AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

4 billet(s) pour janvier 2026

AWX sur K8S Kind - partage de fichier pour les blob - Execution pods2026/01/26 10:15Jean-Baptiste
Notes rsh rcp2026/01/21 18:08Jean-Baptiste
Git - Duplication d'un dépôt2026/01/19 10:22Jean-Baptiste
Exemple simple de conf Nagios2026/01/14 10:07Jean-Baptiste

Notes windows

Charset lang

Source https://superuser.com/questions/482018/how-to-set-default-charset-in-windows-cmd

Get default charset in Windows cmd 

chcp

How to set default charset in Windows cmd ? 

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"AutoRun"="chcp 1251"

Cmd - Get the System-locale setting for the current computer 

systeminfo | findstr /B /C:"System Locale"

PowerShell - Get the System-locale setting for the current computer 

Get-WinSystemLocale
Recourci clavier changement layout keyboard

[shift] + [ctrl]

ou selon la version :

[ctrl] + [alt]

OS Architecture 32 64 bits

wmic os get osarchitecture

If a folder called C:\Program Files (x86)\ exists it also confirms it’s 64Bit

Pb réseau entreprise

ipconfig /flushdns
timeout 30
ipconfig /release
timeout 30
ipconfig /renew
timeout 30
gpupdate /force

Notes batch .bat cmd.exe

Le code de retour est renvoyé par la variable ERRORLEVEL (équivalent à RC)

Désactiver Menu Démarrer Arrêter HideShutDown

Eviter d'arrêter un hôte distant

HideShutDown 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown]
"value"=dword:00000001

Registre windows GNU+Linux

Voir : virt-win-reg

Shutdown

shutdown.exe /f /s /t 0
restart-computer -force
2025/03/24 15:06
,

Notes Windows Manager

wmctrl

Lancer une application dans un workspace spécifique 

apt-get install wmctrl
Off-Screen Window Restore

Source : https://github.com/mezga0153/offscreen-window-restore

A simple shell script that moves off-screen windows back.

This script was made to fix a bug in unity where if you have multiple monitors, when they wake up after being off some windows move off-screen. 

sudo apt-get install wmctrl x11-xserver-utils

offscreen-window-restore.sh 

#!/bin/bash
#
# This script moves back windows that have been moved off screen
#
# Author: Tine Mezgec tine.mezgec@gmail.com
#
 
width=`xrandr | grep current | awk {'print $8'}`
 
wmctrl -l -G | awk -v w=$width '{
	if ($8 != "unity-dash" && $8 != "Hud") {
		if ($3 >= w || $3 < 0) {
			system("wmctrl -i -r " $1 " -e 0," sqrt($3*$3) % w ",-1,-1,-1");
		}
	}
}'			
 
height=`xrandr | grep current | awk {'print $10'} | cut -d ',' -f1`
wmctrl -l -G | awk -v h=$height '{		
	if ($8 != "unity-dash" && $8 != "Hud") {
		if ($4 >= h || $4 < 0) {
			system("wmctrl -i -r " $1 " -e 0,-1," sqrt($4*$4) % h ",-1,-1");
		}
	}
}'
 
# restart unity to avoid problems with restored windows (unclickable areas)
unity
2025/03/24 15:06
,

Client XMPP Poezio

Poezio de prend pas (à ce jour) BOSH (XMPP over HTTPS), à la place il convient d'utiliser SSH et Corkscrew par exemple. Tunnel SSH over HTTPS Merci à l’équipe https://jappix.com/?r=poezio@muc.poez.io

Installation 

git clone git://git.poez.io/poezio
cd poezio/
python3 setup.py install --user

Install OTR http://doc.poez.io/0.9/plugins/otr.html 

git clone https://github.com/afflux/pure-python-otr.git
cd pure-python-otr
python3 setup.py install --user

Lancement automatique du plugin

~/.config/poezio/poezio.cfg 

# Colon-separated list of plugins to load on startup
plugins_autoload = otr:tell

Lancement 

~/.local/bin/poezio

~/.config/poezio/poezio.cfg 

jid = jean@acme.fr
 
# Adresse du serveur. Normalement pas nécessaire, car résolut par le DNS
custom_host = 192.168.2.100

Fichier d'erreur : ~/.local/share/poezio/logs/errors.log

2025/03/24 15:06
, ,

Notes windows - Active Directory AD - Kerberos - WinRM

Voir :

Les ports suivants sont utilisés :

  • 5985/tcp (En clair)
  • 5986/tcp (TLS)

Verif ports en écoute 

netstat -tn |findstr "5985 5986"
netsh http show iplisten
 
Get-Service WinRM

Pb Connection refused This problem occurs because one or more of the following conditions are true:

  • The application is experiencing problems or is not running ?
  • The user does not have Remote PowerShell Enabled status.
  • Windows Remote Management (WinRM) is configured incorrectly on the server.

