- Personal website of Tess Sluijter

Unimportant background
  RSS feed

About me

Blog archives























> Weblog

> Sysadmin articles

> Maths teaching

<< 2 / 2019 4 / 2019 >>

Solved: Citrix Receiver - Cannot create connection file CitrixID

2019-03-24 14:12:00

Error message and creation

Earlier this week I had a need to use Citrix Receiver on MacOS, to connect to a remote desktop environment. That's a pretty normal use-case :) Unfortunately it kept throwing me an error: "Cannot create connection file CitrixID". 

Looking around the web it seems that plenty of people run into this issue, with plenty of hokey "fixes" going around. None of them got to the root of the issue. But here you are: the root cause!

When installing Citrix Receiver, the installation script uses your admin-rights to run a few commands using the actual root-account. Kind of yucky, but not very abnormal. The problem is that the scripts also creates configuration directories in your personal homedirectory. For example in "/Users/tess/Library/Application Support/Citrix Receiver". As you can see from the screenshot above, these directories and files are assigned root ownership, meaning that your normal user account cannot access or overwrite these files. 

The solution consists of either A) changing the ownership to your account and group, or B) just hard-removing these directories and re-creating them. Option A is neater and either requires use of the Terminal (sudo chown -R tess:tess "/Users/tess/Library/Application Support/Citrix Receiver"), or you can try with with the Info-view of the directory and changing the permissions from there. tags: ,

View or add comments (curr. 0)

Adding your own, trusted CA certificates in RedHat and Debian derivatives

2019-03-12 20:02:00

The past week I've gotten my start in an Ansible course and a book, starting my work towards RedHat's EX407 Ansible exam. I've been wanting to get a start in Ansible, after learning a lot about Puppet a few years back. And if I manage to pass EX407 it'll renew my previous RedHat certs, which is great. 

Anywho! The online course has its own lab environment, but I'm also applying all that I learn to my homelab. So far Ansible managed the NTP settings, local breakglass accounts and some systems hardening. Next stop was to ensure that my internal PKI's certificates get added to the trust stores of my Linux hosts. I've done this before on RedHat derivatives (CentOS, Fedora, etc), but hadn't done the trick on Debian-alikes (Ubuntu, Kali, etc) yet. 

First stop, this great blog post by Confirm IT Solutions. They've provided an example Ansible playbook for doing exactly what I want to do. :) I've taken their example and I'm now refactoring it into an Ansible role, which will also work for Kali (which unfortunately has unwieldy ansible_os_family and ansible_distribution values).

To summarize the differences between the two distributions:

RedHat expects:

Debian expects: tags: , ,

View or add comments (curr. 2)

IT testlabs (homelabs) for everyone

2019-03-02 07:29:00

This article was posted to my LinkedIn, here.

Not too long ago I was in a SANS course, about the Critical Security Controls. More than once our teacher Russell nudged us, suggesting that "you could be applying these to your home network as well!" which brought us to the subject of testlabs. "What would make a good testlab for us?" was something asked along the way.

To sum things up: it really doesn't have to be glamorous! As long as your lab helps you experiment and learn, it's a good lab for your! So here's a few quick reminders for IT folks who would like to get their feet wet in setting up their own labs. 

Many homelabs have humble beginnings: if you have some spare room on your PC or laptop, you're good to go! If you throw the free and open source VirtualBox software on there, you can get started running a small number of VMs right away. Want something more polished? Take a look at VMWare's or Parallel's offerings! Both offer prosumer solutions for the private environment, that allow you to run a few VMs without incurring too much costs. And if you're already running Linux, there's always the fan-favorites KVM and Qemu.

So what do you put into that shiny, new lab of yours? Well, whatever you like of course! 

If there's a course or exam you're studying for, run the relevant software in your lab. Tinker with it. Mess with it. Break it and fix it. Then do some unexpected funny business with it. Enjoy yourself! 

Need to learn new software for work? Want to try a new programming language? Feeling nostalgic and want to run those old games from yesteryear? Throw it into your lab!

Then after a few years, you may start feeling cramped. There's only so many VMs you can run in the spare space of your day-to-day computer. What to do? What to do?! You can't exactly go out and buy some expensive, enterprise-grade hardware, can you? ... Or, could you? ;)

This is when you turn to resources like OpenHomeLab and /r/homelab. There are many ways of getting performant virtualization platforms for relatively little money. For example, if you feel spendy you could put together your own server hardware from a source like SuperMicro, or buy a new Intel NUC. The latter are tiny powerhouses that can be easily tucked away and which don't make a lot of noise (spouse-friendly!). 

Want to be more frugal? Turn to one of the many hardware refurbishing companies in your area. Their whole purpose is to buy older enterprise equipment, clean it up and resell it to second-hand buyers. Do your research and you'll find some really great stuff out there.

With your newfound enterprise hardware it's also time to move to enterprise-level virtualization! Huzzah! New things to learn! And there are so many great choices! Windows Server comes with Hyper-V. Linux comes with KVM and Qemu. And there's always the tried-and-true (and FREE!) VMWare ESXi. Or if you're feeling daring, take a look at the awesome ProxMox

To illustrate the aforementioned, here's my own story:

To sum things up: just get stuck in! Start small and keep learning! tags: ,

View or add comments (curr. 0)

Network segmentation in the homelab

2019-03-01 22:36:00

My network layout

Continuing where I left off a few weeks ago, I've redone the network design for my homelab. When we last looked at the network, it was all flat with all VMs tucked in a single subnet behind a pfSense router. Because I want to work towards implementing the CSC in my lab, I've moved everything about quite a lot. tags: , ,

View or add comments (curr. 0)

<< 2 / 2019 4 / 2019 >>