LTS - Systems and Networking Engineering

Here's some general info about the LTS Systems Engineering Team at Lehigh. Systems Engineering plans, implements and maintains computers, Operating Systems and application software for the campus both for academic and non-academic areas. This includes servers in multiple data centers on and off campus, and support of cloud services. We maintain core services that include directory integration with LDAP, Active Directory, SAML2 SSO, and CAS SSO. We provide the highly available infrastructure configuration that enables redundancy of services between servers in multiple data centers. Some useful information can be found in the LTS Knowledgebase. Below is a list of some links that may be handy.

System Administrator Appreciation Day is the last Friday in July.

Some local tool links

Lehigh Networks

Lantronix sells a small device which will connect a serial port to the network. These setup directions should be followed when connecting such a device to the network. Lantronix UDS Setup Instructions

Guest Wireless FAQ

Microsoft

How To configure KMS Activation without Active Directory (Windows7 Enterprise)

(If your computer is in the AD, it will automatically find the kms server and activate otherwise follow these instructions -)

  1. start a "cmd" window as administrator
  2. cd c:\windows\system32
  3. slmgr.vbs /skms kms.cc.lehigh.edu (point vista to correct kms server)
  4. slmgr.vbs /ato (activate license)
  5. slmgr.vbs /dlv (display license info to verify)

Licenses are valid for 180 after last contact with the license server (ie. if it's on a laptop you'll need to bring it to campus at once every 180 days, and plug it into the network to renew the license).

Office KMS Activation without Active Directory

Manually activate Office on a non-domain computer:

  1. start a "cmd" window as administrator
  2. cd to: (32-bit Office 2016:) c:\program files (x86)\microsoft office\office16\ or (for 64-bit Office 2016:) c:\program files\microsoft office\office16\
  3. cscript ospp.vbs /sethst:kms.cc.lehigh.edu
  4. cscript ospp.vbs /act

Debugging notes

Printers

We have a campus wide naming convention for all printers. It is "building-rmxxx-printertype", for example the printer in the SET office is Mart8b-Rm183-Hp553. In some cases we abbreviate the building name, so look for an existing printer name if you are adding one to a building with a long name. If the building is unnamed or confusing we sometimes use a number, such as 428broadhead which refers to the street address of that building. Some printers have multiple names because a system that they are connecting with doesn't support long names. Try and always install the longname as the DNS name first, and then the short name as an alias.

Mini-Hubs and Switches

Gigabit Mini switches (March 2005)

Here's a link to CDWG's customized Lehigh page - http://www.cdwg.com/lehigh Federal Tax ID Number: #36-4230110

Mail Server

Click the link above for general info.. Mail generated by systems on campus may use our mail hub at: mail.lehigh.edu. Personal mail using lehigh gmail doesn't actually exist on campus but remains in the internet cloud. Google has Limits on outgoing mail which are documented are here - gmail sending limits. Mail storage quotas for Lehigh gmail are "unlimited storage".

How to configure Sendmail on your linux workstation to forward mail through mail.lehigh.edu. You can change the sendmail.cf file in /etc/mail/sendmail.cf or /etc/sendmail.cf such that the line that starts with DS becomes DSmail.lehigh.edu.

You can also accomplish this by adding the following line to your sendmail.mc file, and running it through M4 to generate a new sendmail.cf file.
define(`SMART_HOST',`mail.lehigh.edu')dnl

After making these changes, you'll need to restart sendmail's daemon process.

Reload files

https://www.lehigh.edu/reload/ - Tape reloads. (Windows, HPC, VM's ) LTS CC Staff only.

Hard disk recovery companies

Calendars

Portal

Other servers

Accounts

Antivirus/Malware Software

SSH

How to setup OpenSSH with host based authentication

Dates

To convert from windows date format (NT) to Unix date format you need to know - 

Both epochs are Gregorian. 1970 - 1601 = 369. Assuming a leap
year every four years, 369 / 4 = 92. However, 1700, 1800, and 1900
were NOT leap years, so 89 leap years, 280 non-leap years.
89 * 366 + 280 * 365 = 134744 days between epochs. Of course
60 * 60 * 24 = 86400 seconds per day, so 134744 * 86400 =
11644473600 = SECS_BETWEEN_EPOCHS.

This result is also confirmed in the MSDN documentation on how
to convert a time_t value to a win32 FILETIME.

#  This function will convert a windows time stamp into unix time so perl can print it.
#
#  Windows stores time in 100 nanosecond increments since 1 January 1601.
#  Perl and unix use time in second increments since 1 January 1970.
#  100 nanoseconds is 10**-7.   11644473600 is the number of seconds between the "epochs".
#
sub NTtime {
    $nt = shift;
    $t = ($nt / 10**7) - 11644473600;
#    print "Time is localtime $t\n";
    return $t;
}

Public keys and e-mail encryption

There are at least two popular methods of encryption with mail. One is using PKI (S/MIME) and the other PGP/GPG based keys. S/MIME

The PGP method requires an extension to be added to thunderbird called enigmail, and a copy of gpg locally installed. You'll then need to create a private key and register it with a keyserver. This method is older and more compatible with disparate systems.
Mailvelope is a chrome extension that uses gpg to do message encryption and decryption.
c:\gnupg\gpg --send-keys --keyserver pgp.lehigh.edu

Info about creating websites with the official Lehigh structure

Communications and Public Affairs

SSL certificates and ciphers

Lehigh has purchased wildcard ssl certificates for:

Nagios (or Icinga) has a FEM page which will have a list of machines which have firewall holes opened for them and the daily test results of a SSL scan of each machine along with a "badness" number counting the number of reported problems with the configuration.

Some websites that are handy for configuration and testing SSL ciphers:

InCommon Federation info

The InCommon federation serves the U.S. education and research communities, supporting a common framework for trustworthy shared management of access to on-line resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.

Here are some Lehigh Cloud Services that use InCommon SAML2 login



Benchmarks and Security related websites

Virtual Machines and related stuff

Many of the servers are now hosted on VMWare hosts and clusters. These all have many advantages such as snapshot capability, and high availablity (in some cases), and lower overall costs.

Annual Fee for Virtual Machines:
SmallMedium Large X-Large
100GB Storage 100GB Storage 100GB Storage 100GB Storage
4GB Memory 8GB Memory 16GB Memory 32GB Memory
2 CPU4 CPU8 CPU12 CPU
$700 $1100$1800 $2900
* Add $100/year for each 50GB of expanded storage