Category: Technology

Linked Server trying to authenticate with ANONYMOUS

Linked Server trying to authenticate with ANONYMOUS

A user needed to access one SQL server from another. No big deal. That’s just a linked server. Both servers were on the same domain and his domain account had the necessary permissions on both servers. so his authentication should pass right through. We created the linked server and told the user he should be good.

It was not good. When he expanded the Catalog on the linked server, there was nothing in it. When he tried to query the linked server, he received, “Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON'”. But he was not anonymous. He was connected to one server using his domain credentials. Why was that not passing through?

Additionally, if we opened SSMS on the server and tested the link to the other server, everything worked fine. The problem only occurred when connecting to the server remotely and then trying to access the linked server.

After way too much fruitless troubleshooting, we found an error in the event log of the user’s workstation; not the servers.

A Kerberos Error Message was received: 
on logon session 
Client Time: 
Server Time: 11:37:58.0000 11/23/2009 Z 
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN 
Extended Error: 0xc0000035 KLIN(0) 
Client Realm: 
Client Name: 
Server Realm: DOMAIN.COM 
Server Name: MSSQLSvc/server-01.domain.com 
Target Name: MSSQLSvc/server-01.domain.com@domain.com 
Error Text: 
File: 9 
Line: e2d 
Error Data is in record data.

I opened the command prompt and ran:

setspn -X

It responded back showing that there were duplicates of MSSQLSvc/server-01.domain.com and MSSQLSvc/server-01.domain.com:1433. One was associated with the server and the other with the service account. As it should be associated with the service account, We deleted the other two.

setspn -D MSSQLSvc/server-01.domain.com server-01
setspn -D MSSQLSvc/server-01.domain.com:1433 server-01

Then, everything was good.

Postfix Docker Container

Postfix Docker Container

I AM NOT A SERVER ADMINISTRATOR! In case that wasn’t clear, I am not a server administrator. What little I know about servers is enough to allow me to build one in order to my job. Everything is guessing and Googling. Recently, I had a requirement to send emails from a Docker container. Guess how many official Postfix Docker images there are. If you guessed more than zero, you were wrong. Also, you really should have seen that coming.

So I needed a Postfix image to act as a relay SMTP server for my application that was also in a Docker container. After more trial and error than I would like to admit, I got it to work. And then it stopped working. The thing is, I got it to work as a daemon. I then used the start-fg command line argument to start it in the foreground in order to keep the container running. Great idea. Almost.

When it ran as a daemon, it worked perfectly, but I couldn’t use it as a daemon because I needed it to run in the foreground. When it ran in the foreground, it gave me DNS errors. Why would DNS only work as a daemon? I spend way too much time looking for that answer.

The daemon created links or copied certain files from /etc to /var/spool/postfix/etc. The start-fg command line argument did not. It wasn’t something that I would just notice. It was something that I stumbled upon accidentally. Somewhere in the land of stack overflow, I found a hint. That hint led to an idea. That idea failed a horrible death.

The next attempt was to run as a service again and look at the contents of the /var/spool/postfix/etc directory. I then copied each of the files in it from /etc and like magic, my new container worked.

Here is the Dockerfile I used.

FROM ubuntu:18.04

EXPOSE 25

RUN apt-get update && \
  echo "postfix postfix/mailname string example.com" | debconf-set-selections && \
  echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
  apt-get install postfix mailutils -y

RUN update-rc.d -f postfix remove

RUN postconf -e syslog_name=example-smtp
RUN postconf -e mynetworks=0.0.0.0/0

RUN cp /etc/host.conf /etc/hosts /etc/nsswitch.conf /etc/resolv.conf /etc/services /var/spool/postfix/etc

CMD ["postfix", "start-fg"]

In order for you to use it, swap “example” with your domain. Enjoy.

Put Docker Somewhere Else

Put Docker Somewhere Else

After a lot of searching and a lot of testing and a lot of failing, I finally got docker to move to the location I wanted it in without it reverting back with the next update

To do this, create or edit the file at /etc/docker/daemon.json and assign the following object property to it.

{
    "graph": "/path/to/directory"
}

Then restart the daemon. So simple but so many posts with methods that did not work. Probably from previous versions of Docker. This works for Docker version 18.06.1.

A Helpful Story About Your Email Spam Filter

A Helpful Story About Your Email Spam Filter

If you are having trouble understanding your email spam filter, maybe this will help.

