Random IT-Blog

Katip-Launcher | A krunner like launcher for GNOME Shell v45+ - Vibe Coding (Claude.ai) [Update]

Wed, 22 Apr 2026 00:00:00 +0000

Update

Released v75 which adds clipboard history, timers, process search and unit conversion

Disclaimer: To be clear, I did not write a single line of code,. If you find any bugs or similar, I can try to solve those using claude.ai. I also have no idea if it has any security issues, but I ran several check using several LLMs.

Handwriting Recognition Tool for Linux - Vibe Coding (Claude.ai) - Update

Sat, 21 Mar 2026 00:00:00 +0000

Hello everyone. It’s been a while.. again. Did not have anything interesting to write about.

But today I have something very cool I want to showcase to you. An application which was created entirely by claude.ai. But that is not the cool part (even though that’s pretty impressive). It’s an application I always wanted, but never found.

Fedora GNOME Yubikey LUKS2 Encryption and sudo FIDO2/2FA Authentication

Thu, 18 Dec 2025 00:00:00 +0000

Hello everyone,

today, I want to walk through setting up Yubikey authentication in Fedora GNOME. I recently configured this for my Fedora KDE workstation at work, but I find the implementation in KDE lacking. The integration feels incomplete. For example, the lock screen doesn’t detect the Yubikey until after a failed password attempt, and the login screen provides no visual indication that a hardware key is even required.

ArubaOS-CX EVPN VXLAN Configuration (Part 2)

Sat, 13 Dec 2025 00:00:00 +0000

Hello everyone,

this will be a continuation or extension or something similar along those lines :) to the post I made a couple of years ago “ArubaOS-CX Static VXLAN Configuration (Part 1)”.

This time, we will configure it, utilizing BGP EVPN. This allows it to be more dynamic and easier to manage in larger networks.

Extreme Networks Fabric Connect (SPBM/ISIS) configuration

Wed, 10 Dec 2025 00:00:00 +0000

Hi everyone,

I’ve been working at a mid-sized hospital for about a year now, and even though I mainly take care of the infrastructure and security side, every now and again, I need to change I-SIDs or VLANs on some of our switches.

Active Directory / FreeIPA Trust

Fri, 07 Nov 2025 00:00:00 +0000

Hi there,

Today, I want to create a domain trust between FreeIPA and Windows Active Directory. This will be, more or less, a continuation of the "Deploying a Linux/Windows Server Environment from Scratch" posts, though I’ll be using new deployments. I’ve already installed the operating systems and configured both FreeIPA and Windows AD. Other than that, I only created one user per domain so we can test the trust later. Here’s the data:

Windows Server in-place upgrade using an Eval ISO (update)

Sat, 23 Aug 2025 00:00:00 +0000

(Updated) Change the commands and added a few lines after the comment from Roofi.

Hello everyone,

a few weeks ago, we needed to upgrade a few Windows Server 2016 servers to Windows Server 2022. Rather than migrating the applications, we wanted to try an in-place upgrade. The applications were not mission-critical, so having them offline for a few hours, wasn’t an issue.

Veeam Backup & Replication | SureBackup Configuration

Sat, 29 Mar 2025 00:00:00 +0000

Hello there,

today, I want to check out the SureBackup feature provided by Veeam Backup & Replication. This allows us to automatically test and verify our Veeam backups.

Let’s get right into it.

For this, I assume that you have a functioning Veeam Backup & Replication installation with an Enterprise Plus or VUL license. You can also use an evaluation license if you just want to give SureBackup a try. Either way, you will need a Veeam account.

Windows Security - Part 1 | Managing Local Administrator Passwords with Windows LAPS

Sat, 08 Mar 2025 00:00:00 +0000

Hello everyone,

today I plan to set up Windows LAPS on Windows Server 2025 and test it on a Windows 11 client. We will implement this for the new company I’m working at, so before deploying it into a productive environment, I would like to test it.

Extreme Networks EXOS/Switch Engine Basics

Sun, 02 Feb 2025 00:00:00 +0000

Hello everyone, and happy new year. A bit late but oh well.

It’s been a while, but a lot has happened which kept me from posting.

Anyway, today I want to check out the Extreme Networks EXOS/Switch Engine switches.

To get started with a minimal setup (since I don’t have any physical switches available), I’ll be using GNS3 for simulation purposes. For those who may need a refresher, I previously created a guide to setting up GNS3, which can be found here.

Upgrading the Paperless-ngx PostgreSQL database to v16

Sun, 17 Nov 2024 00:00:00 +0000

Hi there,

It’s been a while, hasn’t it. Had a few stressful months, but I should be back now. So, to get back into it, I will start with something simple.

I’ve had my Paperless-ngx server running for years, using Docker to host my personal documents. The main application has been updated to the latest version, except for the database, which has remained on version 13 since its initial setup.

Manage PiHole Custom DNS entries with Ansible (Update 2)

Fri, 23 Aug 2024 00:00:00 +0000

Hi everyone, the old ansible role does not work anymore with the latest version of PiHole. I will leave it, just in case, but below you can find the new role I am currently using.

