Archive

Archive for October, 2010

Creating a custom Forefront TMG 2010 OWA FBA logon page

October 22, 2010 30 comments

Today I looked for a solution to edit the default OWA logon page. In our company we use a Form Based Authentication that is configured on a Forefront TMG 2010 server. Currently we are running an Exchange 2003 SP2 Frontend server. The OWA logon page looks like this by default:

OR

There is a way to configure this to our liking. Kay Sellenrode of platini.nl made an FBAeditor to configure this in an easy way. This tool does not have a way to change the color of the logon button and explanation text so at the end of this post i show you how to change that as well. So lets create some fancy company OWA logon screens.

Requirements
FBAeditor – can be found here (http://blogs.platani.nl/?p=257)
Company logo 115 x 456 pixels in GIF format
Company logo 115 x 500 pixels in GIF format

Steps

  • First make a backup of C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ with all sub directories
  • Run FBAeditor on the TMG server and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\ (click on Source Dir)

  •  Now change the page you want to edit to : usr_pwd.htm (1.)
  • Picture name : lgntopl.gif (2.)
  • Text Language : select your country (3.)
  • Select your new company logo (4.)
  • Select apply to all pages and click apply. (5.) Now all htm files will be changed with the new company logo.
  • By pressing Preview Page you can take a look on how its going to be. (6.)

  • Many organizations don’t have 2 or more domains so we can change the domain\username text to Username
  • Now change the page you want to edit to : usr_pwd.htm (1.)
  • Select username (2.)
  • Change the text from domain\username to Username  (3.)
  • Confirm the change by clicking Change Text (4.)

  • When you are clicking on Preview Page you will see that the button and the explanation text has a color that does not match with the rest of the logon page. There is not a way that you can change this via the FBAeditor tool. We can achieve this by editing a file manually.

  • Start notepad and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\logon_style.ccs
  • When looking through the file you’ll see a section that has entries like #eb9c12 and #f9b133. These are the colors used by the logon button.

  • You can change this by entering your own required color. You can find the color codes here
  • To change the explanation text you must look for the entries #ff6c00

  • You can change this by entering your own required color. You can find the color codes here
  • Also it is possible to change the Internet Explorer tab name by starting the FBAeditor en change the OWAWindowTitle text box to your liking
  • If required you can change the ISA html files as well they can be found here C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ISA\HTML\
  • If all went well you have a fancy FBA logon page like this :

  • Note: I found out that the Forefront TMG caches these pages somehow so I had to reboot the server to get the new pages active. -> Arturo pointed out that you only need to start the firewall service to reflect these changes.
Advertisements

Generate passwords into an Excel file

October 18, 2010 Leave a comment

There are alot of user accounts mutations when a new school year starts. Creating hunderds of new user accounts can be a hassle and all those new accounts also need an password. This little script will generate passwords and place them into an excel file. This excel file can be used to create all those accounts with the generated password.

‘enable debugging
Option Explicit

‘create memory for objects
Dim objExcelRange, objExcelRange1, objExcelRange2, objExcel, objExcelWorkbook, objExcelCell
Dim objPasswordLoops, objRandomCharacter, objPasswordMFactor, objPasswordNumber, objPasswordChar, objPasswordNext

‘define globale constants
Const strExcelFileName = “D:\student.xls”
Const strExcelBoxTitle = “Password Generator for an Excelfile”
Const strPasswordLength = 6
Const  strPasswordCharacters = “abc1de2fg3hi4jk5lm6no7pqrs9tuvw0xyz”

‘asking for values
objExcelRange1=InputBox(“Enter value for the first cell” & VBCRLF & “(Example: G2) :”,strExcelBoxTitle,”G2″)
objExcelRange2=InputBox(“Enter value for the last cell” & VBCRLF & “(Example: G100) :”,strExcelBoxTitle,”G100″)
objExcelRange = objExcelRange1 & “:” & objExcelRange2

‘create an excel instance and open workbook
Set objExcel = CreateObject(“Excel.Application”)
Set objExcelWorkbook = objExcel.Workbooks.Open(strExcelFileName)

‘generate password for every cell entered into inputbox
For Each objExcelCell In objExcel.Range(objExcelRange)
 objExcelCell.Value = StrPassword(strPasswordLength,strPasswordCharacters)
Next

