December 9, 2017, 10:33 am
Is it possible to have AD functionality in a pure Linux environment? For instance, I'm following this guide, and following the installation of Samba4, there is a section for "Adding the Windows host to the domain". Is this just optional for managing the AD environment with a Windows PC, or do you have to do this?
I'm building a virtual Linux lab, and thus far I have a Nagios server, an e-mail server, an OTRS server, and now I wanted to take a stab at creating an AD/DC server. I'm trying to go for a pure Linux environment without using Windows at all, if that's even possible.
Or is Windows typically still used for AD in Linux environments? Do you need to use Windows to create GPOs and fully manage AD?
It sounds like to me this guide uses Linux as the DC, Windows machine to manage the environment, and then authenticate both a CentOS 6 and CentOS 7 machine to the DC.
Am I understanding this correctly, or am I missing something?
submitted by
/u/GollyJeeWizz [link] [comments]
↧
December 9, 2017, 2:04 am
↧
↧
December 9, 2017, 9:51 pm
So I have a Windows mounted share using CIFS. I have changed the mount permissions to file_mode 0775 and dir_mode 0775. This is confirmed when I use ls -la. I am trying to copy a regular file to the directory from my home directory. It's not mounted under my username or original group, but I did add myself to the other group and have confirmed this via /etc/group.
Whenever I try and copy to the directory I get a cannot create regular file error. Sudo cp works fine.
submitted by
/u/greywolfau [link] [comments]
↧
December 10, 2017, 5:37 am
I have an all Windows Server environment with a few Linux boxes running some turnkey stuff, but I need to set up a box that needs more manual config and maintenance to use as something that can integrate with the current domain. The overall goal is to up my Linux experience since two of the biggest jobs I’ve applied for needed more of it. Whether it be secondary DNS server, Or DHCP, I’m looking for something that I can “add on” to an existing component so that I’m not creating a standalone Linux box with an essential role that only I know how to manage in case I leave. Any thoughts from former Windows admins?
submitted by
/u/ThatMightBeTheCase [link] [comments]
↧
December 10, 2017, 10:15 am
I'm looking into L3 to the host with Cumulus Linux's host pack for Centos 7 machines : https://cumulusnetworks.com/products/host-pack/
I'm currently running kickstart via vanilla PXE boot w/ DHCP, and wasn't sure what the recommended practice would be for provisioning machines whose network connectivity depends on routing software being up.
The machines would peer with leaf TOR switches. I'm looking at BGP unnumbered w/ IPv6 link locals allowing for IPv4 advertisements. Let me know if any other information would be helpful. Thanks!
submitted by
/u/knudtsy [link] [comments]
↧
↧
December 10, 2017, 7:28 am
What is the best way to protect my server from ddos attacks, from attacks against my ssh server, wordpress login page, and any other login page that i have on my webserver? Does fail2ban can do this?
submitted by
/u/peter778 [link] [comments]
↧
December 10, 2017, 1:36 pm
Hello, I am a student and interested in linux and security and I have one question about DDOS Attackts. I have one server or multiple servers that are configured as a firewall. Is there currently any software available, which is able to do that. But my real question is how can I "load balance" between my firewall servers, so that they are not overloaded. Because, depending how strong the attack is, the load balancer will be overloaded as well. So how does it works?
submitted by
/u/itsescde [link] [comments]
↧
December 10, 2017, 1:44 pm
With GNU Mailman 3 Virtual hosting, is it possible to have multiple user frontends for multiple lists with only one GNU Maliman installation? For example I have a liming list for 1.com and 999.xyz hosted on the same server but the typical end user would never be able to figure it out because their front ends don't say anything about the other site.
submitted by
/u/Oflameo [link] [comments]
↧
December 11, 2017, 1:50 am
Hello!
Sorry for spelling in advance, English is not my native.
I use proxmox as a main virtual environment on almost all hardware. Currently, I have a task of backing up a relatively huge amount of data (KVM virtual machine's drives) and looking for an elegant solution.
To save a lot of disk space I want to use ZFS with it's deduplication and compression, but since I have virtually 0 expirience with this file system I am not confident enough.
Setup is going to be following: 14 servers with the 5-th Proxmox VE, one of those server is going to be used solely as a backup storage using ZFS as root partition (12 tb. of space). So perhaps experienced in ZFS-stuff (or just experienced (:) sysadmins could give me some pointers and share best-practises.
Ideally, I would like to create differential copies (not sure if qemu even allows that).
This seems interesting, but people say that there could be problems with a lot of data. https://ayufan.eu/projects/proxmox-ve-differential-backups/
submitted by
/u/RainboomSix [link] [comments]
↧
↧
December 11, 2017, 11:32 am
I've set these up before so not sure what the deal is. I keep getting an error that the server cannot start because it cannot read my ssl key file, due to password verification failing. There's no pass on it. I made it without one, and I even ran the openssl command to strip it (which didnt ask me for the password). I disabled SELinux. I tried making the file world readable (to see if maybe the error was more generic than it lead on). Nope. I made sure askpass is not in the config anywhere. I tried askpass with a blank file. What does OpenVPN want from me?!
submitted by
/u/__deerlord__ [link] [comments]
↧
December 11, 2017, 11:56 am
So let's say I setup a jenkins on a cent7 with some plugins installs and config.xml.