I cannot take any credit for this playbook, unfortunately I cannot find the source anymore.

Deploying a Linux Server Environment from Scratch (Part 4)

Mon, 22 Jul 2024 00:00:00 +0000

Radius Server Deployment, Integration with FreeIPA, TLS Configuration, CRL Configuration

Hello there,

today we will deploy a radius server and try to integrate it with FreeIPA. Please keep in mind, that I am not very familiar with the FreeRadius server configuration. So this is probably not the most secure way of configuring the server. I don’t know. We will implement LDAPS and TLS with FreeIPA certificates for the authentication.

Deploying a Linux Server Environment from Scratch (Part 3)

Thu, 04 Jul 2024 00:00:00 +0000

FreeIPA Automount, NFS server configuration and testing, Setting permissions

Alright, welcome back to part 3 of my “Deploying a Linux Server Environment from Scratch” series. Today we will take a look at the automount feature FreeIPA has. This will allow us to automatically map the network drives on our clients. We will also configure a NFS server. I will use the existing “TEST-SHARE” server for this, but you could deploy a new one if you wanted.

Deploying a Linux Server Environment from Scratch (Part 2)

Mon, 01 Jul 2024 00:00:00 +0000

FreeIPA settings for managing clients (Sudo Policies, Host and User certificate, automount)

Hello there,

today we are going through the settings in FreeIPA. We will set the sudo rules for the users, create a client host certificate and deploy a samba file server.

Deploying a Linux Server Environment from Scratch (Part 1) (Update)

Wed, 19 Jun 2024 00:00:00 +0000

Rocky Linux 9 Server Installation, FreeIPA (Identity, Policy Management) deployment, DHCP Installation and Linux Client Domain Join

(Update) I added the section “DHCP Dynamic DNS Update”, to allow the DHCP server to update the DNS entries.

Deploying Windows Server Environment from Scratch (Part 4)

Thu, 13 Jun 2024 00:00:00 +0000

Deploying and configuring the NPS Server, Setting up Aruba Virtual Controller for Radius authentication

Hi there,

this will probably the last part in this series. Today we will deploy and configure the NPS Server, using the certificate we generated in the previous post, for the authentication of the end users.

Deploying Windows Server Environment from Scratch (Part 3)

Wed, 05 Jun 2024 00:00:00 +0000

Setting up a Windows Certificate Authority, configuring certificate templates, setting up auto-enroll.

Hello everyone,

we continue our series, on how to set up a Windows Server Environment. Last time we configured our DHCP server, a file server and created a group policy to automatically assign a network drive to specific users.

Deploying Windows Server Environment from Scratch (Part 2)

Thu, 30 May 2024 00:00:00 +0000

Configure DHCP Server, User and Group Creation, Group Policies, Setting up a File Server

Hello there,

let’s continue with our Windows Server Environment. Last time we installed Windows Server 2022, deployed and configured the Domain Controller role.

Deploying Windows Server Environment from Scratch (Part 1)

Sun, 26 May 2024 00:00:00 +0000

Windows Server 2022 Installation and Domain Controller Deployment

Hello everyone,

it’s been a while, again. Didn’t have much to write about, and still don’t really.

But I thought, why not create a multipart post on deploying a Windows Server environment for an imaginary business. We will go through the installation of Windows Server 2022, deployment of a domain controller, setting up a file / DHCP / DNS server, certificate authority and so on.

HPE Alletra 5000 iSCSI with Proxmox using OCFS2

Tue, 02 Apr 2024 00:00:00 +0000

Hello everyone.

Today I got to play with something very special. A Nimble… I mean Alletra 5000 with 25GbE iSCSI. It’s basically a HPE Nimble with a forced cloud connection. So we needed a new name, I guess.

Setting this thing up was a pain. Just to enable the local WebUI took around an hour. One of the reasons for that, is the “ultra fast” website HPE has. I don’t know why it’s soooo slow. Nonetheless, after finally setting everything up and gaining access to the local web interface, I had the opportunity to play with it. As we’re currently exploring alternatives to VMware vSphere, I’ll be configuring it with Proxmox instead of ESXi.

Ceph Storage Cluster deployment on Rocky Linux 9/CentOS 9

Mon, 25 Mar 2024 00:00:00 +0000

Hello there, it’s been a while.

Didn’t really have a topic to write about, but today I have something a bit more fancy… at least for me.

In this post, I want to go through a simple deployment of a Ceph Cluster using 3 VMs. I will go through the steps to bootstrap the cluster using “cephadm” adding a couple of nodes and creating our first CephFS filesystem.

MinIO SSO using OpenID with Authentik

Fri, 02 Feb 2024 00:00:00 +0000

Updated: Updated Authentik to 2025.4.0, recreated the screenshots and tested the setup again.

Hi there,

today will be a short one… I think.

I want to show you, how to set up the SSO with OpenID in MinIO using Authentik. In this, I am not going to show how to deploy the applications (I already did with MinIO). So I am assuming you already have a running Authentik and MinIO server.

