SSH Connection to Linux Over Active Directory and Centrify


Need to start providing On call support to  some of our DB Servers that are running on Linux Hosts.

Being able to ssh to the boxes is essential.



Downloaded Putty from here.



Connection Attempt

Launched Putty.exe, thanks goodness no installation needed.

The Putty Screen is very minimal:

  1. Host Name or IP address
    • xxxx01
  2. Port
    1. 22




Connection Attempt




Using keyboard-interactive authentication.
Password :
Access denied

Active Directory

To do

Have your Active Directory support group add you to the impacted AD Group





net group [ADgroup] /domain
net group grpLinuxDBA /domain





Have Centrify Administrators do the following:

  1. Create an account for you
  2. Add you to an existing group that has access to the Linux DB Hosts
  3. Grant explicit sudo access  to created account or inherit from group membership

BTW, the Centrify product that we use is listed here.




CentOS – Blank Screen – No Login


Yesterday, I installed CentOS v7 on a refurbished box.  I went the “Server with GUI” option, but upon starting up for the first time, the usual login screen is not coming up.

I have a dull blank screen, rather than one that lists my username.



Took to the net and found a few people had similar problems.  The most widely promulgated option is to edit the /etc/default/grub configuration file and look for the “GRUB_CMDLINE_LINUX” entry.

And, go on to add “video=LVDS-1:d” to the end of the current contents of the entry.



  1. Access Terminal window via pressing the key combination CTRL-ALT-F2
  2. Login from the terminal by entering the username and password
  3. The configuration file /etc/default/grub is read only and so change the file to writable
  4. Edit in vi or your choice editor as sudo
    • Look for the “GRUB_CMDLINE_LINUX” entry and add “video=LVDS-1:d” to the end of the current value.
  5. Reconfigure using grub2-mkconfig
  6. Reboot your computer



Here are the steps in detail.


Access Terminal mode by pressing the key combination CTRL-ALT-F2.  The Terminal Screen should appear.


Logging from the Terminal

Logging from the Terminal by entering your username and password.


Launch vi in sudo mode

sudo vi /etc/default/grub


Edit /etc/default/grub

Add ” video=LVDS-1:d

grub-20160813-1143PM ( Before )


grub-20160813-1146PM ( Before)

Reconfig Grub

sudo grub2-mkconfig -o /boot/grub2/grub.cfg




No original thoughts here!

Credits go out to the guys ( scubastevesama) who spoke about it on Reddit.

And, the ones ( Josef Holland ) who blogged about it.


CentOS Login Screen

  1. centos 7 installation issue, no login screen – scubastevesama
  2. Josef Holland – Disable Laptop LCD Completely on boot
  3. [RESOLVED] Atom D510 – 6.0 updated to 6.1 – became confused about monitor configuration
  4. Install on a laptop with external monitor only


Editing /etc/default/grub

  1. Amanda Folson – Modify File Permissions with chmod
  2. I need to change the Read Only in gedit to Read/Write

Automatic Web Proxy Discovery and Client Configuration in MS Windows Environment



For most of us that work in Corporate MS Windows Environment, our Internet Gateway \ Proxy configuration is pretty hidden.

At home, we either have direct connections to the Internet, have a gateway assigned to us by our ISP, or get on the Internet through our own Router or Wireless Access Point (WAP).


Corporate Environment

On the other hand, while at work in a Corporate Environment, when we do the following:

  • Access Control Panel
  • Access Internet Options
  • In the “Internet Properties” window, access the “Connections” tab
  • Within the “Local Access Networks (LAN) settings” group box, click the “LAN Settings” button
  • In the “Local Access Network (LAN) settings” window, you will be able to review your Proxy settings

Our available choices are

    • Automatically detect settings
    • Use automatic configuration script
    • Use a single Proxy Server
    • Access to configure proxy server based on traffic type ( HTTP/FTP, etc)




Inquiry Mind

So to put it subtly an Inquiry mind wants to know.  Which server is proxy-ing our web traffic.

Well that is where WPAD comes in?


Honorable Mentions

Richard Hicks

His article “Configuring Web Proxy Automatic Discovery (WPAD) in Forefront Threat Management Gateway (TMG) 2010” knocks the topic out of the park.  It stimulates my thinking, and notice that I did not say it stimulated my thinking.