‘close and save excelfile
objExcelWorkbook.SaveAs strExcelFileName
objExcel.Quit

‘*************************************************************************
‘***********************      Functions       ****************************
‘*************************************************************************
Function GenIt(objPasswordMFactor)
 Randomize
 GenIt=INT(RND()*objPasswordMFactor)+1
end Function
‘*************************************************************************
Function StrPassword(strPasswordLength,strPasswordCharacters)

StrPassword = “”

objPasswordMFactor = Len(strPasswordCharacters)

For objPasswordNumber=1 to strPasswordLength
 objPasswordChar = GenIt(objPasswordMFactor)
 objPasswordNext = Mid(strPasswordCharacters,objPasswordChar,1)
 StrPassword = StrPassword & objPasswordNext
Next
End Function
‘*************************************************************************
‘*************************************************************************
‘*************************************************************************

Install and configure Cacti v0.8.7g on Ubuntu v10.04.1 step by step

October 14, 2010 2 comments

On many occasions I am asked on how to monitor SNMP based systems with a low budget.
There are many commercial tools that can fulfill this request however they mostly require a lot of funding. Environments like schools or universities require a low cost solution.
A good solution would be cacti running on a linux based guest OS.
In this article I am going to explain on how to configure this in an Lab environment.

Required products
VMware Workstation (http://www.vmware.com/products/workstation/)
Linux Ubuntu v10.04.1 (http://www.ubuntu.com/server)
Cacti v0.8.7g and Plug-ins (http://www.cacti.net/)

Required steps
Step 1. Preparing VMware Workstation
Step 2. Install and Configure Ubuntu v10.04.1
Step 3. Install and Configure v0.8.7g and Plug-ins

Step 1. Preparing VMware Workstation

  • Install VMware Workstation on your computer
  • Start VMware Workstation
  • Choose create New Virtual Machine

  • Choose: Typical and click on <NEXT>

  • Choose: I will install the operating system later. and click <NEXT>

  • Choose: Linux and the appropriate version and click <NEXT>

  • Choose: Virtual Machine Name and File Location and click <NEXT>

  • Choose: 10 GB as disk size (as you prefer offcourse) and click on <NEXT>

  • Click: Customize Hardware

  • Set memory size to 1 GB

  • Set CD/DVD to use the ubuntu ISO file you downloaded

  • Choose the appropriate Network Connection

  • Click: <OK> and <FINISH>

Step 2. Install and Configure Ubuntu v10.04.1

  • Power on the virtual machine and the installation will start
  • Choose as language : English

  • Choose: Install Ubuntu Server

  • Choose Language: English – English

  • Choose your country

  • Choose your keyboard layout

  • Choose: Configure Network Manually

  • Choose an unused Ip Address that can reach the SNMP based devices you want to monitor

  • Choose the subnetmask

 

  • Choose the default gateway (if any)

  • Choose the DNS server

  • Choose an hostname

  • Choose the appropriate domain name

  • Choose your partitioning method

  • Select the partition

  • Write changes to disk : Yes

  • Add an user account called : administrator

  • Again add an user account called : administrator

  • Add an password for the account administrator : adminpass

  • Add the same password again for verification

  • Encrypt Home Directory : No

  • Enter a proxy account if needed

  • Choose : no automatic updates

  • To install cacti we need : Linux, Apache, Mysql and PHP (LAMP)

  • Choose a password for the mysql root user : mysqlpass

  • Add the same password again for verification

  • Install the GRUB boot loader : Yes

  • The installation is complete

 Step 3. Install and Configure v0.8.7g and Plug-ins

  • Login with administrator with password adminpass

administrator@CACTI:~$  sudo –i
root@CACTI:~# cd /
root@CACTI:/#  apt-get update
root@CACTI:/#  apt-get install php5 php5-cli php5-gd php5-mysql php5-cgi php5-snmp -y
root@CACTI:/#  apt-get install ssh -y
root@CACTI:/#  apt-get install snmp -y
root@CACTI:/#  apt-get install rrdtool –y
root@CACTI:/#  apt-get install sendmail –y
root@CACTI:/# mkdir cacti-install
root@CACTI:/# cd cacti-install
root@CACTI:/cacti-install/# wget http://www.cacti.net/downloads/cacti-0.8.7g.tar.gz
root@CACTI:/cacti-install/# tar –zxvf cacti-0.8.7g.tar.gz
root@CACTI:/cacti-install/# mv /cacti-install/cacti-0.8.7g/ /var/www/cacti
root@CACTI:/cacti-install/# groupadd cacti
root@CACTI:/cacti-install/# useradd -g cacti cactiuser
root@CACTI:/cacti-install/# chown –R cactiuser /var/www/cacti/rra
root@CACTI:/cacti-install/# chown –R cactiuser /var/www/cacti/log
root@CACTI:/cacti-install/# chmod –R 777 /var/www/cacti/log
root@CACTI:/cacti-install/# chmod –R 777 /var/www/cacti/rra
root@CACTI:/cacti-install/# mysql –u root –p