Deploy and configure BorgWarehouse using Docker and Ansible

Thu, 11 Jan 2024 00:00:00 +0000

Hello there,

a few days ago, when I was checking my backups on “borgbase.com”, I thought “why does nothing similar to this exist, that I can self-host”. Well, apparently there is. It’s still a very young project but already very impressive.

Setting up NTFY with Ngnix-Proxy-Manager, authentication and Ansible notifications (Update)

Thu, 07 Dec 2023 00:00:00 +0000

(Update) I added the use of access tokens.

Hi there,

today I have something pretty cool.

NTFY. An HTTP-based notification server, that also has a nice phone app. It allows me to get notification from basically anything I want. To tell you the truth, I don’t have to may use cases so far, except for failed backups. But, you can send notifications with Ansible (though it took me a while to get it running with authentication, even though it’s very simple), which makes the possibilities basically endless.

Windows Server Certificate Authority | Windows Client keeps generating new certificate

Sat, 02 Dec 2023 00:00:00 +0000

Computer Template

Just a quick one today. I deployed a Windows CA at one of our customers for an Aruba Clearpass deployment. So its main use was to generate client certificates to authenticate with Clearpass.

For whatever reason, the clients kept requesting new computer certificates every few hours. I’m not an expert in certificates, so this might be obvious to some. But it took me a while.

Configure RDP on Clients with Group Policy (Update)

Wed, 29 Nov 2023 00:00:00 +0000

Update: Forgot to include the Firewall Rule

Hello everyone.

Today, I want to show you, how to enable RDP on a client with a GPO. I wanted this for a test environment I set up.

Nothing to fancy, just the policy.

Setup SSH with MFA

Tue, 28 Nov 2023 00:00:00 +0000

Hello there,

Today, I want to write down the steps on how to set up MFA for SSH. I will also configure an exclusion for the internal network, just to showcase how that works. I created an Ansible role for this years ago, but I actually don’t remember how to configure it manually anymore. So I want to write that down.

Basic guide on deploying CheckMK and nginx SSL / HTTPs reverse proxy with docker

Tue, 21 Nov 2023 00:00:00 +0000

Hi there,

This will be a simple guide on how to deploy CheckMK, a Monitoring System.

Nothing to fancy, since I don’t have too much experience myself. I just want to test the application and write down my experience with it. I will be using Rocky Linux 8.8 for this.

Quick look at NormCap, an OCR screen capture tool

Sat, 11 Nov 2023 00:00:00 +0000

Hi there,

Today I just want to highlight an application, I found a few days ago. NormCap. A screen-capture OCR tool. Rather than taking screenshots, it uses OCR to copy the marked text into your clipboard.

Short demonstration

A quick demonstration. Let’s take this random picture of a plant pod. I want to google the name of the plant, but rather than typing it out, we can use “NormCap” to capture only the text and paste it.

Removing invalid VMs in VMWare ESXi

Wed, 06 Sep 2023 00:00:00 +0000

Hi there.

Today will be a short one.

Recently we replaced our old VMWare cluster with 3 new ProLiant DL325 Gen10 Plus v2 Servers and a MSA2062. This meant that we had old Hardware lying around for testing purposes.

After migrating the VMs and moving the hardware to another rack, we somehow lost the connection to one of the old storage systems. How it happened, I don’t really know. We must have plugged it wrong somehow, but since we do not actually need it anymore, it didn’t really matter.

Finding physical device in a network with only IP and MAC

Sat, 19 Aug 2023 00:00:00 +0000

Hi,

Today, I want to go through the process of finding a physical device in a network if you only have an IP address or a MAC address. This is my way of doing it, and it is very simple actually. Of course there could be a better way of doing it, I don’t know of.

Fedora / Rocky Linux Cloud Image deployment using cloud-init on KVM with LVM

Wed, 05 Jul 2023 00:00:00 +0000

Hello there, it’s been a while. Didn’t really have a topic.

Today I want to take a look at a simple local deployment of Rocky / Fedora. For this, I will be using cloud-init and the cloud images provided by both distributions.

HPE / Mellanox / Nvidia SN2100M | First steps, MLAG, split-cable setup

Thu, 25 May 2023 00:00:00 +0000

So, we finally received 2x HPE SN2100M switches for internal use. They will be our new switches for the 3x ProLiant DL325 Gen10 Plus v2 we recently got for our VMWare ESXi Cluster. The switches are “slightly” overkill for what we need, but they are what I got. soooo.

Cockpit | Access to the VM console created by Virtual Machine Manager

Fri, 19 May 2023 00:00:00 +0000

Hi there.

A few months ago, I started to mainly use “cockpit” for managing my virtual machines rather than “Virtual Machine Manager”. But after switching, I noticed that the console was not accessible through the WebUI. I only had the option to connect with a remote viewer, which didn’t work too reliably.