Test avec curl

source : https://gist.github.com/g3rhard/b8a829b4932be9c3e8854656945f32d9

check_winrm.sh 

#!/bin/bash
if [ $# -eq 0 ]; then
    echo "please provide hostname or ip address"
    exit 1
fi
 
url=$1
output=$(curl -s -f -k -m 10 --header "Content-Type: application/soap+xml;charset=UTF-8" --header "WSMANIDENTIFY: unauthenticated" http://${url}:5985/wsman --data "<s:Envelope xmlns:s=http://www.w3.org/2003/05/soap-envelope xmlns:wsmid=http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>" || true);
if [[ $output == *"IdentifyResponse"* ]]
then
        echo "Online";
else
        echo "Offline";
fi

Test des domaines / contrôleurs de domaines

winrm_check_domains.sh 

#! /bin/bash
 
set -uo pipefail
 
echo "DOMAIN;IS_AD;FLUX_TCP88"
 
#for DOMAIN in $(grep -v -e '^#' domains.txt)
while read -r DOMAIN
do
        if [[ $(dig +short SRV _kerberos._tcp.dc._msdcs."${DOMAIN}" | wc -l) -eq 0 ]]
        then
                IS_DOM_AD=N
                TCP=na
        else
                IS_DOM_AD=Y
                declare -i DOM_TCP_ERR=0
                for SRV in $(getent hosts "$DOMAIN" | awk '{ print $1 }')
                do
                        echo $SRV >> plop.txt
                        timeout 2 curl -s --connect-timeout 1 telnet://"${SRV}":88 </dev/null
                        if [[ "$?" -ne 124 ]]
                        then
                                DOM_TCP_ERR=$(( DOM_TCP_ERR + 1))
                        fi
                done
                if [[ "$DOM_TCP_ERR" -eq 0 ]]
                then
                        TCP=OK
                else
                        TCP=NOK
                fi
        fi
        echo "$DOMAIN;$IS_DOM_AD;${TCP}"
# done
done < domains.txt

Connexion WinRM depuis GNU/Linux

sudo apt-get install winrm
winrm-go -hostname 192.168.237.29 -username Administrator -password "P@ssw0rd" cmd
 
sudo apt-get install txwinrm
winrm --remote 192.168.237.29 --username "Administrator" --password "P@ssw0rd" -f "select * from Win32_NetworkAdapter"
winrm --remote 192.168.237.29 --username "Administrator" --password "P@ssw0rd"

Ansible

sudo apt-get install python-pip
sudo pip install pywinrm
ansible -u Administrator -i 192.168.237.29, -m win_ping --connection=winrm -e ansible_winrm_server_cert_validation=ignore -k all
ansible -u Administrator -i 192.168.237.29, -m setup --connection=winrm -e ansible_winrm_server_cert_validation=ignore -k all

La collection ansible.windows est nécessaire.

play-test-ping-win.yml 

#! /usr/bin/env ansible-playbook
---

- name: ping win
  hosts: all
  #gather_facts: no

  vars:
    #ansible_ssh_user: 'Administrator'
    ansible_winrm_user: 'Administrator'
    #ansible_ssh_pass: 'P@ssw0rd'
    #ansible_winrm_transport: basic
    #ansible_ssh_port: 5985
    ansible_winrm_port: 5985
    ansible_connection: winrm
    ansible_winrm_server_cert_validation: ignore

  tasks:
    - name: ping
      win_ping:
./play-test-ping-win.yml -i 192.168.237.29, -k

WinRM avec Kerberos

  • dans les credentials utilisés : on met le realm kerberos en majuscules (Exemple : USER1@DOMAIN.LOCAL)
  • dans l'inventaire, on modifie la cible en lui attribuant les caractéristiques suivantes :
    • comme nom d'hôte, utilisation du FQDN : l'hôte srv1 devient srv1.acme.local
# dig any +short _kerberos._tcp.dc._msdcs.acme.local
dig srv +short _kerberos._tcp.dc._msdcs.acme.local
nslookup
set type=all
_kerberos._tcp.acme.local
_kerberos._tcp.dc._msdcs.acme.local

