Tuesday, September 11, 2018

Pulling your hair out trying to fix your Mikrotik? Maybe your version of Netinstall is broken.

I spent an afternoon tearing my hair out. First, I managed to kinda-brick my Mikrotik during a firmware upgrade; the OS appeared to boot, but none of the network interfaces were visible, and it was generally disfunctional.

Reading up on the recovery process, I downloaded and installed the latest version of Netinstall, per the Mikrotik wiki. I spent the next four hours hating life, cursing technology, until I figured out the problem...the current version of Netinstall is broken!

If your copy of Netinstall just sits there, and your device never appears in the list, try this.

  1. Download and extract Netinstall version 6.38.7 (I was running 6.43).
  2. If you're using Windows 10 64-bit like me, open the properties for the executable. Change compatibility mode to Windows XP SP3, and run as Administrator (I'm not positive that either of these are required, but it's what I used).
  3. Run Netinstall.
  4. Device promptly appears.

Grrr.


Wednesday, August 22, 2018

sudo: ldap_start_tls_s(): Connect error

A quick hint for FreeBSD users of sudo that authorize via LDAP. If you're getting the following message when running sudo:

sudo: ldap_start_tls_s(): Connect error

associated with this error message in the logs:

sudo: in openpam_check_error_code(): pam_sm_authenticate(): unexpected return value 27

Check that your ldap.conf TLS parameters are correct! In my case, Ansible pushed a bunch of pending config changes (and an OS update) to a neglected host, one of which included moving the CA certificate file, but failed to update the ldap.conf file. I chased my tail for a bit, thinking the issue was with nslcd.conf.

You may also notice a corresponding error in the log of the LDAP server. In the case of slapd:

slapd[40731]: conn=4892528 fd=219 closed (TLS negotiation failure)