Sophos XGS VPN Provisioning File

Fri, 19 May 2023 00:00:00 +0000

In the last few weeks, I have been migrating Sophos SG to Sophos XGS for a lot of customers. One of the more tedious parts is the redeployment of VPN configurations to the clients.

As far as I know, the only way to get the user configuration for SSL VPN (which we use primarily) is for the user to log in to the user portal at least once so that the user certificate is generated. This also allows the user to download and install the file. In case we change something in the settings, like for example the encryption level, the user has to log in and download the new configuration file.

Uptime-Kuma deployment

Tue, 11 Apr 2023 00:00:00 +0000

Hello there,

This will be a rather short one today, since the setup is very straightforward. But, this way I won’t forget the name again, and maybe it helps someone.

So let’s begin.

Uptime-Kuma deployment

For this, I will be using an already existing VM with Rocky Linux 8.7. If you want to see how to install docker on Rocky Linux, you can check this post.

Headscale deployment on Fedora 37

Fri, 07 Apr 2023 00:00:00 +0000

Hi there,

Today, I want to try and go through the deployment of the Headscale control server. This is an open-source implementation of Tailscale, a commercial VPN service.

Here is an explanation from the Headscale documentation.

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using NAT traversal.

ArubaOS-CX Static VXLAN Configuration (Part 1)

Fri, 10 Mar 2023 00:00:00 +0000

Hello there,

Today, I want to set up a simple VXLAN configuration between 2 access switches connected to a VSX cluster. The cluster will be already configured. If you want to know how to set up VSX, check this post.

I will most likely create a second post, showing how to set this up utilizing EVPN.

Linux | Add self signed certificate to trusted store

Wed, 18 Jan 2023 00:00:00 +0000

Certificate Installation

A quick one today.

This is basically the same thing as in the MinIO (Part 2) post. But this way it’s more accessible.

How to add a self signed certificate to the trusted store on a linux server.

Install the package if does not exist already.

MinIO Metrics | Prometheus configuration (Part 2)

Sun, 15 Jan 2023 00:00:00 +0000

Part 1

Part 2

This is part 2 of the MinIO setup guide. Today I want to take a look at the configuration of Prometheus, for the MinIO metrics. Never used it before, so we will see how this works out.

MinIO deployment on RHEL/Rocky Linux 9 and Veeam Backup & Replication connection (Part 1)

Tue, 10 Jan 2023 00:00:00 +0000

Part 1

Part 2

Hello there,

In the previous post, I mentioned MinIO as an on-premise S3 solution. Today I want to take a look at how to deploy and while at it, also connect Veeam Backup & Replication to it.

Veeam Backup & Replication | Immutable Backup

Fri, 06 Jan 2023 00:00:00 +0000

Hardened Linux Repository

Hello there everyone.

Today, I want to check out the “Hardened Linux Repository” feature that was introduced in V11 (I think) for immutable backups. Immutable backups was already a thing before, but it utilized S3 and other object storage providers.

Sophos Enterprise Console to Sophos Central Migration

Tue, 03 Jan 2023 00:00:00 +0000

Hey there.

We have a customer who still uses “Sophos Enterprise Console”, an on-premise server for the Endpoint Protection application Sophos provides.

Since it goes EOL at the end of July 2023, we have to migrate the customer to a new Endpoint Protection solution. We talked to the customer, and he was quite happy with Sophos. So we decided to stay with them and migrate to “Sophos Intercept X with EDR” and “Sophos Intercept X for Server with EDR”. These are managed through “Sophos Central” a cloud portal. No on-prem solution anymore. Oh, well.

NetEdit | First steps on GNS3

Sat, 24 Dec 2022 00:00:00 +0000

Hello there. Today, I want to take a look at “NetEdit”. A “visual network editor” for the ArubaOS-CX switches, which can be used free of charge for up to 25 switches, if remember correctly. I never used it before, so everything you see in this post, I will have done for the first time myself.

Sophos XGS HA (Active / Passive) - ArubaOS-CX OSPF Routing - ACL

Fri, 16 Dec 2022 00:00:00 +0000

Hello there,

Today, I want to take a look at how to set up a Sophos HA Cluster connected to a layer 3 core switching. We will leave the local routing to the Aruba Switches and just handle the internet traffic on the Sophos Firewalls.

Script-Server installation and configuration on Rocky Linux 9

Fri, 04 Nov 2022 00:00:00 +0000

Hello there,

today I want to take a look at the “script-server” by “bugy”. I have been looking for a way to simply execute scripts without having to SSH into the server. And this does basically exactly what I want.

KDE Plasma Lightly Window Decorations settings does not open

Sat, 22 Oct 2022 00:00:00 +0000

Hi there,

a short one today. I an using Fedora with the KDE Plasma spin. For the theme I prefer “lightly”.

This has a bug though (at least in my installation) that prevents me from opening the “Window Decorations” settings for the theme from the system settings window.

Sophos Firewall HA cluster configuration (Part 3)

Tue, 06 Sep 2022 00:00:00 +0000

Part 1

Part 2

Part 3

Hey there. Let’s go over the Sophos XG HA cluster configuration. This will probably be the last part. If you missed the first two parts, just use the buttons above.

