@DustinB3403 said in Account getting locked out:

@WLS-ITGuy said in Account getting locked out:

@DustinB3403 said in Account getting locked out:

Any services or scheduled tasks that might be setup under this account?

Possibly, however the password hasn't changed in the last 30 days that it would cause this.

Then something was turned on recently that is using a password older than 30 days.

Nope. Turns out I had a couple servers that I was giving RDP remote access to another vendor for them to migrate to a new server and I forgot to turn off RDP.

@black3dynamite He shouldn't need to. I'm running it on 16.04 and what he is trying to do works for me.

@dbeato said in Configuring Bookstack to use LDAP:

This are my settings

# General auth #AUTH_METHOD=standard AUTH_METHOD=ldap # LDAP Host LDAP_SERVER=1.2.3.4:636 # The base DN for users LDAP_BASE_DN=DC=domain,DC=com #The full DN and password for binding LDAP_DN=CN=bookstack,CN=Users,DC=domain,DC=com LDAP_PASS=S0UP3rS7r0ngP@ssW0rd #A filter to use when searching for users LDAP_USER_FILTER=(&(mail=${user})) LDAP_VERSION=3 # Set the default 'email' attribute. Defaults to 'mail' LDAP_EMAIL_ATTRIBUTE=mail # Set the property to use for a user's display name. Defaults to 'cn' LDAP_DISPLAY_NAME_ATTRIBUTE=cn # Enable LDAP group sync, Set to 'true' to enable. LDAP_USER_TO_GROUPS=true # LDAP user attribute containing groups, Defaults to 'memberOf'. LDAP_GROUP_ATTRIBUTE="memberOf" # Remove users from roles that don't match LDAP groups. LDAP_REMOVE_FROM_GROUPS=false LDAP_AUTO_CONFIRM_EMAIL=true # A full list of options can be found in the '.env.example.complete' file.

Make sure to have the local admin logged in and not logged out while you change and save the changes so then you can add yourself as admin tied to AD.

I just made the default role admin and then changed it after my initial logon lol

Azure AD's Use of SAML Protocol

@mattbagan said in RocketChat LDAP:

@scottalanmiller Do you know where the snap version of mongodb is installed? I can't find it.

Under /var/lib/snapd/snap/rocketchat-server/current/bin/

But what you want to do I assume is use Compass and just attach to it remotely. It's on port 27017 as usual.

Had this error after installing a new commercial certificate. The error seems valid as my server hostname and certificate name do not match, but it is my understanding this name mismatch is allowed and should still work.

To resolve this I just ran these two commands as Zimbra user.
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0

I am slightly concerned as to the security implications of disabling these settings. I am still on ldap not ldaps and this is on CentOS 7.

Done

Radius
https://blog.ubnt.com/2016/11/04/managing-radius-authentication-unifi/
http://www.petenetlive.com/KB/Article/0000685
http://thesolving.com/server-room/configure-radius-server-windows-authenticate-cisco-vpn-users/

For LDAPS see below:
http://www.petenetlive.com/KB/Article/0000962
https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc

Why samba instead of sssd?

Used the local admin account to bind, and GAL address autocompletion works in Evolution and Thunderbird. So, thats good. Now to create that dummy account...

@Kelly said:

@PSX_Defector said:

@Kelly said:

I've also been looking at PowerBroker Identity Services from BeyondTrust. It is where Likewise ended up after a series of acquisitions. It looks like I'm going to have to be building a virtual network and trying some of this.

I've used this in multiple companies, from an airline in America to an oil exploration company.

Works like a champ, it's built on Winbind, but now has actual support versus calling RedHat and hoping for the best.

Did you use PBIS Open or the paid version? The paid version is significantly more than I can afford at about $1,600 per server instance.

This was back in the Likewise days. So free.99.

@dafyre said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@dafyre said:

Why are there two NFS servers to start with? (Just curious)

They're only 20-24 drives each. About 50TB per server. All of the engineer's home folders are on them so one isn't enough.

At some point down the road we are going to implement a clustered storage but we just don't have the time right now because of time constraints for this project.

Gluster could be done in an hour. I have how tos posted for both NFS Home Automounting and Gluster 🙂

Ha yes anywhere else it would take no time at all. We have so much red tape to jump through it's ridiculous.

Start setting up and testing a Gluster Cluster (see what I did there?)... and maybe by the time you get it set up and tested, you'll be done playing jump rope with the red tape.

The other issue is the NFS servers we have right now are applicances (was done before I got here I've only been here less than a month). We can install certain things, but too much and we might lose "support."

We have to have these inspectors come in and approve stuff if any changes are made to this network. It's ridiculous.

@PSX_Defector said:

@Brains said:

It's just bad timing and we are in the healthcare market and subject to Texas's Workers Compensation craziness, so its been a rough year or two for us.

Then you best not be using PPTP. Compliance audits will come down on you hard.

If anyone will be at Lone Star PHP in Texas this weekend, let me know. Ill be there and will buy you a beer.

I thought you were talking about Big Texas Beer Fest, which was last weekend.

I was planning on trying to use L2TP and darn for missing the Beer Fest. That's my kind of place! Well Whiskey Fest would be MORE my kinda place haha.

I also wanted to ask you about this as well:
3 Year Warranty & InControl 2 for Balance One/Balance One Core

I really doubt the cloud management would be useful for us since we only have 2 local devices (one active at a time). We will get free firmware updates AFAIK, so I don't really know why that is mentioned. Is there any reason we should get this package? 25% price increase for 2 additional years of warranty doesn't seem worth it to me.

OpenLDAP is what the average Linux shop is going to turn to when looking to implement an "AD like" authentication mechanism when no Windows is involved.

I'm not surprised by this. MS didn't want to be completely silent, but at the same time they don't want to release a new Flagship without Windows 10.

Wish I could be helpful I haven't had a need to do this since... 2010? And that was for college.

I do remember that everyone was struggling with Ubuntu to get it connected to AD but CentOS (which is what I was using at the time) worked flawlessly.

@scottalanmiller said:

It's OpenVPN and IPSec, I've used both a ton. No concerns there at all. But it doesn't do what Pertino does. While both are VPNs, they are completely different things. Pertino is a hosted full mesh. Ubiquiti, like any hardware VPN, is a site to site VPN. ** There are very few times that both would be an option for the same network.**

Really? I could see this being useful in my case where I have 4 remote locations using Site to Site, and for my mobile users they could use Pertino.