@scottalanmiller said in Configure Mastodon to Use Zoho ZeptoMail for SMTP Email:

@PhlipElder said in Configure Mastodon to Use Zoho ZeptoMail for SMTP Email:

All of our mail servers are properly set up with a SmartHost, SPF, and DMARC. We don't have any reputation issues. That's a 2000s kind of problem.

No, it's current. Microsoft blacklists entire datacenters still. There's a lawsuit in Illinois about it that they lost. It's a very real thing still that RBL are used by the majors (like Microsoft, but not Google) and used to shut down entire ISPs and IP blocks. I've been brought in to help providers with these issues, it's a huge legal problem and if you don't get hit with it, it seems like it doesn't exist, and if you do get hit, it seems like there's no recourse (hint: there isn't.)

We're dealing with a client who has their site hosted in a Yandex.RU data centre and guess what? Yeah, some putz between their web server and ProofPoint has a sinkhole because Ukraine. The web server can e-mail @Outlook.Com because they have servers around the world but not ProofPoint.

We've had lots of issues over the years where one midbone/backbone provider either shapes or blocks packets from another because they're in a contract dispute. Poof. Packets gone.

oops - remotedesktop.google.com/access is the correct url - mistyped

@DustinB3403 said in Windows Server Licensing:

HPE has some tool which indicates the inverse here

This tool is correct, as far as I've last known.

@IgnaceQ said in If starting from scratch, would you suggest learning BASH or Ansible?:

Besides anisble there are other tools for remote tooling. In a linux world you need bash. this is a basic need.
On top of bash, it really depends on the environmnet you're in. I would suggest python on top of this. You can use python in ansible, chef, terraform, etc... Also on non linux environments, python is availlable (bsd, windows).

He needs Ansible because he's doing an Ansible based certification path.

@dafyre Yes, I did. I am using a different kernel now and for the moment, things seem to be happy! (Ish!)

I ASSUME that their answer is that no one should be emailing attachments like that and they should be sending links to the hosted files instead?

I can't remember the last time that we had to email someone an attachment of an office document, just saying that sounds like a legacy process. Who needs to do that in the modern world?

@NETSERVER that's a bit surprising, but honestly, I guess not. With the way that IBM decided to view CentOS and RHEL, it isn't the stable, well supported system that it used to be. It used to be taken far more seriously. Now, I can't imagine a scenario where I'd deploy RHEL. And at one time, I had one of, if not the, largest RHEL fleets in the world.

I think what you want is a completely external device. That's how this is normally handled. Meaning it's common to have a dialer / ringer on a computer but you answer the phone. Same thing could be done to make a loudhorn blast anything you want as well.

@CCWTech said in Unable to connect Ubuntu with Google Online Accounts:

Jun 08 11:15:59 CCW-HAL systemd[3523]: vte-spawn-8b4a59a3-a060-4bdd-92e6-285656bdb9a2.scope: Consumed 3.448s CPU time.
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started app-gnome-org.gnome.Terminal-10924.scope - Application launched by gnome-shell.
Jun 08 11:16:29 CCW-HAL dbus-daemon[3552]: [session uid=1000 pid=3552] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.167' (uid=1000 pid=10927 comm="/usr/bin/gnome-terminal.real" label="unconfined")
Jun 08 11:16:29 CCW-HAL systemd[3523]: Starting gnome-terminal-server.service - GNOME Terminal Server...
Jun 08 11:16:29 CCW-HAL dbus-daemon[3552]: [session uid=1000 pid=3552] Successfully activated service 'org.gnome.Terminal'
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started gnome-terminal-server.service - GNOME Terminal Server.
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started vte-spawn-9cee1911-372a-4bb4-8b57-694984e43990.scope - VTE child process 10955 launched by gnome-terminal-server process 10931.
Jun 08 11:16:49 CCW-HAL gnome-control-c[8079]: Error showing account: Child process exited with code 1
Jun 08 11:16:53 CCW-HAL gnome-online-accounts-panel.desktop[9764]: GLib-GIO: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)GLib-GIO: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ‘gio-vfs’GLib: unsetenv() is not thread-safe and should not be used after threads are createdGLib-GIO: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’GoaBackend: Loading all providers: GoaBackend: - googleGoaBackend: - owncloudGoaBackend: - windows_liveGoaBackend: - exchangeGoaBackend: - lastfmGoaBackend: - imap_smtpGoaBackend: - kerberosGoaBackend: activated kerberos providerGLib-GIO: _g_io_module_get_default: Found default implementation gnutls (GTlsBackendGnutls) for ‘gio-tls-backend’Failed to create account: Dialog was dismissed
Jun 08 11:16:53 CCW-HAL xdg-desktop-por[3907]: Realtime error: Could not map pid: Could not determine pid namespace: Could not find instance-id in process's /.flatpak-info
Jun 08 11:17:01 CCW-HAL CRON[11093]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jun 08 11:17:01 CCW-HAL CRON[11094]: (root) CMD (cd / && run-parts --report /etc/cron.hourly)
Jun 08 11:17:01 CCW-HAL CRON[11093]: pam_unix(cron:session): session closed for user root
Jun 08 11:17:06 CCW-HAL kernel: WebKitWebProces[11026]: segfault at 55bd22ad9adc ip 000055bd22ad9adc sp 00007ffd1f6adbe8 error 14 likely on CPU 2 (core 2, socket 0)
Jun 08 11:17:06 CCW-HAL kernel: Code: Unable to access opcode bytes at 0x55bd22ad9ab2.
Jun 08 11:17:36 CCW-HAL gnome-shell[3803]: Window manager warning: WM_TRANSIENT_FOR window 0x3a02767 for 0x3a02778 window override-redirect is an override-redirect window and this is not correct according to the standard, so we'll fallback to the first non-override-redirect window 0x3a006dc.
Jun 08 11:17:42 CCW-HAL systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
Jun 08 11:17:42 CCW-HAL systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Jun 08 11:17:42 CCW-HAL systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
Jun 08 11:17:42 CCW-HAL systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
Jun 08 11:18:10 CCW-HAL gnome-shell[3803]: Window manager warning: WM_TRANSIENT_FOR window 0x3a029e2 for 0x3a029f0 window override-redirect is an override-redirect window and this is not correct according to the standard, so we'll fallback to the first non-override-redirect window 0x3a006dc.