The XG cluster configuration is different from the UTM and a bit more involved (if you do it manually). For this setup, I will assume that the Sophos XG is fully licensed, and subscribed. Otherwise, we won’t be able to enable the Cluster.

Lenovo P14s Gen2 (AMD) | Fedora 36 KDE Plasma

Wed, 31 Aug 2022 00:00:00 +0000

Hi there,
I received a new laptop last week, replacing my old Lenovo T470. It’s still a great device but started to show its age, primarily the dual-core CPU. You can read a bit more about the system in this post.

Sophos Firewall SSL VPN / IPSec VPN configuration (Part 2)

Thu, 11 Aug 2022 00:00:00 +0000

Part 1

Part 2

Part 3

Sophos XGS 2300 and Sophos Firewall base configuration (Part 1)
Sophos Firewall SSL VPN / IPSec VPN configuration (Part 2)
Sophos Firewall HA cluster configuration (Part 3)

Hey there.

Let’s continue with the Sophos XGS setup. If you missed part 1, you can either use this link or the button up top.

Sophos XGS 2300 and Sophos Firewall base configuration (Part 1)

Mon, 08 Aug 2022 00:00:00 +0000

Part 1

Part 2

Part 3

Sophos XGS 2300 and Sophos Firewall base configuration (Part 1)
Sophos Firewall SSL VPN / IPSec VPN configuration (Part 2)
Sophos Firewall HA cluster configuration (Part 3)

Hello there,

Last week, I set up 2 “Sophos XGS 2300” in a HA cluster, to replace two older “Sophos SG 230” at a customer’s HQ. Personally, I would have left the SG 230 until they reach EOL (which should take a few more years). They work fine and, in my opinion, the SG is still far better than the XG. It’s more stable, the WebUI is faster, the UI itself is much more intuitive, and so on.

Exchange export Mailbox to PST with time frame

Wed, 27 Jul 2022 00:00:00 +0000

Hi there,

a quick one today. This is nothing new, but I needed it yesterday so decided to write it down.

Yesterday I exported a mailbox in Microsoft Exchange to PST. The file came out with 66GB which is way too large for Outlook. You can actually set registry entries to change the max allowed size for PST/OST files, but this didn’t work in my case. Always received an error message, telling me that I do not have enough system memory for that action.

New Home Server case | Fantec SRC-2080X07 (Part 2)

Mon, 25 Jul 2022 00:00:00 +0000

Hi there,

After quite some time, I finally found a PSU which is very quiet and fits (kind of) into the server case. By mere chance, I found a very small power supply from bequiet. The “bequiet! TFX Power 3 300W gold”. This is a TFX form factor which I never heard of. It’s too small for a 2U server case but this is something we can solve with a 3D-printed adapter.

Windows Fileserver Shadow Copy / Versioning | Disabling the Restore button

Tue, 28 Jun 2022 00:00:00 +0000

Hello there.

We have a customer where the “accidental” deletes and file moves got so out of hand, that I decided to enable the shadow copy service on the file server. Restoring files every two weeks is not fun.

So, let’s set it up.

Add an Alias/CNAME to Windows Fileserver

Wed, 22 Jun 2022 00:00:00 +0000

Hey there.

This will be a very short one.

Last week I had to replace a physical server at a small engineering office. This was an old Windows SBS 2011, that was only used for the AD and the file services. We migrated the mail service a couple of years ago to the cloud and WSUS started to annoy me, so I disabled it.

New Home Server case | Fantec SRC-2080X07

Sat, 11 Jun 2022 00:00:00 +0000

I’ve been looking for a new server case for a long time now. Comparing cases like the SilverStone CS380B, the Lian Li PC-Q26 and so on. I even bought a Fractal Design Define 7 XL (with tampered glass, because it was cheaper) because of the technically 18 possible HDD slots. It’s a great case, but still not really what I wanted. The cabling is a mess with the amount of drives, inserting new drive is a bit of a hassle and I want to be able to hot-swap drives, which is possible but I have to open the case every time.

FreeIPA Configuration and Client Installation | Fedora 36 (Part 2)

Sun, 22 May 2022 00:00:00 +0000

Part 1

Part 2

Alright then. Let’s continue with the setup of our FreeIPA client.

I won’t go through the OS installation, since it’s a simpler version of the server installation.

Client setup

One thing I want to mention before we start. After the OS installation, you get the “initial setup” of GNOME, where you get the option to log in with an enterprise user. First of all, it never worked for me, but I also prefer to have a local user. So I skipped that step and just created a normal account.

FreeIPA Server installation and Client configuration | Fedora 36 (Part 1)

Fri, 20 May 2022 00:00:00 +0000

Part 1

Part 2

Today I want to take a look at the FreeIPA Server, an integrated Identity and Authentication solution for Linux. Basically something similar to Windows Active Directory. I did try it out a few years ago and never touched it since. So, I want to try it out again, just to see what changed.