mysql> set password for root@localhost=password(‘rootpassword’);
mysql> create database cactidb;
mysql> grant all on cactidb.* to root;
mysql> grant all on cactidb.* to root@localhost;
mysql> grant all on cactidb.* to cactiuser;
mysql> grant all on cactidb.* to cactiuser@localhost;
mysql> set password for cactiuser@localhost=password(‘cactipass’);
mysql> flush privileges;
mysql> exit

root@CACTI:/cacti-install/# mysql –u root –p cactidb < /var/www/cacti/cacti.sql
root@CACTI:/cacti-install/# nano /var/www/cacti/include/config.php

$database_type = “mysql”;
$database_default = “cactidb”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactipass”;
$database_port = “3306”;

root@CACTI:/ nano /etc/crontab

*/5 * * * * cactiuser php5 /var/www/cacti/poller.php > /dev/null 2>&1

root@CACTI:/cacti-install/# wget http://www.cacti.net/downloads/spine/cacti-spine-0.8.7g.tar.gz
root@CACTI:/cacti-install/# tar –zxvf cacti-spine-0.8.7g.tar.gz
root@CACTI:/cacti-install/# mv /cacti-install/cacti-spine-0.8.7g/ /usr/local/spine
root@CACTI:/cacti-install/# cd /usr/local/spine
root@CACTI:/usr/local/spine/# apt-get install automake -y
root@CACTI:/usr/local/spine/# apt-get install autoconf -y
root@CACTI:/usr/local/spine/# apt-get install libtool -y
root@CACTI:/usr/local/spine/# apt-get install libsnmp-dev -y
root@CACTI:/usr/local/spine/# apt-get install libsnmp-base -y
root@CACTI:/usr/local/spine/# apt-get install libsnmp15 -y
root@CACTI:/usr/local/spine/# apt-get install libmysqlclient15-dev -y
root@CACTI:/usr/local/spine/# aclocal
root@CACTI:/usr/local/spine/# libtoolize –force
root@CACTI:/usr/local/spine/# autoheader
root@CACTI:/usr/local/spine/# autoconf
root@CACTI:/usr/local/spine/# automake –add-missing
root@CACTI:/usr/local/spine/# automake
root@CACTI:/usr/local/spine/# ./configure
root@CACTI:/usr/local/spine/# make
root@CACTI:/usr/local/spine/# make install
root@CACTI:/usr/local/spine/# cp /usr/local/spine/spine.conf.dist /usr/local/spine/spine.conf
root@CACTI:/usr/local/spine/# nano spine.conf

DB_Host  localhost
DB_Database  cactidb
DB_User  cactiuser
DB_Pass  cactipass
DB_Port  3306
DB_PreG 0

root@CACTI:/usr/local/spine/# cd /var/www/cacti
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/data_source_deactivate.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/graph_list_view.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/html_output.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/ldap_group_authenication.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/script_server_command_line_parse.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/ping.patch
root@CACTI:/var/www/cacti/# wget http://www.cacti.net/downloads/patches/0.8.7g/poller_interval.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < data_source_deactivate.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < graph_list_view.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < html_output.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < ldap_group_authenication.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < script_server_command_line_parse.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < ping.patch
root@CACTI:/var/www/cacti/# patch -p1 -N < poller_interval.patch
root@CACTI:/var/www/cacti/# cd /usr/local/spine
root@CACTI:/usr/local/spine/# wget http://www.cacti.net/downloads/spine/patches/0.8.7g/unified_issues.patch
root@CACTI:/usr/local/spine/# patch -p1 -N < unified_issues.patch
root@CACTI:/usr/local/spine/# cd /cacti-install/
root@CACTI:/cacti-install/# wget http://mirror.cactiusers.org/downloads/plugins/cacti-plugin-0.8.7g-PA-v2.8.tar.gz
root@CACTI:/cacti-install/# tar –zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
root@CACTI:/cacti-install/# cp -r /cacti-install/cacti-plugin-arch/files-0.8.7g/* /var/www/cacti
root@CACTI:/cacti-install/# cd /var/www/cacti
root@CACTI:/var/www/cacti# patch -p1 -N –dry-run < /cacti-install/cacti-plugin-arch/cacti-plugin-arch.diff
root@CACTI:/var/www/cacti# patch -p1 -N < /cacti-install/cacti-plugin-arch/cacti-plugin-arch.diff
root@CACTI:/var/www/cacti# nano /var/www/cacti/include/global.php

