Password Recovery on an F5

Password Recovery on an F5

So you’ve locked yourself out of your F5, possibly because you fatfingered the root/admin passwords, or a previous employee forgot to put them into the password manager…

The First article to follow is K13121: Changing system maintenance accounts passwords.  Now this information is *awesome* if you actually still are able to log into the device with one or the other (root or admin’s) passwords.  Or you’re able to login to the device remotely.

My problem however was that since the license had expired for the device, I could not log in at all as RADIUS & LDAP authenticaiton did not work, and I did not know the root or admin passwords.

So, then you’re stuck?  Factory reset the thing?

Well, since the F5 is a linux device, you have an out…

The particulars are in article K4178: Restarting the BIG-IP system in single-user mode, because, at its base, the F5 is a linux machine.

Key here is to reboot the device (i.e. you need to have phyiscal and console access — If you’re virtualized, you’ll need to login to your VMware device and get to the virtual console).  Once the device is rebooted, you intercept the Grub boot loader, and do the normal linux “append ‘single’ to the kernel options”.

Eventually you’ll find yourself at a root shell prompt “#”.  Now the fun begins and the article goes off the rails.

It states to ‘mount -a’, which the system already did.  In essence ‘mount -a’ runs through the fstab to mount all partitions as they would be at boot time, so this is just a double-check step to ensure you have the ‘/config’ directory mounted.

Next step is to use the ‘passwd root’ command, which unfortunately only changes the password on the local linux system. I found I had to edit the password located in /config/bigip_user.conf file.

auth user root {
    description none
    encrypted-password $1$abcefghi$ABCDEFGHIJKLMNOPQRSTUV
    shell bash

Notice the “encrypted-password” bit. The $1 states it’s a MD5 hash, the fact that there’s an 8 character string enclosed by $ means that it’s a Salted MD5 hash. So what you have to do is create a new hash and replace it in the file.

Since python is the defacto network engineer’s scripting language, you’ll need to use the `passlib` module.  You can read (and see where I stole this information from) the passlib documentation online too.

$ sudo pip install passlib
Collecting passlib
  Downloading passlib-1.7.1-py2.py3-none-any.whl (498kB)
    100% |████████████████████████████████| 501kB 329kB/s
Installing collected packages: passlib
Successfully installed passlib-1.7.1
$ python
Python 2.7.5 (default, Aug  4 2017, 00:39:18)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from passlib.hash import md5_crypt
>>> h = md5_crypt.hash("abc123")
>>> h

Since you’re going to have to type the value of h (i.e. the Salted MD5 hash) into a text editor in the other system’s console, and you might not be able to copy and paste, you may want to run the

h = md5_crypt.hash("abc123")

command until you get an easier one to type.

On the F5, change directory to /config:

# cd /config

Then copy the existing file to a backup (“cp bigip_user.conf bigip_user.conf-backup-20171204”) so you can restore it if you need to.

vi or pico the bigip_user.conf file, and replace the value of the encrypted-password with the hash you created using python.

Once that’s done, save the file, and reboot the device.

That’s what worked for me. Your mileage may vary.

Git Squash

Git Squash

Googling squashing commits in git doesn’t quite give proper help for a neophyte…

So when you’ve made your final commit:
> git add .
> git commit -m “Foobar”

Then you need to deal with your changes from master…
> git rebase -i origin/master

Change all but the top `pick` to `fixup`
(which will rebase and squash in one fell swoop).

If you get a rebase problem (like you committed and pushed but now are trying to rebase/squash with no changes), you’ll probably need to `git reset –soft HEAD^`)

Then when you go to push `git push origin branch` and it spits back to you a `non-fast-forward` issue, don’t be meek, tell freaking git you want to push, so force it: `git push origin branch -f`, because what it’s telling github to do is to overwrite all the previous commits with the single one you’re pushing… so github wants to keep all the history, while you don’t, so you have to force github to your will.

Juniper WiFi and Chromecast

Juniper WiFi and Chromecast

Had a problem getting the Google Chromecast to associate with my Juniper WLC100 Controller.

First though, when setting up the Chromecast, your “configuration device” i.e. either your computer or tablet or phone, will change its wifi configuration several times during the setup, so be prepared to lose internet access at times. I decided to use my Samsung Galaxy S4 instead of my WiFi.