Using Linux at work (Update 2024-06-06)

Fri, 06 May 2022 00:00:00 +0000

Update (23.08.2022): Added ksnip, Ferdium, Signal, Linphone
Update (06.06.2024): New Laptop, Added NormCap

Hello there,

a few days ago I saw a Youtube video about business use cases for applications. The host of that video mentioned one thing that I found a bit strange. Something about Linux not being usable as a daily driver at work, because it lacks support for a lot of applications.

A customer tale and Sophos SG RED bridge to internal network

Fri, 29 Apr 2022 00:00:00 +0000

Hey there.

Today I want to tell you about a small issue a colleague of mine encountered with a customer. This is not a large business but the customer works as a contractor, for one of the largest companies in the automobile industry. And there are a lot of hoops you need to jump through, to be allowed to work for this company, which I will call “big company” from here on.

Huawei CloudEngine S5735 | Base configuration

Fri, 22 Apr 2022 00:00:00 +0000

Hi,

today I want to go through the configuration of a few Huawei switches. The “CloudEngine S5735”. I have never configured a Huawei switch before, so this will be completely new to me. We have 8 devices of the same model, which are planned for a customer in Germany with its HQ in China. The configuration will basically be the same for all the switches, with a few small differences.

Exchange | grant read-only access to shared Mailbox (Update)

Mon, 14 Mar 2022 00:00:00 +0000

(Update) Deletable Attachments

It seems like attachments are still deletable and I didn’t find a way to prevent this. Doesn’t seem to be possible. Well, it still works in case you want to prevent the user from removing emails.

Hey there,

A customer tale of a Network Project | Aruba 3810M / 2930F

Mon, 07 Mar 2022 00:00:00 +0000

Hello there.

Today I want to write about a project I had over the weekend (from Friday to Monday). This won’t have much if any, useful technical information. It will probably just be a short, badly written-story.

Over the last weekend, I was at a customer’s site to replace the entire network excluding the Router/Firewall. This customer is located about 230km / 140 miles from me, so they booked a hotel for me to stay in over the weekend.

Teams meeting delegation in combination with on-premise Exchange and Microsoft 365 | No Hybrid

Fri, 18 Feb 2022 00:00:00 +0000

Hey there. This should be a short one.

This one might be obvious, but it still took me a bit to figure out.

We have a customer who uses Microsoft 365 for the locally installed Office 365 and Teams. Every other feature is not used. This means there is no need for a hybrid setup in this constellation. Still, the customer (a law firm) needs the option to delegate Teams meetings, so that the assistant can create a meeting for the lawyers.

"Kiosk Mode" in Windows 10 / 11 with saved sessions

Mon, 14 Feb 2022 00:00:00 +0000

Hi there,

my colleagues started to deploy a new MSP application, mainly as a ticket system and for endpoint management. The configuration itself is mostly done, it just needs a bit of fine-tuning.

One of the things they wanted, was a big display where they can monitor all new tickets that come in. So basically a client that has the website open in full screen. The Kiosk Mode in Windows would be perfect for this, but it does not save the last session. So every time we reboot the PC, we have to get the MFA code to login into the website.

Windows 10 hostname change/joining domain error

Sat, 05 Feb 2022 00:00:00 +0000

Hey there.

Yesterday during a migration, I had an annoying error. The migration itself went quite smoothly. Now, I am calling it a migration, but the customer did not want to actually migrate the domain. He wanted to start cleanly. So we deployed a new domain controller, went through the initial configuration, created users, fileserver permissions, groups, setup the LDAP connections from several applications etc. No problems so far.

ArubaOS-CX configuration via Ansible

Sat, 15 Jan 2022 00:00:00 +0000

Hello there.

As far as I am aware, there has been support for ansible from the beginning in the ArubaOS-CX switches, but there are not many guides on this (except the official webpage of course). So, I want to learn and while doing that, create this guide.

Install docker and update docker containers using Ansible in CentOS 8 / Rocky Linux 8

Thu, 30 Dec 2021 00:00:00 +0000

Hi there.

Today I want to take a look, at how to update docker containers using ansible. This is a single home server setup, so no Kubernetes or other orchestration applications. Just simple docker. I have been managing my home servers with ansible for a while now. Nothing too extreme, but every change I make on a server, I try to do with ansible. This makes it easier to reinstall a server in case something goes wrong.

Configure OSPF between Sophos XG v18 and ArubaOS-CX

Sat, 18 Dec 2021 00:00:00 +0000

Take everything you read in this post with a grain of salt. My understanding concerning OSPF is very limited. So there could be some misinformation here.

I have been testing a few things in GNS3 over the weekend. One of which was OSPF between a Sophos XG and ArubaOS-CX. It didn’t really work for me at first and it took me a bit until I figured out, what the issue was.

KVM | Resize Virtual Machine using LVM

Sat, 11 Dec 2021 00:00:00 +0000

Hello there.

Today I want to take a look at how to resize a virtual machine that uses LVM for its vdisks. As I mentioned in a post before, I am using primarily LVM for VMs on my servers. This makes resizing the disks a bit more of a process though.