Looks like it may be a known bug: https://launchpad.net/bugs/2019739

@Pete-S said in Debian 11 & php8:

Not a challenge at all but the reason to run "stable" is for stability.

Once you start abandoning the integration, though, you are abandoning stability. The idea of using an LTS and then replacing the parts of the OS that aren't up to date is counterproductive. Choose the most up to date, best supported, most stable version and use the fully tested and integrated components instead.

The idea of "stable" is not stability in IT terms, that's a myth. It's actually against that. The idea of current is for IT stability. Stable, in reference to an OS like this, is in reference to the versions of products remaining stable so that unsupported, out of date software from bad vendors can be used without updating for long periods of time. Not a positive stable, it's a bad stable.

@WrCombs said in Reboot resets Desktop Win 10 -:

So found out the user is actually corrupt, this is the 4th time this has happened according to the internal IT team, and they're looking to get the PC replaced

It’s always best to replace a corrupt user. The can leave so much of a mess.

@d-cunnings
I realize this is nearly a year old but you can actually just backup the AAD user profile with USMT as USMT will see the profile as a local profile.

We have done this using USMTGUI previously

@lilyleiden said in User migration to azure:

We just tested migrating a small batch of test users to our new Azure tenant.

While migrating the PC/user account was no problem, the fact that people get a completely blank user profile, certainly was a showstopper!!

Many of our users has had their AD profile for years, even a decade and has a lot of individual settings, ways to work, shortcuts, quick links, favorites/browser cached passwords etc. and they loose all that.
Management has currently halted the process due to the protests.

So I am on the lookout for a way to link/migrate the old profile/profile settings, when Azure joining the PC?

As far as I know, the only option is using third party software. There are several options.

We have for many years used USMTGUI from Ehlertech for domain profiles (USMTGUI use USMT for local and Domain profiles) but USMTGUI (corporate edition) also has a really simple to use function for migrating a profiles content to an AAD user, after the PC has been joined to Azure.

As said there are several third party options but as we already knew USMTGUI prior to switching to Azure, and USMTGUI makes it possible to handle all scenarios with one program, we have not really tried any of them.

@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

Source NAT rules. No clue how this work on UniFi though.

On an EdgeRouter it looks like this.
946132be-32b8-4225-9f4a-75634d00754b-image.png

08dbe439-afef-4e97-9a09-d72b48ca19bb-image.png

I assume it goes here in UniFi.
d70f4ee8-a60f-4803-b5da-df26f0d19ce5-image.png

1ffc5074-9466-441d-a320-32fd181f3fa0-image.png

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

There's no user ever authorized to just connect.

The application user is always connecting. Repeatedly.

@Dashrender Check this thread
https://learn.microsoft.com/en-us/answers/questions/955731/who-deleted-an-appointment-from-a-shared-calendar