The unfortunate thing with Juniper is that WiFi has never been their strong suit. They purchased the really horrible Nortel WiFi assets in 2001. They redeemed themselves with their purchase of Trapeze Networks, but really Trapeze was third place in the controller-based WiFi, with Airespace as the leader (purchased by Cisco and now the center of Cisco’s WiFi product), and Aruba as the best of breed that wasn’t Cisco. And now Juniper has done a mea culpa and has in essence, bailed on Trapeze by collaborating with Aruba.

Because of Junipers ever present lack of a Junos Enterprise WiFi product (the CLI on the WLC is still Trapeze’s), there’s really no effort spent in documenting and supporting the product.

The Chromecast seems to use Multicast for its discovery process. Cisco documents this and how to get things to work on their controllers. I took this as an indication that the WLC probably was blocking the broadcast-based Multicast.

To get the Chromecast to associate

1) On the GUI, go to Wireless->Services, and turn on Multicast Conversion on your SSID:

Multicast conversion
Enable/Disable Multicast to Unicast conversion.

2) Apply, OK, then System->VLANs and turn off IGMP enabled on the VLAN.

It seems counter-intuitive, but because the Multicast used by Google isn’t a “True” multicast, you have to turn off all the help on the network devices to do address this issue.

Oh, and another thing; try not to stream from a WiFi connected device if you can avoid it. The quality will be bad because you’re using 3x the WiFi bandwidth (From the internet to you, then from you to the AP to then to the Chromecast.) Try using something connected via Wired Ethernet if you can.




Quick Git Docs:

Delete a branch:
git branch -D branchname

Back to Master:
git pull –rebase origin master #update

To make a Pull Request:
git checkout -b mynewbranch
—make changes—
git add, commit, push,etc.

Pocket Knights

Pocket Knights

So there’s this stupid MMO for IOS & Android called Pocket Knights.

There’s not a lot of information out about the specifics of the game itself.

The game is a card game of sort.  You have hero cards and gear cards.  Each card has a Star Level (i.e. a “Potential”), an experience level, and a tier.  The star level + tier level set the number of experience levels your card can have.  So a 3 star card at tier level 2 can be experience level 1 to 40.

Each card can be sacrificed to “Fortify” (i.e. add experience to) another card.  The amount of experience the card is converted into is based upon it’s Star Level and Experience Level. A 1 star 1st level card will typically provide 100 experience points to the card it is fortifying.

There are two exceptions to this; the Chest Monster card, and the Pearl card (Hero & Gear).  The chest monster and the pearl cards’ base is 500 experience points.

Each hero has 7 other characteristics:

  1. Race
  2. HP (Hit Points)
  3. ATK (Attack)
  4. DEF (Defense)
  5. CRIT (Criticals)
  6. CRIT Skill – Skill used at CRIT level 100
  7. Leader Skill – Bonus applied when hero is the leader of the party.

As an example:



Hero Rory is a 1 Star, 1st Tier Hero.  Exp Level of 1/10, Race is Human.  HP: 360, ATK:35, DEF: 55, CRIT:40.  CRIT Skill: Heavy Strike — Attack an Enemy.  Leader Skill: HP Boost Lv1 — 10% HP Boost at the beginning of the battle.

A list of known heros:

Read More Read More

Chicago Mitsuwa

Chicago Mitsuwa

If you haven’t been to one, you wouldn’t know that Mitsuwa is almost as close as someone in the United States will get to visiting Japan without actually leaving the US.

Mitsuwa is the largest Japanese supermarket in the United States (so says their website.) I’d say that’s only about half right. It’s more of a mini-mall; it has a grocery store, with produce, fresh meats, baked goods, and all the standard grocery things you’d expect in a store. Then it goes further with rows outfitted with rice cookers, beauty products, bento boxes, and the things that no good Japanese person would do without.

By half right, I’ve really only described half the store. The other half is other storefronts; a Japanese book and music store, video store, ceramic ware, and the food court. Now, an American is only used to a food court at the local mall, with the slew of fast food joints that they expect. The Mitsuwa food court is completely different. Each store is pretty unique; given that I’ve been to both the Edgewater NJ Mitsuwa and the Chicago Mitsuwa, I’ve seen that they’re different in stores.

Basically, you can get your standard Japanese quick lunch fare. One store serves ramen, another udon and soba dishes, pre-made sushi, and even Korean dishes.