Aruba 2930F base, Device-Profile and VSF configuration

Fri, 03 Dec 2021 00:00:00 +0000

Hello there.

This is technically a continuation of the “Aruba 8360 Basic and VSX configuration” post, which is part of a larger project. But I will separate it since this is different hardware.

Most of this will be similar to the Aruba 3860 configuration. The main differences will be the VSF Stack configuration and device profiles. The latter is for the Aruba APs we will deploy at a later date. This allows us to automatically configure Aruba AP ports on the switch with predefined settings like VLANs for example.

Incremental Backups of KVM virtual machines on LVM with Borgbackup

Tue, 30 Nov 2021 00:00:00 +0000

Hello there.

I am currently running two home servers with KVM for the virtualization. Mentioned it a few times already. For the vdisks I am using LVM which should give me a tiny bit better performance since the VM does not have to go through an additional layer in form of the filesystem (in the case of qcow2). But the main reason is, that I like to work with LVM.

VLAN Interface creation in Linux using nmcli (script)

Sat, 20 Nov 2021 00:00:00 +0000

Hi there.

I switched from Windows 10 to Fedora Linux (Plasma 5) on my work laptop a couple of months ago and I am quite happy with it so far. There are a few annoying things, like detaching and reattaching the laptop to the docking station causes the external displays to sometimes stay turned off. This does not happen every time but often enough to get frustrating. The only solution I found was to restart the whole system. I don’t know if this is a hardware compatibility related issue or if it’s just the software. Another “problem” I have, is the fingerprint reader. It does not work. Not much to add to that. Other than that, there are a few hiccups here and there. The taskbar sometimes (very rarely) freezes up for 10-30sec for instance. Everything else is working though. So nothing major I would say. The Laptop is a Lenovo T470 by the way. Great system otherwise.

Aruba 8360 basic and VSX configuration (Part 2)

Wed, 17 Nov 2021 00:00:00 +0000

Part 1

Part 2

Hey there.

This is part 2 of my Aruba 8360 basic and VSX configuration.

In this part, I want to go through the VSX and LAG/LACP configuration. I said I would do the configuration on the physical device. This turned out to be a bit of a hassle since there are a few parts still missing. So here I will do everything in the simulation. The configuration steps are identical. The only difference is that the Software Version will say “virtual”.

Change Sophos XG Routing Priority/Precedence

Mon, 15 Nov 2021 00:00:00 +0000

Hi, a quick one today.

We have a customer with a Sophos XG 230, a lot of Site-2-Site VPNs and different Policy-based routes, mainly for the 3 different ISPs they have.

The default “route precedence” the Sophos XG uses is as follows.:

Veeam Agent for Linux FREE - Installation and configuration on Fedora 35

Sat, 13 Nov 2021 00:00:00 +0000

Hello there.

So Fedora 35 just came out and I want to install my favourite backup application on it. “Veeam Agent for Linux FREE”. We are using “Veeam Backup & Replication” to backup almost every customers server/client infrastructure. So when they released “Veeam Agent for Linux” a few years ago I had to try it out. And it’s absolutely amazing (The Windows Version is also great, by the way). The only annoyance is, that it tends to break with a lot of new kernel releases.

Wireshark remote capture Sophos SG traffic over SSH (Linux)

Tue, 09 Nov 2021 00:00:00 +0000

Hi there.

there are a few options to track traffic in Sophos, but none are as in-depth as tcpdump (as far as I am aware at least). The problem here is, that it is not as intuitive to capture the packages, copy the pcap file locally on your PC, and then open it with Wireshark.

Simple Wake on Lan Script

Fri, 05 Nov 2021 00:00:00 +0000

A short one today.

In my last post, I mentioned my “home server”. That thing actually does not run 24/7, even though it’s a “server” (electricity is quite expensive here). There is no point in it running when I am not home and/or it only idles. But I also don’t want to walk up to it to power on the server, every time I want to access something. So I created a very simple script to boot it via WoL, which runs automatically on Mondays and Fridays around 18:00 / 6 pm, primarily for the backup jobs.

Installing required modules for Supermicro AOC SAS2LP-MV8 (Marvell 88SE9485) in CentOS 8/Rocky Linux 8 (Update)

Mon, 01 Nov 2021 00:00:00 +0000

This took me a while to figure out… So I have a “home server”. It is basically a lot of old hardware thrown together with a bunch of hard disks, running CentOS 7 with KVM for the virtualization. A few months ago I decided to upgrade to CentOS 8 (then again to Rocky Linux 8), which almost went smoothly.

Aruba 8360 basic and VSX configuration (Part 1)

Thu, 28 Oct 2021 00:00:00 +0000

Part 1

Part 2

Hello there.

Today I want to go through the basic configuration of an Aruba 8360-32Y4C. Such a beautiful device. Look at it…

[corefortress_slider id=“1”]

Aruba 8360-32Y4C. It has 32x 1GbE/10GbE/25GbE ports. 4 of those are with MACsec. On top of that, it comes with 4x 40GbE/100GbE ports. Up to 2,4TBit/s bidirectional switching and 1,145 Mpps for forwarding packages. Don’t know how true that is.

