
Add config:
mkdir /var/lib/tftpboot/pxelinux.cfg
cat > /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
prompt 0
# disable timeout
timeout 0
#timeout 600
# if file is missing, this is ignored
display boot.msg
label linux
menu label Install Fedora 21 Server x86-64
kernel vmlinuz
append initrd=initrd.img inst.stage2=http://workstation.example.org/
Setup HTTP Server
yum install nginx
Configure instance:
cat > /etc/nginx/conf.d/iso.conf
server {
listen 80 default_server;
server_name localhost;
root /mnt/iso ;
include /etc/nginx/default.d/*.conf;
}
Disable the default instance/move it to a different port:
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -43,7 +43,7 @@ http {
include /etc/nginx/conf.d/*.conf;
server {
- listen 80 default_server;
+ listen 8080 default_server;
server_name localhost;
root /usr/share/nginx/html;
start the server:
systemctl start nginx.service
The Fedora installer (dracut) basically just needs to get one file from that
http server:
LiveOS/squashfs.img
Configure Firewalld
firewall-cmd --add-service=http
firewall-cmd --add-service=dhcp
firewall-cmd --add-service=tftp
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --add-service=tftp --permanent
Boot Clients
That’s it. Clients are know able to network boot via PXE and get the Fedora netinstall image.
Variations could be: Adding a kickstart file (and setting a timeout) for a fully automatic network install, configuring different PXE settings for different clients (based on the MAC address), etc.
Cleanup
The daemons can be stopped and the loopback image can be unmounted:
systemctl stop nginx.service
systemctl stop dnsmasq.service
umount /mnt/iso
Security Note
This method should only be executed in a trustful intranet because the netboot client gets its config and several images absolutely unsecured over TFTP and HTTP.
Blog, Linux
Auto proxy configuration using DHCP
(DHCP3 server required)
For more information, see Web Proxy Autodiscovery Protocol
Also look at Microsoft Technet
Some handy javascript functions
This file assumes the IP of the DHCP server as well as the proxy servers are 192.168.0.1
apt-get install apache2 dhcp3-server
Edit /etc/apache2/httpd.conf and add this line:
AddType application/x-ns-proxy-autoconfig .dat
Edit /etc/dhcp3/dhcpd.conf (as well as /etc/ltsp/dhcpd.conf) and add this line:
option custom-proxy-server code 252 = text;
option custom-proxy-server “http://192.168.0.1/wpad.dat”;
Create the proxy configuration file ( /var/www/wpad.dat ). The code is javascript and the
function you have to implement is FindProxyForURL. Example contents to follow:
function FindProxyForURL(url, host)
{
// Add hostname exceptions for sites you do not want to
// proxy e.g. internal servers
if(shExpMatch(url,”*.softco/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*.softco:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*micky/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*micky:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*pluto/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*pluto:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*goofy/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*goofy:*/*”)) { return “DIRECT”; }
// End hostname exceptions
// If you want to allow a specific IP range to go direct, use the line
// below or remove it
if(isInNet(host, “10.0.0.0”, “255.0.0.0”)) { return “DIRECT”; }
if(isInNet(host, “192.168.0.0”, “255.255.0.0”)) { return “DIRECT”; }
if(isInNet(host, “172.16.0.0”, “255.240.0.0”)) { return “DIRECT”; }
// End network exceptions
// Always bypass for localhost – make sure these 3 lines remain
if (shExpMatch(host, “localhost*”) || shExpMatch(host, “127.0.0.1*”)) {
return “DIRECT”;
}
// The browser is on a specific network, so send it a specific proxy to use
// This is useful for multi-subnet networks with multiple CensorNet servers
// Remove if you do not need this
if(shExpMatch(url,”*.archive.ubuntu.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.archive.ubuntu.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.security.ubuntu.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.security.ubuntu.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*download.virtualbox.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*download.virtualbox.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*ppa.launchpad.net/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*ppa.launchpad.net:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*dl.google.com/linux/*/deb/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*dl.google.com:*/linux/*/deb/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*packages.medibuntu.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*packages.medibuntu.org:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*www.scootersoftware.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*www.scootersoftware.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }
// Finally, if it isn’t to be bypassed and is not localhost, return
// the proxy IP and port to use
return “PROXY 192.168.0.1:3128”;
}