This past business trip I made to Chicago, we were a scant 3 miles from Mitsuwa; we ended up eating lunch there 3 out of 4 days. The prices were adequate (the cost of 2 jumbo chicago hot dogs, a box of fries and a pop cost about the same), and the food was something you have trouble finding outside of most asian districts in big cities.

So I happened to pick up (with much restraint) 3 boxes of Pocky I’ve never seen before.

Pocky Mint
Mint Chocolate Pocky

Mint Chocolate Pocky. It tastes a bit like those Andes after dinner mints, so you should definitely pick some of these up and put them in a glass so your guests can have a minty refreshment after dinner.

Also, Pocky Milk Chocolate Salty ☆ I found Milk Chocolate Salty☆ Pocky. This was your normal pocky, with some salt embedded into the chocolate. It gave the chocolate a different taste, but shot the sodium counter through the roof.

Lastly, the oddly named ピーナッツNutcream Pocky. Really, this is a creamy peanut butter pocky, instead of the normal chocolate pocky. Quite tasty.

Multi-Display + Multi-Head in Linux == Big Mess

Multi-Display + Multi-Head in Linux == Big Mess

I apologize in advance if this post is a bit ranty, but it goes to point out the fundamental flaws in the Linux desktop architecture and why Linux will never replace Windows as a true desktop OS of the masses.

The underlying problem is the graphical user interface itself, known as XOrg, X11, Xwindows, etc. Because of a drive for a “one install fits everything” model, the 25 year old software has support for hardware that hasn’t been seen for 25 years.

With requirements like that, there’s little room for monumental improvement. For example, in 2007, the world was told that Xinerama (an extension that makes multiple screens easy) was being depricated and would be replaced with RandR. However, even in the brand new X11R7.7, RandR still did not have multiple GPU support, and Xinerama is still required.

The next issue is the support for proprietary video drivers. Such support requires a multi-level approach to patching that any non-linux system administrator would easily falter and installing them. The issue is a licensing issue, not a functionality issue. It’s much easier to download and install under the covers and have an end user click a License acceptance term box than what is required to install these drivers.

I heard yesterday that Gabe Newell (of Valve/Steam/Portal/Team Fortress 2/etc) ripped Windows 8 and wants to run more games on linux.

Gabe, if you’re going to run more games on linux, you need to do something about the GUI in Linux. To do this, you’re going to have to accomplish one of 3 things:

  1. Start up a 4th competing GPU company with open-sourced hardware/software that can compete with NVidia, ATI and Intel
  2. Convince NVidia and ATI to truly open-source their drivers.
  3. Replace XOrg/XWindows/X with something that truly can compete.

To show the difficulty here, I’m documenting my hell with trying to get a Multi-GPU Multi-Display Desktop up and running.

My desktop is a Dell Optiplex Gx 980 Tower . I have two ATI Radeon HD3450 cards installed, with 4 displays total, two per card.

For ease of use, Ubuntu 12.04LTS is the OS of choice.

First Step: Install off Ubuntu LiveDVD 12.04 downloaded from Burned this to a DVD. Rebooted.

Choosing to Download updates while installing, and install third-party software. Then chose to install one big fat partition. Chose Timezone, English Keyboard. Created my user and computer name. Chose not to import anything from my last attempt at this; Fresh Install! Rebooting.

After Rebooting, Ubuntu/X has only put video on two of of the monitors.
I then removed network-manager, hard set my IP address the old-fashioned way, and then got to making a normal machine. Got rid up cups, which seems to be a herculean task as Ubuntu wants to install gobs of HP drivers. Then installed openssh-server so that I can connect to this machine from my laptop.

At this point in time I finally logged into the GUI front end, as all the previous work was done at the console. Except now Ubuntu wanted to send an error report back to Canonical. Seems like aptd crashed, and seems to be a known issue. Since the bug seems to be fixed in a newer version, I used updated manager to update the machine – 370 packages need updating. Because it seemed to update the kernel, I rebooted.

Task #1: Make it such that the 2 displays I have are not displaying the same thing. Using the Unity desktop, I began by looking under System Settings. There’s a nice thing there fore displays. This was simple for me to take off the screen mirroring, but it still only detected two displays.

