Receive a User’s UPN, Email, First and Last Name via Azure Active Directory Custom Manifest

In May 2019 Microsoft has made the new and improved App Registration portal generally available. For some time this new portal has been available under the Azure Active Directory > App registration (preview) menu in the Azure Portal. The old App Registration is still available under Azure Active Directory > App registration (legacy) but most likely it will be discontinued soon.

The ID token does no longer by default contains fields such as user principal name (UPN), email, first and last name, most likely to ensure that personal data is handled with more consideration. As a result, you must manually update the app registration’s manifest to ensure that ID tokens include the UPN, email, first and last name by adding these optional claims.

  1. Go to Azure Portal > Azure Active Directory > App registrations
  2. Find your application registration (you may click on the All applications tab)
  3. Click Manifest
  4. Update the Manifest and change the optionalClaims node as shown below
"optionalClaims": {
	"idToken": [{
			"name": "family_name",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "given_name",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "upn",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "email",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}
	],
	"accessToken": [],
	"saml2Token": []
},

Ubiquiti UniFi Account/User Credentials Cheatsheet

If your brand-new network is set up by UniFi Network iOS app. and using existing Ubiquiti account [email protected] for sync (the option Enable Local Login with UBNT Account will be enabled automatically if you login your Ubiquiti account during the setup), there’s what you will get:

Router, Security Gateway aka. USG

  • Web login:
    • User: admin or custom defined
    • Password: Random-generated during your first setup via iOS app. You need to checked “Enable SSH authentication” in order to change your USG username and password at the time of writing (UI version: 5.10.23.0). It can be found in UniFi Controller Web UI (under Settings – Site – Device Authentication, then click the eye-shaped icon to reveal the password)
  • SSH login:
    • User: admin or custom defined
    • Password: same as USG login credentials

Switch, aka. USW

  • SSH login:
    • User: admin
    • Password: same as USG login credentials

UniFi Cloud Key, aka. UCK

  • UniFi Controller Web UI:
  • UniFi Cloud Key Web UI:
  • SSH login:
    • User: root
    • Password: Your UniFi Cloud password

Resize Disk Using `growpart` on CentOS

First install growpart:

yum install cloud-utils-growpart

Check current disk info:

fdisk -l

Disk /dev/vda: 42.9 GB, 42949672960 bytes, 83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0008d73a

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048    41943039    20970496   83  Linux

Check disk partition info:

df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/vda1        20G   15G  4.5G  77% /
devtmpfs        486M     0  486M   0% /dev
tmpfs           496M     0  496M   0% /dev/shm
tmpfs           496M  460K  496M   1% /run
tmpfs           496M     0  496M   0% /sys/fs/cgroup
tmpfs           100M     0  100M   0% /run/user/0

Run growpart on our device:

growpart /dev/vda 1
CHANGED: partition=1 start=2048 old: size=41940992 end=41943040 new: size=83883999,end=83886047

Resize:

resize2fs /dev/vda1
resize2fs 1.42.9 (28-Dec-2013)
Filesystem at /dev/vda1 is mounted on /; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 3
The filesystem on /dev/vda1 is now 10485499 blocks long.

Check if disk resized:

df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/vda1        40G   15G   24G  38% /
devtmpfs        486M     0  486M   0% /dev
tmpfs           496M     0  496M   0% /dev/shm
tmpfs           496M  460K  496M   1% /run
tmpfs           496M     0  496M   0% /sys/fs/cgroup
tmpfs           100M     0  100M   0% /run/user/0

macOS Bug: Connecting to another Mac via SMB protocol results in client hanging indefinitely at shutdown or restart

How to force SMB2, which actually doesn’t work for me:

10.14.3 – SMB3 Performance Issues – Force SMB2

Related discussion on Apple Communities

Computers Won’t Shut Down After Connecting To Server

Bug reports on Apple Radar:

How to submit sysdiagnose:

  • Command + Option + Shift+ Control + Period (.)
  • Or in Terminal: sudo sysdiagnose

Note: The sysdiagnose process can take 10 minutes to complete. Once finished, the folder /private/var/tmp/ should appear automatically in the Finder and the sysdiagnose file there will look similar to this:

sysdiagnose_2017.08.17_07-30-12-0700_10169.tar.gz

View active SMB connection status:

smbutil statshares -a

Configuring White-Label Name Servers with AWS Route53

Create a Route 53 reusable delegation set

aws route53 create-reusable-delegation-set --caller-reference ns-example-com

Output:

{
    "Location": "https://route53.amazonaws.com/2013-04-01/delegationset/N3PIG1YNLUZGKS",
    "DelegationSet": {
        "Id": "/delegationset/N3PIG1YNLUZGKS",
        "CallerReference": "ns-example-com",
        "NameServers": [
            "ns-30.awsdns-03.com",
            "ns-1037.awsdns-01.org",
            "ns-1693.awsdns-19.co.uk",
            "ns-673.awsdns-20.net"
        ]
    }
}

Note down the delegation set ID:

/delegationset/N3PIG1YNLUZGKS

Get IP of delegated name servers

dig +short ns-30.awsdns-03.com
dig +short ns-1037.awsdns-01.org
dig +short ns-1693.awsdns-19.co.uk
dig +short ns-673.awsdns-20.net
dig AAAA +short ns-30.awsdns-03.com
dig AAAA +short ns-1037.awsdns-01.org
dig AAAA +short ns-1693.awsdns-19.co.uk
dig AAAA +short ns-673.awsdns-20.net

Then add these records with your domain registrar and in your current DNS providers. Set TTL to 60s.

Create new zone with white-label name servers

aws route53 create-hosted-zone --caller-reference example-tld --name example.tld --delegation-set-id /delegationset/N3PIG1YNLUZGKS

Output:

{
    "Location": "https://route53.amazonaws.com/2013-04-01/hostedzone/Z7RED47DZVVWP",
    "HostedZone": {
        "Id": "/hostedzone/Z7RED47DZVVWP",
        "Name": "example.tld.",
        "CallerReference": "example-tld",
        "Config": {
            "PrivateZone": false
        },
        "ResourceRecordSetCount": 2
    },
    "ChangeInfo": {
        "Id": "/change/C2IAGSQG1G1LCZ",
        "Status": "PENDING",
        "SubmittedAt": "2019-03-10T13:10:53.358Z"
    },
    "DelegationSet": {
        "Id": "/delegationset/N3PIG1YNLUZGKS",
        "CallerReference": "ns-example-com",
        "NameServers": [
            "ns-30.awsdns-03.com",
            "ns-1037.awsdns-01.org",
            "ns-1693.awsdns-19.co.uk",
            "ns-673.awsdns-20.net"
        ]
    }
}

Update NS and SOA records

Prepare to change name servers, first lower TTL for the following records:

  • NS records: 172800 to 60 seconds
  • SOA record: 900 to 60 seconds