Richard is a Microsoft’s Enterprise Security MVP; and he does that acknowledgement well.


Web Proxy Automatic Discovery

There are a couple of ways that a machine acquires its Internet’s Client Configuration

  • DHCP
    • For machines that do not have fixed IP Addresses, the network’s DHCP server can return the Internet Proxy Server as part of the initial Network Configuration configuration.  That is, when returning other Client Configuration data such as the Assigned IP Address, Gateway Address, and Subnet mask.
    • As Richard’s article pointed out, for bigger networks with a stable of Proxy Servers, we are able to designate specific Proxy Servers on subnet basis.  That is we specify Proxy Server T1 for Building A, and another Proxy Server, Proxy T1, for Building D.
  • DNS
    • DNS Server Configuration
      • Create “A” DNS records for each Proxy Server
      • Create “C” records that point to the various “A” records.
      • The C records will bear the name WPAD
    • Client Configuration/Requests
      • DNS Clients issues requests for WPAD
      • The DNS Server will return the IP Address for one of the “A” records

Which One are we using?


I honestly can not say for sure whether we are getting Internet proxy configuration via DHCP.

I will have to use a Network Traffic Tool and review its requests and the response from the DHCP to answer affirmatively.


But, I can say that we are using DNS; solely or in addition

Query DNS for WPAD Records

  • Access Console
  • Issue DNS Query

Query Syntax

nslookup WPAD




When we use nslookup and issue WPAD query against our default DNS Server, we get back

  • DNS Server
    • Server :- The name of the responding DNS Server
    • Its IP Address
  • WPAD
    • Name :- The name of the WPAD Server
    • Addresses :- The A records IP Addresses
    • Aliases :- The “C” records

Network Connections

Let us review our current network connections and see if we indeed have traffic going to our stated Proxy Server: 

netstat -anb | find [Proxy-Server]
netstat -anb | find "10.4."






Most Web Browsers have been coded to able to work with WPAD.

On the other hand, 3rd Vendors might not have augmented their applications likewise.



Here we configure Notepad++ with our Proxy Server, its IP Address and Port Number.  And, later our Network username and password.

Plugin Manager Settings


Proxy Credentials:




Installation Failure

But, sadly our installation of our plugin failed.




Why you ask me:

To determine why our install failed, we have to dig a bit deeper and see if there are log files created by Notepad++.

Notepad++ developers are good ones and you know they are smart.

Here is where Update Log files are and where they are not:

  • C:\Program Files (x86)\Notepad++\plugins = No
  • C:\Users\[username]\AppData\Roaming\Notepad++\plugins\config\plugin_install_temp\plugin1 = Yes

Here is our Proxy Log:



The identifying error is:

  • Error Code: 407 Proxy Authentication Required. Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209).



  • Yes, I wish we had a WIN
  • But, our corporate security is a bit complex
    • We do not have traditional username/password, but smart badge and accompanying pin
    • Yes, I have Internet access for my regular user tied into the Smart Badge
    • But, it is very unlikely that I have Internet access on my Admin Account



Kenny Chesney & Kid Rock – LuckenBach Texas

At the end of the song their is an exchange between Kenny & Kid Rock; it reads

How they did it in 80 ….
If you listen to this song, you are listening to something real

Don’t listen to something else
At 4:00 O’Clock in the morning

Thank God, they get to stay up till 4 O’Clock in the morning, doing what they are happy doing.

And, as for me, thank Goodness for Richard Hicks and other MVPS.

I will take the advice of the singers here; as I am unlikely to listen to anyone else.



Security Vendors

VLC on CentOS – Installation


Time was one would have to search around to find Video and Audio codec files to play videos on a personal computer.  But, like Mase and Brandy “I have sat on top of the World” since someone introduced me to VLC.

From that time till now, that is all I use on MS Windows, Apple OSX, and Linux.



Googled for tested paths towards installing VLC on CentOS.  The links that came up are:

The instructions basically states that we should avail the EPEL repository along with the RPMForge repository.


Repository – EPEL

The EPEL repository contains prerequisite files.

# EPEL6 is an add on repository for RHEL and it's variants. It contains packages that
# are not shipped
sudo yum localinstall --nogpgcheck

# epel-release-6-8.noarch.rpm
sudo rpm -Uvh


Repository – RPMForge

The RPMForge repository contains the VLC RPM.