So I decided to do what an inexperienced person might do; search thru the Ubuntu Software Center to see if there was something there for multiple GPUs. While some applications come up in an App-Store like way, the majority of packages are basically extended apt-cache information; hardly usable for a normal user.

Oh, and during this time, Compiz crashed. This was the first issue to come up due to my non-standard setup. Compiz is software that uses OpenGL to provide pretty things for GUIs (drop shadows, etc). Segfault-Crash; having to do with edge detection, so I’m assuming it was supposed to detect when the mouse pointer moved over a window to do something graphical.

Since I couldn’t find anything immediate in the settings, I ventured to click on “Additional Drivers.” To my amazement, it told me that no proprietary drivers were in use, but that I could activate the ATI/AMD FGLRX driver. So I did, with no expectations that they’d actually install. This way I was not surprised when it didn’t. “Sorry, installation of this driver failed. Please have a look at the log file for details: /var/log/jockey.log”

At this point in time, your normal desktop user bails, since /var/log/jockey.log has no meaning to them, and if they just happen to figure out how to pull up the file in a textfile viewer. So, when it spits out “DEBUG: XorgDriverHandler(%s, %s).enabled(): No driver set, not checking” that barely qualifies for “Hey this didn’t work, fix it.” Of course, %s %s is a bad bad issue in any text output, seems like someone didn’t have anything to pass in a printf line, or screwed up and forgot to actually pass any variables.

Since that didn’t work, I then activated the non-post-release updates driver. This actually installed with a “You need to restart the computer to activate this driver.”

Everything Starts Going Bad…

After rebooting, X had decided to re-mirror my displays again. So, then I went back into System Settings, and un-mirrored them and hit apply. And at this point, started my long slog into the problems that is XWindows.

A display box said “The selected configuration for displays could not be applied required virtual size does not fit available size: requested=(2560, 1024), minimum=(320,200), maximum=(1280,1280)” Adding insult to injury, clicking OK gets “Failed to apply configuration: %s GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._gnome_2drr_2derror_2dquark.Code3: requested virtual size does not fit available size: requested=(2560,1024), minimum=(320,200), maximum=(1280,1280).” Note again, the %s.

So, back to Additional Drivers. Hey, the ATI/AMD FGLRX graphics driver is activated and currently in use. Maybe this time I can activate the post-release updates driver… Nope, “/sys/module/fglrx_updates/drivers does not exist, cannot rebind fglrx_updates driver”

So at this point in time, a normal user now has a broken install, and something that can’t run but a single display. Regardless of me having two GPUs, this issue affects any ATI user with dual monitors.

I then did what any normal person would do: Google!
First Link: States I need to run the Catalyst Control Center. Found it in Unity, using the search.

Started it up, Told it to Muliple-Display desktop with display(s) 2. And… Reboot. Who ever said you never had to reboot in Linux.

Back into System Settings, And ‘lo and behold, I’ve now got non-mirrored displays. Oh, and Compiz Crashed again.

So, now I’ve got two monitors, again, but not 4.

Dmesg shows that Linux at least detects my two cards:
[ 1.791232] vgaarb: bridge control possible 0000:02:00.0
[ 1.791233] vgaarb: bridge control possible 0000:01:00.0

And the fglrx driver does see both devices:
[ 13.206517] [fglrx] vendor: 1002 device: 95c5 count: 1
[ 13.206520] [fglrx] vendor: 1002 device: 95c5 count: 2

[ 13.207209] pci 0000:01:00.0: enabling device (0002 -> 0003)
[ 13.207217] pci 0000:01:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 13.207256] [fglrx] ioport: bar 4, base 0xcc00, size: 0x100
[ 13.207263] pci 0000:02:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 13.207269] pci 0000:02:00.0: setting latency timer to 64

Using the Catalyst Control Center, there, next to the two display icons was a card icon. So I enabled that. This got me video on my other two monitors. System settings, Displays… Only two monitors. Back into CCC. All 4 monitors detected. Change Display properties, locations of monitors… Reboot.

I now have 4 monitors lit, but am unable to drag applications or “extend the desktop” to the other two. Can’t do it in CCC, can’t do it in Display properties. After installing and uninstalling both myunity and unsettings, I decided to go old school and see about turning Xinerama on. This was greyed out in CCC, so I figured I would hand-edit my xorg.conf file to override this.

At this point in time, I now have 4 monitors with Unity able to address all 4 of them. Easy right?