Imagine you are a ruler. Like a king or queen; not the measuring kind. People from all over travel to visit you. Some people come to ask your advise. Some people come to tell you about the amount of gold remaining in your treasury. Some come to tell you stories about your relatives. Then, there are some that come to trick you out of your gold. And some that come bringing diseases to your kingdom. And even some that come to you to trick you into giving them the keys to your castle.

In the beginning, it was very easy to tell the good people from the bad, but today, the number of bad people coming is so great that you often send good people away because you didn’t notice them. You decide to hire guards for your castle walls. These guards either let people into the castle when they know the person is good or when they are unsure. But in the event they are certain the person has come for bad reasons, the person is killed immediately without ever telling you. You can now focus on the good people and the kingdom is a much safer place.

The people in this story are your emails. The guards are your spam filter. I hope that helps. If not, at least it was fun to write.

Extend jQuery the Easy Way

I have an issue with not being able to read my own code. Other developers, I am sure, can relate. Especially when I have put a great deal of effort into a single file. Often this is a JavaScript file that has a whole lot of ability but not a whole lot of functionality. jQuery is one of my favorite frameworks. It is easy to use and easy to attach to. So for example, let us say I have a function that needs to be able to be triggered on a DOM element. I could send “this” to the function over and over again. Or I could let jQuery do all the work for me. I am lazy, after all.

jQuery.fn.destroy = function() {
  return this.each(function() {
    $(this).remove();
  });
};

With this, I can remove any DOM element by calling destroy. Pointless, yes, but it works and shows what I mean.

Simple enough. But what if I want options. What if I need to do more things but I should really only take one name from jQuery, right? What about this?

jQuery.fn.stuff = function(opt) {
  return this.each(function() {
    switch(opt) {
      case 'destroy':
        $(this).remove();
        break;
      case 'alert':
        alert(this.tagName);
        break;
    }
  });
};

Now, I can destroy or I can alert the user that the DOM element was a TABLE. Again, this is an example and not something anyone would actually use.

But, what if I needed to add lots of functionality and my function just ended up overflowing with an annoying level of switch statements. Eventually, I get to the point where I cannot read my own code or find the place in my code that I need to adjust.

Now for my easier, cleaner solution.

First, I create an object. In this example, we will name my object Jeff.

var jeff = {};

Now, let me give Jeff a function.

// This is a pointless function to remove DOM elements.
jeff.destroy = function(obj) {
  jQuery(obj).remove();
  return obj;
};

Jeff needs another function.

// This is a pointless function to send a message.
jeff.alert = function(obj) {
  alert(obj.tagName);
  return obj;
};

I can repeat this forever with as many functions as I want:

  1. Commenting is easy and clean
  2. There is no ugly switch statement

But what does this have to do with jQuery? Here is my easier jQuery.

jQuery.fn.jeff = function(opt) {
  // Unlike the highlander, there can be more than one.
  return this.each(function(){
  // We like options that make sense.
    if(typeof opt === 'string') {
      // Make sure Jeff knows what to do first.
      if(typeof jeff[opt] === 'function') {
        // Tell Jeff what to do.
        jeff[opt](this);
      } else {
        // Let the user know that Jeff doesn't know that trick.
        console.error('Jeff does not have a function named "' + opt + '".');
      }
    } else {
      // The user sent Jeff something silly.
      console.error('Jeff is really confused by what you are trying to do.');
    }
  });
};

And there we have it.

Routing in ASP.Net without 404 for file extensions

Routing in ASP.Net without 404 for file extensions

Ran into an interesting issue today. We have an application that I am building. One of the pieces of this is application is the ability to download file, but, since security is always important, the file isn’t where the URL says it is. Using ASP.Net routing, I can say it is in one place, when it is really somewhere else and then just output the binary data as a response. Except for that pesky file extension. If the URL doesn’t have a file extension, everything is fine. If the URL has a file extension, the StaticFile Handler takes over and gives me a 404. After far too much Googling for a work around and finding lots of almost functionality answers, I came up with this.

First, determine the path that will never have files. We can use /documents for example.  What I am saying is, the URL http://www.example.com/documents/ will never actually have any files. In fact, in my solution, the documents directory doesn’t even exist.

Now, in your web.config, add the following:

<location path="documents">
    <system.webServer>
        <handlers>
            <remove name="StaticFile"/>
            <add name="WildCardRequestHandler" verb="GET" path="*" type="System.Web.Handlers.TransferRequestHandler"/>
        </handlers>
    </system.webServer>
</location>

Now, your routes will work as expected even when there is an extension but only for that path. In other words, going to http://www.example.com/documents/test.txt will allow your handler to handle it instead of having a 404 for a file you already knew didn’t exist.