We will prepare our system for RPMForge installs by doing the following:

  • Install the repository GPG Key
  • Download the rmpg-release package
  • Verify the downloaded package
  • Install the package
  • Review the installed package


Based on the instructions available @ – Additional Resources >> Repositories >> RPMForge ( ), here is a quick script that we used.


# Install RPMForge

#Install DAG's GPG key
sudo rpm --import

#Download the package (x64)
sudo wget -O "rpmforge-release-0.5.3-1.el6.rf.i686.rpm"  ""

#Download the package (x32)
sudo wget -O "rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm" ""

#Verify the package you have downloaded
rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm

#Install the package
sudo rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm

#Review Package
sudo rpm -qa | grep -i rpmforge


Ensure VLC RPM Package Availability

Using “yum info“, let us make sure that everything is in place for a good install.


Sample :

sudo yum info vlc

Output :




Install VLC


Install VLC via rpm.

Sample :

sudo yum install vlc






Once installed, one can initiate the app from the terminal mode by issuing VLC.

Or via the desktop menu – Sounds & Video \ “VLC Media Player”.




I experienced a couple of problems preparing the repositories. I was able to scale them through others well lighted path.

I have documented those steps below:


Error: Cannot find a valid baseurl for repo: rpmfusion-free


sudo yum localinstall –nogpgcheck


sudo yum localinstall –nogpgcheck


But, got the same error:

Error: Cannot find a valid baseurl for repo: rpmfusion-free


Solution Guide

How to fix rpmfusion-(non)free repo error in CentOS 6.4


The steps are:

  • Identify the Repository that rpmfusion is using
  • Remove Fedora RPM Fusion files
  • Install Prerequisite (EPEL 6)


Which Repo is rpmfusion* using?

Query active repositories by issuing “yum repolist enabled” request:

yum repolist enabled | grep -i rpmfusion


listRepos for rpmFusion

We can see that rpmFusion is using the one for Fedora 6.

Remove Fedora Files

Remove installed rpmfusion repositories

#RPM Fusion for Fedora 6 - Free
sudo rpm -e rpmfusion-free-release

#RPM Fusion for Fedora 6 - Free - Updates
sudo rpm -e rpmfusion-free-updates-release   



Identify Redhat CentOS ( EL ) Files

Identify the files that we need:

Visit and be sure to identify the URL to the files that we need for EL (Enterprise Linux ).




Install CentOS Files

Here is the script that we used for installing the RPMFusion files:


# EPEL6 is an add on repository for RHEL and it's variants. It contains packages RHEL.
# yum local install
sudo yum localinstall --nogpgcheck

# epel-release-6-8.noarch.rpm
sudo rpm -Uvh

# Install RPMFusion - v6 - free - works on 32/64 bit
sudo yum localinstall --nogpgcheck 

# Install RPMFusion - v6 - nonfree - works on 32/64 bit
sudo yum localinstall --nogpgcheck




Error: ERROR 22 – “The requested URL returned error: 403 Forbidden”



sudo yum localinstall –nogpgcheck
But, got the error: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 403 Forbidden”

Trying other mirror.

Error: Cannot retrieve repository metadata (repomd.xml) for repository: CentALT. Please verify its path and try again


Validate Problem

Review the current contents of the /etc/yum.repos.d/centalt.repo file.



cat /etc/yum.repos.d/centalt.repo






Solution Guide

Here is the link we will follow to hopefully repair the problem.

repository metadata (repomd.xml) for repository: mratwork-centalt

which states to change from a specific URL to a mirrored one.

In essence we are changing the baseurl from$basearch/ to$basearch/.