$database_type = “mysql”;
$database_default = “cactidb”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactipass”;
$database_port = “3306”;

root@CACTI:/var/www/cacti# nano /var/www/cacti/include/config.php

$database_type = “mysql”;
$database_default = “cactidb”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactipass”;
$database_port = “3306”;
$url_path = “/cacti/”;

root@CACTI:/var/www/cacti# mysql -u root -p cactidb < /cacti-install/cacti-plugin-arch/pa.sql
root@CACTI:/var/www/cacti# cd plugins
root@CACTI:/var/www/cacti/plugins# wget http://docs.cacti.net/_media/plugin:settings-v0.7-1.tgz
root@CACTI:/var/www/cacti/plugins# mv plugin\:settings-v0.7-1.tgz settings-v0.7-1.tgz
root@CACTI:/var/www/cacti/plugins# tar –zxvf settings-v0.7-1.tgz
root@CACTI:/var/www/cacti/plugins# wget http://docs.cacti.net/_media/plugin:monitor-v1.2-1.tgz root@CACTI:/var/www/cacti/plugins# mv plugin\:monitor-v1.2-1.tgz monitor-v1.2-1.tgz
root@CACTI:/var/www/cacti/plugins# tar –zxvf monitor-v1.2-1.tgz
root@CACTI:/var/www/cacti/plugins# mysql -u root -p cactidb < /var/www/cacti/plugins/monitor/monitor.sql
root@CACTI:/var/www/cacti/plugins# wget http://docs.cacti.net/_media/plugin:discovery-v1.1-1.tgz root@CACTI:/var/www/cacti/plugins# mv plugin\:discovery-v1.1-1.tgz discovery-v1.1-1.tgz
root@CACTI:/var/www/cacti/plugins# tar –zxvf discovery-v1.1-1.tgz
root@CACTI:/var/www/cacti/plugins# mysql -u root -p cactidb < /var/www/cacti/plugins/discovery/discover.sql
root@CACTI:/var/www/cacti/plugins# wget http://docs.cacti.net/_media/plugin:mactrack-v2.9-1.tgz root@CACTI:/var/www/cacti/plugins# mv plugin\:mactrack-v2.9-1.tgz mactrack-v2.9-1.tgz
root@CACTI:/var/www/cacti/plugins# tar –zxvf mactrack-v2.9-1.tgz
root@CACTI:/var/www/cacti/plugins# mysql -u root -p cactidb < /var/www/cacti/plugins/mactrack/mactrack.sql
root@CACTI:/var/www/cacti/plugins# wget http://docs.cacti.net/_media/plugin:spikekill-v1.2-1.tgz root@CACTI:/var/www/cacti/plugins# mv plugin\:spikekill-v1.2-1.tgz spikekill-v1.2-1.tgz
root@CACTI:/var/www/cacti/plugins# tar –zxvf spikekill-v1.2-1.tgz

  • Choose <NEXT>

  • Choose <FINISH>

  • Enter username : admin and password : admin and click <Login>

  • Add a new password to your liking and click <Save>

  • Choose settings

  • Choose path and enter the spine poller path and click on <Save>

  • Choose Poller and change the poller to spine and click on <Save>

  • Choose user management and click on admin

  • Enable plugin management en click op <Save>

  • Choose plugin management en install & enable all plugins

  • Now you are ready to add devices and monitor your SNMP based devices.

This concludes my article about installing and configuring cacti v0.8.7g on Ubuntu v10.04.1. I hope you found this article usefull and feel free to comment.

%d bloggers like this: