Installing pfSense on a Compact Flash card

I purchased a Netgate ALIX.2d3 to use for a pfSense Firewall.  It runs pfSense off of a Compact Flash (CF) card.  The trick is getting pfSense installed onto the CF card.  Once I got the process figured out, it was really quite simple.  I used a Windows 7 computer to accomplish this.

To Load it up…

1. Download pfSense from one of the mirrors here. You’ll need the nanobsd version (depending upon the size of your CF card, you can choose to download the most appropriate nanobsd img.gz file.  Store it in an folder easily accessed from a command line like c:\pfsense.  I also renamed my download to something simple like pfsense-2.0.img.gz.
2. Download physdiskwrite, unzip it, and place the physdiskwrite.exe in your c:\pfsense directory.
3. Gather a CF card reader and plug it into your computer.
4. Format your CF card.  This is necessary for physdiskwrite.exe to work correctly.
   • Open up a command prompt as Administrator and type “diskpart”, then hit “Enter”
   • Type “list disk” and hit enter
   • Type “select disk x” (where x = the disk number of your CF card from the last step)
   • Type “clean” and hit enter
   • Type “exit” when diskpart has finished cleaning the disk. Type “exit” to quit diskpart.
5. In your command prompt navigate to your c:\pfsense directory and type “physdiskwrite -u pfsense-2.0.img.gz” and hit enter (be sure to use the name of your pfSense image at the end of that statement).
6. You’ll see a listing of drives.  Make note of which drive number is you CF card and then enter that number after the question “Which disk do you want to write?” and hit enter.  (For example: PhysicalDrive1 = disk 1 so enter 1 and hit enter)
7. If your CF card is larger than 2 GB you will be prompted with a “Proceed?” question.  Type “y” and hit enter.  (By the way the “-u” switch in the command line in step 4 allows you to write to a CF card larger than 2 GB.)
8. You will now see the bytes begin to copy over to the CF card.  Once completed, eject the card from the reader and plug it into your Alix board.  Connect a null serial cable to the board.  Plug in the power.  Pull up a Serial Client like Hyperterminal or Putty and connect to the  Alix.  You may proceed from there to configure pfSense as your firewall.

By no means am I an expert at this.  It’s my first attempt!  Please feel free to share any pointers you may have come across if you have done or are doing something similar!

Migrating Calendars and Contacts between Google Apps Instances

I’m in the middle of a Google Apps migration project, moving users from one instance of Google Apps to a completely different instance of Google Apps.  I haven’t found a great free method to migrate Calendars and Contacts so I documented the process to move them manually.  Here you go…

Migrating Calendars

Since there isn’t a tool to migrate calendars from one Google Apps instance to another, this is a manual process done user by user.  The good thing is that it’s pretty straight forward and your users should be able to do this themselves.  Here we go:

1. View your Calendars within the OLD instance of Google Apps.
2. Click on Settings in the upper right corner of your screen and select Calendar Settings.
3. Click on Calendars and then click on Export Calendars. This will download a .zip file to your  computer.  (Pay attention to the location that this file downloads to.  Mine downloaded to my “Downloads” folder.  Yours MAY download to a different location.
4. Find the file you just downloaded and open it.  This will reveal your exported calendars.  Pay attention to the loaction of these files.
5. Open your Calendars in the NEW instance of Google Apps.
6. Repeat step 2 to open your Calendar Settings.
7. You will now need to re-create your calendars so that you can import to them.  Click on Create New Calendar. Repeat for each calendar that you exported.
8. After creating your new calendars, it’s time to import the old calendars to the new ones.  Click on Import Calendars.  Click on Browse.  Navigate to the calendar files from Step 4 above.  Select one.  Select the Calendar you would like to import to. Click Enter.
9. Repeat this process for each calendar you would like to import.
10. Done!

Migrating Contacts

1. The user should login to their OLD Google Apps Email and click on contacts in the left-hand column. 
2. Click Export in the upper right corner of the Contacts screen.
3. Compare your settings to the following Screen Shot.  I recommend only Exporting “My Contacts”.  Also be sure to select Google CSV format.  Click Export.  (“All Contacts” is EVERYONE you have ever emailed, whether you have entered them into your contacts or not.  The email addresses imported on this setting may not have a name associated with it.)
4. Clicking Export will download a file to your computer called google.csv.  Make note of its location.
5. Open the email of the NEW Google Apps instance and click Contacts as you did in step 1 above.
6. Click on Import in the upper right corner of your screen (same area as Export from Step 2).
7. Navigate to and select your google.csv file that you exported in Step 4.  After selecting the file, click Import.
8. Done!