# mkdir /etc/yum.repos.d/deprecated/20140823
sudo mkdir -p /etc/yum.repos.d/deprecated/20140823

#backup file
sudo cp /etc/yum.repos.d/centalt.repo /etc/yum.repos.d/deprecated/20140823

#Change baseurl from old to new$basearch/$basearch/ 
sudo sed -i 's/\/centalt/g' /etc/yum.repos.d/centalt.repo



References – Linux Installation Tools

References – Tool – YUM


References – Tool – RPM


References – Tool – Generic


References – Repository

References – Repository – epel


References – RPMForge


References – Linux Commands


References – Linux Commands – sed


References – VLC – Installation


References – VLC – Installation – Q&A



References – Repository – Installation – Errors


References – Error – Repository Metadata (respond.xml) for repository – CentAlt


References – Error – Fix rpmfusion


Technical: Linux – CentOS – Connected Servers Shares not showing up in some “File open” Dialogs

Technical: Linux – CentOS – Connected Servers Shares not showing up in some “File open” Dialogs


In Google Chrome and Firefox, I am a trying to upload some images from a network computer, but those shares are not showing up.


Connect to Server

Imagine for a few minutes, you are on your Linux box and you need to connect to your WIndows box and upload some files \ images.

Im my case, my Linux box is a CentOS and so from my desktop, I access the Desktop Menu bar and click on the menu items Places and “Connect To Server …”.




Windows Shares Not Visible

Unfortunately, based on my Application, I have a slightly different Open Dialog:















The major differences for me is that  in gEdit, I am able to locate my network shares… That slot is “/danieladeniji/<server-name>” and in our example it is only visible (as the last entry on the left panel) in gEdit.


Using Samba, Mount Windows Resources\Shares

Install Utilities

Install Utilities – samba-client

sudo yum install samba-client

We are good… as we got back

Package samba-client-3.6.9-168.el6_5.i686 already installed and latest version


Install Utilities – samba-common

sudo yum install samba-common

We are good… as we got back

Package samba-common-3.6.9-168.el6_5.i686 already installed and latest version
Nothing to do


Install Utilities – cifs-utils

sudo yum install cifs-utils


We are good… as we got back

 Package cifs-utils-4.8.1-19.el6.i686 already installed and latest version

Using Samba, Mount Windows Resources\Shares


Create Mnt Folder

sudo mkdir /mnt/demobox__DanielAdeniji

Mount Mnt Folder

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm


By the way had a lot of problems with this step.  Pasted below are some of incorrect entries we entered and the corresponding errors.


Aliased Hostname 

When I tried issuing against an alias name

sudo mount --verbose -t cifs //aliasName/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm


When we tried obfuscating our hostname by adding an alias name to our hosts files, and targeting that aliasname, here is the error message we get

mount error(5): Input/output error


Crediting Pastorino



Incorrect Password

If the password is incorrect

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi,sec=ntlm

wrong password

mount error(13): Permission denied



If Password contains special characters

If the password contains special characters such as !

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password=candi!,sec=ntlm

you will get an error message, such as “event not found

bash: !,sec=ntlm: event not found

to correct quote your password

sudo mount --verbose -t cifs //demobox/DanielAdeniji /mnt/demobox__DanielAdeniji -o username=dadeniji,domain=labdomain,password='candi!',sec=ntlm

see we replace candi, with ‘candi!’


List Mount Points

Using the mount command, we will list our mount points


mount -v



mount -v | grep -i "Daniel"






List Mount Point Contents

Using the mount command, we will list our mount points


ls /mnt/<folder>



ls /mnt/demobox__DanielAdeniji | more


Mounted Folders

So though we still can not view connected servers, we can access our Windows Shares through the mnt folders (/mnt)





Windows Computer Names and Aliases

Btw, to use aliases for MS Windows host names, place them in your /etc/samba/lmhosts file.



This is one way you can avoid the “mount error(5): Input/output error” we spoke about earlier.

Keep in mind that trying to use the /etc/hosts will not do.


I am going to dedicate this post to Bart and Jorge Castro.  They firmly, yet economically stated this question in a Q/A post titled “gvfs – How do applications open from/save to smb shares? – Ask Ubuntu” ( ).

For me, a newbie, clear and concise concerns helps declutter my space and rather than waste time trying to see if my environment is not properly setup, I can spend cycle trying to bridge seeming implementation gaps.



References – Mounting Windows Share – Blog


References – Mounting Windows Share – Q/A


References – Off Topic

Desktop – Linux \ Windows – Unable to move Application Windows as Top Bar is not visible


There are so much we do on the computer that we are not even aware how we do it. For example, moving and resizing a screen we know we click on something and start moving things around.

But, when we can not do it, we try to see if there alternatives to the more obvious pathways.