Dans les variables de l'hôte 

ansible_connection: winrm
ansible_winrm_host: srv1.acme.local
ansible_winrm_server_cert_validation: ignore
#ansible_winrm_port: 5986
#ansible_winrm_transport: kerberos

Pour valider la connexion Kerberos, depuis un nœud d'exécution : 

kinit USER1@ACME.LOCAL

Un mot de passe est demandé

Puis pour afficher le ticket associé. 

klist

Messages d'erreurs Ansible

Name or service not known Le nom n'est pas correct ou n'est pas un FQDN
Max retries exceeded with url.*timed out Flux pas ouverts
Server not found in Kerberos database.*timed out Le serveur n'est pas connu de l'AD (workgroup?)
Cannot contact any KDC for realm (sauf si Max retries exceeded) Le domaine n'est pas une forêt AD
Specified credentials were rejected by the server Mauvais MDP ou compte verrouillé / expiré

Pb

Pb Erreur nom compte ou MDP
$ winrm-go -hostname 192.168.237.29 -username Administrator -password "P@ssw0rd" cmd
http error: 401 -

Erreur nom compte ou MDP

Pb credentials have been revoked while getting initial credentials
Kerberos auth failure for principal SRV_APP_PLOP@ACME.LOCAL with pexpect: Client's credentials have been revoked while getting initial credentials

Le compte est verrouillé

Voir : Windows - Active Directory - Vérifier si un compte AD est verrouillé

Err - Cannot contact any KDC for realm

Erreur Ansible win_ping WinRM 

{
  "unreachable": true,
  "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), (\"Cannot contact any KDC for realm 'ACME.LOCAL'\", -1765328228)), ssl: the specified credentials were rejected by the server",
  "changed": false
}
$ dig A +short acme.local
192.168.18.172
172.16.1.248
172.16.1.246
172.16.1.249
172.16.1.247

Un seul serveur répond au ping (pb de routage) 

$ dig A +short acme.local |xargs -P5 -I '{}' bash -c 'ping -c 1 -W 2 {} >/dev/null 2>&1 && echo {}'
192.168.18.172

Les KDC sont injoignables, sauf un.
Heureusement nous avons un KDC joignable par une autre route ou sur un autre VLAN.

Solution de contournement
$ echo "192.168.18.172 acme.local acme.local." | sudo tee -a /etc/hosts

$ dig SRV _ldap._tcp.dc._msdcs.acme.local +short |awk '{print $4}' |xargs -L1 -I'{}' bash -c 'echo 192.168.18.172 {}' | sudo tee -a /etc/hosts
192.168.18.172 dc1.acme.local.
192.168.18.172 dc2.acme.local.
192.168.18.172 dc3.acme.local.
192.168.18.172 dc4.acme.local.

Autres

Ansible requires PowerShell v3.0 or newer
2025/03/24 15:06
, ,

Notes Wifi WPA wpa_supplicant

Exemple simple

Voir https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md

/etc/wpa_supplicant/wpa_supplicant.conf 

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=FR
 
network={
        ssid="Livebox-2930"
        psk="FFFFFFFFFFFFFFFFFFFFFFFFFF"
}
wpa_passphrase "Livebox-2930" | sudo tee -a /etc/wpa_supplicant/wpa_supplicant.conf

PKI avec RADIUS

/etc/network/interfaces 

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto wlp12s0
iface wlp12s0 inet dhcp
	wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/wpa_supplicant/wpa_supplicant.conf 

ctrl_interface=/var/run/wpa_supplicant
 
ctrl_interface_group=0
 
eapol_version=1
 
ap_scan=1
 
#fast_reauth=1
 
network={
	ssid="acme-wifi"
	scan_ssid=1
	key_mgmt=WPA-EAP
	pairwise=CCMP TKIP
	eap=TLS
	identity="acme-wifi@acme.com"
	ca_cert="/etc/cert/ca.pem"
	client_cert="/etc/cert/acme-wifi.pem"
	private_key="/etc/cert/acme-wifi.key"
	private_key_passwd="secret"
}

Debug 

wpa_supplicant -Dnl80211 -iwlo1 -c /etc/wpa_supplicant/wpa_supplicant.conf 
 
wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -iwlp12s0 -d -f debug.log
2025/03/24 15:06
,

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki