Category: Tools

Kerberos tickets on Mac OS

I’m using Mac at work and I found out that Kerberos needs sometimes a “kick” for the SSO to work properly. Sometimes after being offline the renewal of Kerberos ticket fails (especially when remote and connected via ZTA or VPN), even though everything looks alright in the “Ticket Viewer” app.

Here is we where the CLI came in handy, so I said to document the few steps here maybe somebody else needs them. Terminal app is your friend to go for the next lines.

To view the current Kerberos tickets:

klist -v

If there are no tickets, which I expect when I have a problem, there is an empty return

To request a ticket:

kinit -V -p [email protected]

The return will request you to enter your password and announce that your ticket request is placed:

[email protected]'s password:
Placing tickets for '[email protected]' in cache 'API:AAAAAAAA-BBBB-CCCC-DDDD-CCCCCCCCCCCC'

Sometimes you may need to use a specific AD Domain Controller server and while the output is the same like above, the command line needs to change (below I use the FQDN, but IP will work as well):

kinit --kdc-hostname=AD-DC-SERVER.EXAMPLE.COM -V -p [email protected]

Now you should see a ticket issued:

klist -v
Credentials cache: API:AAAAAAAA-BBBB-CCCC-DDDD-CCCCCCCCCCCC
        Principal: [email protected]
    Cache version: 0

Server: krbtgt/[email protected]
Client: [email protected]
Ticket etype: aes256-cts-hmac-sha1-96, kvno 15
Ticket length: 4992
Auth time:  Jan 14 06:42:56 2025
End time:   Jan 14 16:42:50 2025
Ticket flags: enc-pa-rep, pre-authent, initial, proxiable, forwardable
Addresses: addressless

I hope you’ll find this useful if in need.

Ubuntu 20.04 image for EVE-NG – Python for Network Engineers

This is an identical copy of my Ubuntu 20.04 PFNE Docker image, developed to be imported and used on EVE-NG (works also on the Community edition because it doesn’t need Docker support).

It contains all necessary tools for network engineers to test automation and learn Python. If you think a tool would be suitable to be added to this edition, please let me know in Comments below:

Openssl
Net-tools
IPutils
IProute
IPerf
TCPDump
NMAP
Python 2
Python 3
Paramiko
Netmiko
Ansible
Pyntc
NAPALM
Netcat
Socat

If you know how to install and use the image, please use the direct download link: Ubuntu 20.04 PFNE for EVE-NG.

For beginners of EVE-NG, here are all the steps to get you going:

  • Download the image
  • Using favorite SFTP Client (WinSCP, FileZilla for example) connect to your EVE-NG instance and upload the image to the following location:
    /opt/unetlab/addons/qemu/
  • Connect via SSH to your EVE-NG instance and go to location:
cd /opt/unetlab/addons/qemu/
  • Unzip the image file.
tar xzvf linux-ubuntu-server-20.04-pfne.tar.gz
  • Remove the archived image file (be sure to have a copy somewhere to avoid the need to download again):
rm -f linux-ubuntu-server-20.04-pfne.tar.gz
  • Fix permissions:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

The image comes with the following predefined username and password:

User: root
Password: root

User: pfne
Password: pfne

Add it to your topology in EVE-NG and let me know how it works.

Ubuntu 20.04 Docker image – Python For Network Engineers

This is an updated Docker image of Python For Network Engineers (PFNE) based on Ubuntu 20.04 (minimal server distro).

It contains all necessary tools for network / devops engineers to test automation and learn Python:

Openssl
Net-tools
IPutils
IProute
IPerf
TCPDump
NMAP
Python 2
Python 3
Paramiko
Netmiko
Ansible
Pyntc
NAPALM
Netcat
Socat

If you notice a missing package which could be a value added for the scope of the Ubuntu PFNE image, please let me know in comments below.

Before testing the new Ubuntu 20.04 PFNE Docker image, please pull it from Docker Hub:

docker pull yotis/ubuntu2004-pfne

To start using it:

docker run -i -t yotis/ubuntu2004-pfne /bin/bash

For more details about how to install, operate and create your own Docker images, please check my older article on How to create your own Docker image.

Ubuntu image for EVE-NG – Python for network engineers

Lately I’ve started working more and more with EVE-NG to test various network scenarios, automation and in general to try and learn something everyday.

If you’re familiar with EVE-NG, you know where to find various Linux images which you can download and install . Very helpful indeed, however all of them are coming without any pre-installed tools which I need for network oriented tests. I need Python, IPerf, Ansible, various Python libraries for network automation, etc.
Basically every time when I setup a new lab in EVE-NG, I need to make sure that the Linux image has a connection to Internet to download all these tools. Doable, but too much time consuming.

Lately EVE-NG has the Pro version, where you have Docker images which support some of the tools for a network engineer needs to test automation. If you already have EVE-NG Pro, then maybe this is a bit redundant. However if you’re still using the Community version, it may sounds interesting.

I’ve developed the Ubuntu (18.04) image using the same tools that you can find in my Docker image (Ubuntu 16:04 Pfne):
* If you’re not sure what I’m talking about, please read my previous post.

  • Openssl
  • Net-tools (ifconfig..)
  • IPutils (ping, arping, traceroute…)
  • IProute
  • IPerf
  • TCPDump
  • NMAP
  • Python 2
  • Python 3
  • Paramiko (python ssh support)
  • Netmiko (python ssh support)
  • Ansible (automation)
  • Pyntc
  • NAPALM

The image is hosted on my Firstdigest Project at Sourceforge.
If you are in a hurry, download directly using this link: Ubuntu 18.04 Pfne for EVE-NG.

For convenience here are the steps, but if you run into trouble be sure to check the EVE-NG Documentation.

  • Download the image
  • Using favorite SFTP Client (WinSCP, FileZilla) connect to your EVE-NG and upload the image to the location: /opt/unetlab/addons/qemu/
  • Connect via SSH to your EVE-NG machine and go to location:
cd /opt/unetlab/addons/qemu/
  • Unzip your uploaded image file.
tar xzvf linux-ubuntu-server-18.04-pfne.tar.gz
  • Remove the archived image file (be sure to have a copy somewhere to avoid you have to download it again)
rm -f linux-ubuntu-server-18.04-pfne.tar.gz
  • Fix permissions
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

The image comes with the following predefined username and password (security was not the point here):

User: root
Password: root
User: pfne
Password: pfne

With this image you have everything ready for your tests. You want to test QoS? Just design a network and two (client / server pair) machine using this image and push some packets with IPerf. Or maybe you want to test some automation. Here you have it, just start playing with.

Btw, I assume you have the EVE-NG installed. If not and you’re into learning topics, I’ll advise you to install this great application. You can start with Community version which is free (and honestly has enough features for most of the self-teaching engineers out there) and if you feel like go with the Pro version.

Let me know if you find it useful. In case of problems, please comment and I’ll try to help in my spare time.

Draw network diagrams online [2016 Edition]

In this post from 2011 I was explaining that my preferred online tool to draw network diagrams is LucidChart.com. Since then LucidChart.com developed really good and added constantly new features. Unfortunately with the new great additions some not so nice restrictions appeared for the free account.
Those restrictions (like 5 active documents) really make it difficult for me to work with this tool as I got used to a different style.

I’m not a cheap guy! If I would use this tool professionally there would be no problem to buy a subscription package, but at work Visio is saint (unfortunately) and the rest of the time, especially when I’m on my Mac, I just need a fast tool to draw brief network diagrams like for my blog or fast explanation to somebody online.

LucidChart.com is my recommendation if you rely on online tool to work with Visio documents. Last time when I checked their Visio import tool was doing a great job.

Back to this story, I was looking online for another tool when I came across Draw.io.

Draw.io doesn’t need an account creation, rather it just give you direct access to the tool.
Since you don’t have an account you cannot save your work on the application, but it does offer you the option to save on Dropbox, Google Drive or OneDrive online or directly on your machine.
Later you can open your document from any of these locations.

In terms of shape the tool is pretty generous and the Cisco ones, really important for me, are there:

draw.io

The tool is very easy to use, it gives you a Visio feeling (if you’re used with this Microsoft software) and works pretty fast for me.

I tried to open a Visio document from my machine…did not work that well:

draw.io-visio-open

Importing the same document did not work better:

draw.io-import-visio

It seems that in both cases the Riverbed Steelhead shapes loaded fine, but not the Cisco ones.

Well, I would like to see this working, but in the end nothing to complain. I explained already that I don’t need the online tool to work with Visio. It’s nice if it can, but not mandatory for me. I’ll try some more tests with different Visio files, who knows maybe it’s something wrong with my test file.

One feature which I would like to see is the ability to add your own shapes. Who knows maybe in the future.

If you know a better alternative to LucidChart.com that has a free option and you consider it better than Draw.io please let me know.