Run GNS3 VM on KVM | Fedora Linux (Part 2)

Wed, 27 Oct 2021 00:00:00 +0000

Part 1

Part 2

Installation and configuration of GNS3 GUI

Hello there. This is part 2 of my (so far) two-part guide on how to install and configure GNS3 on Linux KVM. If you missed part 1, click here or the button on the top of the page.

How to get the backup file from a non booting/dead Sophos SG

Tue, 26 Oct 2021 00:00:00 +0000

Hey there. This will be a shorter one.

A few weeks ago, I had a weird issue with a customer, where two Sophos SG 135 in an active / passive cluster died at the same time. They started to “only” drop a few packages at first, but slowly declined into dropping everything. Shutting the active device down, actually killed it completely. Could not start it after that at all.

Terms & conditions

Tue, 26 Oct 2021 00:00:00 +0000

Run GNS3 VM on KVM | Fedora Linux (Part 1)

Mon, 25 Oct 2021 00:00:00 +0000

Part 1

Part 2

So… I have been using GNS3, to run my Network Simulations for a while now. Mainly to try out and learn new things, but also to test new configurations for customers, before implementing them. I also like it as a teaching tool for the new trainees.

Powershell connect to O365/M365 on Fedora Linux (Update)

Sat, 23 Oct 2021 00:00:00 +0000

(Update) Small update to this post. I changed the recommendation to the “alternative way”. I think it works much better, since the release of V3.

The first real post will be a short one.

Last week there was an issue on a customers M365 tenant, which required a powershell connection to fix it. So fired up powershell on linux and tried to connect. which threw out an error that “WSMan” was missing. I had this issue once before and forgot how to fix it.

About Me

Fri, 22 Oct 2021 00:00:00 +0000

Hey there. My Name is Gökhan. I am an IT Administrator / IT service provider currently working for an midsized company in germany.

To give you a bit of a background on me. I have now 10 years of IT experience, doing midsized deployments of networks and server/storage infrastructure, Virtualization with VMWare vSphere / Hyper-V, deploying and migrating Microsoft / Linux applications and a little bit of Cloud. But in the past 3 or so years, my main focus was networks. Meaning switches, routers, firewalls, APs and all the other good stuff that comes with it.

My first Post.

Fri, 22 Oct 2021 00:00:00 +0000

Hey there. My Name is Gökhan. I am an IT Administrator / IT Service Provider currently working for a mid-sized company in Germany.

As you might have guessed already (considering the Name), this will be just another IT Blog on the vast plains of the internet.

Datenschutzerklärung

Mon, 01 Jan 0001 00:00:00 +0000

1. Datenschutz auf einen Blick

Allgemeine Hinweise

Die folgenden Hinweise geben einen einfachen Überblick darüber, was mit Ihren personenbezogenen Daten passiert, wenn Sie diese Website besuchen. Personenbezogene Daten sind alle Daten, mit denen Sie persönlich identifiziert werden können.

Datenerfassung auf dieser Website

Die Datenverarbeitung auf dieser Website erfolgt durch den Websitebetreiber. Dessen Kontaktdaten können Sie dem Abschnitt „Verantwortliche Stelle" in dieser Datenschutzerklärung entnehmen.

Impressum

Mon, 01 Jan 0001 00:00:00 +0000

Angaben gemäß § 5 TMG

Gökhan Tüzenli
IT-Dienstleister
[STRASSE UND HAUSNUMMER]
[PLZ] Stuttgart
Deutschland

Kontakt

Telefon: [+49 (0)XXX XXXXXXX]
E-Mail: info@tuezenli.de

Steuerliche Angaben

Steuernummer: [XX/XXX/XXXXX] (Finanzamt [Stuttgart-Mitte])
USt-IdNr.: [DE XXXXXXXXX] – falls nicht vorhanden, diese Zeile streichen.

Berufsbezeichnung

IT-Dienstleister (selbstständig tätig in Deutschland)

Impressum

Mon, 01 Jan 0001 00:00:00 +0000

Angaben gemäß § 5 TMG

Gökhan Tüzenli
[STRASSE UND HAUSNUMMER]
[PLZ] Stuttgart
Deutschland

Kontakt

E-Mail: info@tuezenli.de

Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV

Gökhan Tüzenli
[STRASSE UND HAUSNUMMER]
[PLZ] Stuttgart

Haftung für Inhalte

Als Betreiber dieser Website bin ich gemäß § 7 Abs. 1 TMG für eigene Inhalte nach den allgemeinen Gesetzen verantwortlich. Nach §§ 8 bis 10 TMG bin ich als Diensteanbieter jedoch nicht verpflichtet, übermittelte oder gespeicherte fremde Informationen zu überwachen oder nach Umständen zu forschen, die auf eine rechtswidrige Tätigkeit hinweisen.