Google Apps Directory Sync and AD Passwords

I’ve been working on our Google Apps deployment today and thought I’d share some of what I’ve learned along the way.

Google Apps Directory Sync

The Google Apps Directory Sync tool allows you to sync all of your Users, Groups, Profiles, and Contacts in your LDAP with Google Apps.  The latest revision of this tool also says it will do sync passwords from Microsoft Active Directory.  That’s true  – kinda.  Stay tuned for that…

The Google Apps Directory Sync tool is pretty self explanatory in it’s setup.  It is helpful to know a little bit about LDAP and Active Directory but with a little sleuthing, I was able to figure everything out.  Following are 10 screenshots of my setup in the tool.  The Yellow Highlighted text at the left of each screen shot shows where I am in the configuration and if a screen is skipped, the fields there have been left blank.

Password Sync

Active Directory doesn’t actually keep the user passwords in the LDAP, therefore when trying to sync the passwords – they don’t sync.  You have to get the passwords into an attribute field within Active Directory for this to work.  I found this link that helped explain why the passwords would not sync.  Near the end of the thread, you’ll see a tool referenced.  The tool can be found here.

This tool is basically a dll file that catches the password before it is hidden away, puts it in SHA1 hash format, and then inserts it into the “division” attribute field in Active Directory.  After following the installation directions and then changing my password, I saw the SHA1 hash of my password populate into the “division” LDAP attribute field.  In order to get this field to populate, YOU MUST initiate a password change for the user.  I plan on doing that as I migrate my users over the next few weeks.

Updates

So now, how does Google Apps stay synchronized with Active Directory?  Setup a Scheduled Task on your server to launch at whatever frequency you feel is necessary.  If you need to update in a more timely manor, just manually launch that scheduled task. On the Run line in the Scheduled Task I have the following:

“c:\Program Files\Google Apps Directory Sync\sync-cmd.exe -a -c c:\Documents and Settings\Administrator\My Documents\GAppsDirSync.xml”

I created an old fashioned MS-DOS batch file to launch the Google Apps Directory Sync from the command line.  This batch file is then attached to a Scheduled Task.  In the Batch file my commands are as follows:

cd “c:\Program Files\Google Apps Directory Sync”

Start sync-cmd.exe -a -c c:\GAppsDirSync.xml

Hopefully this helps you get started on syncing your Microsoft Active Directory with Google Apps.  If you see items that need to be clarified, please let me know so that I can make this easier for everyone!

Sophos Anti-Virus and Windows 7

I’ve just begun testing Windows 7 on a few of our computers at Grace Family Church and as a part of the configuration process I install our anti-virus software, Sophos.  The Sophos client can be pushed to the machine from the Sophos Enterprise Console on our central anti-virus server.  The issue I have ran into is that the client would not install; it kept failing.

Sophos support was very helpful in referring me to KB29287 on their support site.

In a nutshell, on each Windows 7 client, you need to make sure that the following services are running in order for the remote install process to work:

1. Computer Browser
2. Remote Registry
3. Server
4. Task Scheduler
5. Workstation
6. Windows Installer

I hope that this saves you some time in the future when installing Sophos on a Windows 7 client.

Apple Home Folder Permissions

Today, I had the pleasure of migrating a user from a MacBook to a MacBookPro.  Apple includes this cool tool call  the “Migration Utility” which allows you to link the old and new computer together either by firewire or ethernet and then transfer all Applications, Documents, Settings, etc. from the old to the new.

After completing the transfer process, I was having issues updating a few applications and accessing files in the user’s Home Folder on the new computer.  After some research, I discovered that these issues are usually caused by permission issues.  I opened Disk Utility to Verify and Repair Permissions on the disk but to no avail. I was still having issues.

Then, I stumbled across this a post that suggested  removing the ACL’s (Access Control Lists) and restoring them.  Here is how I did that:

1. Login as the user having issues and open the Terminal.app in the Utilities folder
2. Type the following command and hit enter:    sudo chmod -RN ~
3. You will be prompted for a password, enter it and hit enter
4. Type the following command (pay attention to the correct symbols) and hit enter:   sudo chown -R `id -un`
5. Reboot your computer from your Install disk (Leopard or Snow Leopard dvd) by making sure the dvd is in the drive and holding “C” down while booting the computer.
6. Select your language and continue
7. At the top of the screen, select “Utilities” and then “Reset Password”
8. Select the username that you want to reset the ACL’s and then click the option to do so in the lower right corner.
9. Reboot the computer upon completion.

Permission issues resolved!