My problem has occurred a couple of times in the last few days. I am moving things out of the way and then all of a sudden, I am unable to to move the Application Screen back to focus.




In the image pasted above, I am no longer able to move and resize my Chrome Application.


I googled for ways to move things around, but was unsuccessful at describing the problem appropriately.

The best help came via:

Ask Leo – I can’t see the top of a window so I can’t minimize/maximize or close – what can I do


His advice is that I should invoke the System Menu, via keystrokes; specifically ALT-spacebar.

So went back to the little window that is still visible and click in the client Area; there by making sure that the Application is the Active Window and thus the recipient of any key.

And, then hold down ALT while pressing the space-bar.


Once we did so, we have a nice system menu that, and I can now access the “Move” option.

I suppose I could have accessed ALT-F7, all this time.

Prior to know, I was using CTRL-Shift-W to close otherwise orphaned Chrome Windows.

Chrome – Keyboard Shortcuts


Thanks Leo.



Technical: DNS – Query for Name Server (NS) – On Linux\CentOS Using Dig

Technical: DNS – Query for Name Server (NS) – On Linux\CentOS Using Dig



Install – whois

Install whois:

sudo yum -y install jwhois


Install – dig

As Dig is part of the bind-utils, install bind-utils

sudo yum -y install bind-utils




Using Dig

On Linux, we can use dig to query for Name Servers.

Using Dig – Query System’s default Name Server


dig  NS <domain-name> +noall +answer



dig  NS +noall +answer





In the example above, we are querying the system’s default Name Server.  And, asking it for the authoritative nameservers for the domain.


Using Dig – Target specific name server

In case something is wrong with our default named server or our default Named Server has been configured not to forward DNS Queries, we can target another DNS Server.



dig  @NS <domain-name> NS +noall +answer



dig  @  NS +noall +answer +stats



DigQueryForNameServer- target specific server



In the example above, we are specifically targeting an AT&T named server ( and querying for domain NameServers.

We do not really need the stats answer block (Query time, Server, when), but included it so that we can confirm that our result came from the specific server that we requested that it comes from.

To exclude stats data, remove +stats or add nostats.



Using Dig – Query DNS Server (and got back SERVFAIL)

Using dig, query DNS Server and we are getting back SERVFAIL.


dig  <domain-name> NS



dig NS






[dadeniji@adelia tmp]$ dig NS

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> NS

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0


;; Query time: 42 msec
;; WHEN: Mon Apr 28 10:23:04 2014
;; MSG SIZE rcvd: 33

[dadeniji@adelia tmp]$ 



In the example above, we are querying a DNS Server and getting back an error status, specifically SERVFAIL.

SERVFAIL means that an authoritative server is registered, but it is unreachable or faulty.


Using Dig – Query DNS Server tracing delegation path

Using dig, query DNS Server and note the delegation path.


dig  <domain-name> +trace



dig +trace



[dadeniji@adelia tmp]$ dig NS +trace

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> NS +trace

;; global options: +cmd
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
. 319385 IN NS
;; Received 496 bytes from in 727 ms

com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
;; Received 505 bytes from 2001:7fe::53#53(2001:7fe::53) in 1038 
ms 172800 IN NS 172800 IN NS

dig: couldn't get address for '': no more

[dadeniji@adelia tmp]$ 



In the case listed above we asked for a trace on what dig did, and it says that the root servers were queried and returned our ns1 and ns2 name servers.

But, we were unable to get the address for ns1.

Upon taking a second look, you might also notice that the first query went to the root servers and we were referred to the servers.

Keep in mind that * servers are authoritaive for .com top level domain.


Who Is

As one plays more with dig, you might find it important to make sure that your NameServers are properly recorded, as well.

The whois utility provides a nice complement to dig.

whois <domain-name>



whois | egrep 'Name Server'






Helpful Hints

Helpful Hints – When specifying Name Server

When specifying Name Server using @NS, see if you can use IP Address , as the initial DNS resolution for NS might itself fail.

Helpful Hints – When querying for specific Name, place a period at end of full name

When querying for a specific name, please place a period at end of the name to indicate that the default name (resolv.conf in linux) not be appended to the hostname.



References – Installation


References – DNS Examples

References – DNS TroubleShooting


References – DNS TroubleShooting – Trace


References – DNS – Q&A