How can I migrate that jenkins to another machine if let's say I didn't keep track on what plugins I install. Is there an export function somewhere where I can export the configs and plugins i've previously installed and during a new Jenkins installation I can import it?
submitted by
/u/juniorsysadmin1 [link] [comments]
↧
December 11, 2017, 12:04 pm
I copy what's in update.pub to one of the admin's pub via gui. When I run the following command:
bash-4.2$ java -jar /var/lib/jenkins/jenkins-cli.jar -s http://localhost:8080 -i /var/lib/jenkins/.ssh/update reload-configuration ERROR: anonymous is missing the Overall/Administer permission
Why the cli is trying to access as anonymous? I've been searching in google most tell me to set usesecurity to false which is out of the question here.
I can run everything just fine if I simply do --username xyz --password abc but i want to do sshkey instead. I try just specifying the user to no aval.
bash-4.2$ java -jar /var/lib/jenkins/jenkins-cli.jar -s http://localhost:8080 reload-configuration --username abc ERROR: This command is requesting the deprecated -remoting mode. See https://jenkins.io/redirect/cli-command-requires-channel
Anyone encounter this issue before how you solve it?
submitted by
/u/juniorsysadmin1 [link] [comments]
↧
December 11, 2017, 1:28 pm
I'm trying to set up mcollective on Foreman 1.14.3 / Katello 3.3.2 on CentOs 7.3 with puppet 4.10 and I'm running into some trouble. I can't seem to find definitive and up-to-date documentation. Does anyone have any experience with this and wouldn't mind helping me out?
This is what I've done so far:
- Installed mcollective-puppet-agent, mcollective-service-agent, mcollective-puppet-client on my puppet proxy
- Enabled and started the mcollective service on my puppet proxy
- Set ":use_provider: puppet_proxy_mcollective" in /etc/foreman-proxy/settings.d/puppet.yml on my puppet proxy
- Added the appropriate entry to sudoers.d
- Set ":puppetrun: true" in /etc/foreman/settings.yml
- Restarted foreman-proxy
- Set "listen = true" under [main] in my agents puppet.conf and restarted puppet
However when I try to execute a puppet run, I get the following:
mypuppetproxy.blah.edu $ sudo -u mymcouser /opt/puppetlabs/bin/mco puppet runonce -v -I mypuppetagent.blah.edu error 2017/12/11 16:20:19: client.rb:39:in `rescue in initialize' Timeout occured while trying to connect to middleware The puppet application failed to run: execution expired execution expired (MCollective::ClientTimeoutError) from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/connection/utils.rb:142:in `sleep' <---- from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/connection/utils.rb:142:in `rescue in block in socket' from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/connection/utils.rb:115:in `block in socket' from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/connection/utils.rb:109:in `synchronize' from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/connection/utils.rb:109:in `socket' from /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/stomp-1.3.3/lib/stomp/connection.rb:144:in `initialize' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/connector/activemq.rb:296:in `new' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/connector/activemq.rb:296:in `connect' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/client.rb:36:in `block in initialize' from /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:90:in `block in timeout' from /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:in `call' from /opt/puppetlabs/puppet/lib/ruby/2.1.0/timeout.rb:100:in `timeout' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/client.rb:35:in `initialize' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/rpc/client.rb:49:in `new' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/rpc/client.rb:49:in `initialize' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/rpc.rb:73:in `new' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/rpc.rb:73:in `rpcclient' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/application.rb:362:in `rpcclient' from /usr/libexec/mcollective/mcollective/application/puppet.rb:211:in `client' from /usr/libexec/mcollective/mcollective/application/puppet.rb:333:in `runonce_command' from /usr/libexec/mcollective/mcollective/application/puppet.rb:370:in `main' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/application.rb:293:in `run' from /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/mcollective/applications.rb:23:in `run' from /opt/puppetlabs/bin/mco:33:in `<main>'
Anyone know where I'm going wrong?
submitted by
/u/redhat_noob [link] [comments]
↧
↧
December 11, 2017, 1:33 pm
Dear /r/linuxadmin,
So I have a postfix setup in our company which I have inherited. One Postfix in the DMZ that just accepts the messages and then relays them to my internal postfix, that checks if recipient exists, yada yada. My boss wants TLS encryption for inbound and outbound connections, to be precise: we don't want to actually encrypt messages, just encrypt the connection between the DMZ postfix and the mailserver of the recipient. I have four domains, my question is how do I go about this? We will probably buy a cert from rapidssl, but how does this work? I will add my external FQDN of my postfix as CN in the CSR, but what do I do with the other domains? All MX records for the domains point to the FQDN of my DMZ postfix with the "main domain"
For example: Postfix FQDN: mx.contoso.com
MX for these domains point to Postfix FQDN:contoso.com contoso_1.com and contoso_2.com
Thank you in advance!
submitted by
/u/suchoi [link] [comments]
↧
December 11, 2017, 7:16 am
SVN sever version 1.18.11. Going from a CentOS6 machine to a CentOS7 one.
I've got the basic principle of migrating the svn repository.
I can install the other thing I need.
Mostly all I need feedback on is if I have it right that I can:
Dump/Migrate the SVN repo while it's still in use
Move that dump to the intended new server and fully configure it to make sure certificates/checkouts work.
Turn off the old svn server, dump the repo a final time and just overwrite the "test" repo on the new server.
Change dns pointers to new server.
Number three is what I'm sketchiest about. I can install a repo, but what about updating it with a newer version of the same repo. Any feedback would be greatly appreciated.
submitted by
/u/Sysa_Dmin [link] [comments]
↧
December 11, 2017, 5:07 pm
So I'm pretty green, only been doing HPC sysadmin work for about two months now, so forgive me if I mess any of this up.
I'm trying to use xCAT to image a node that we had recently swapped the motherboard on. Deleted the old node definitions and DNS settings on our management node which we use to run xCAT commands, then re-added the node.
So xCAT now shows the node's MAC address, the port number, and the node definition info. When I PXE boot the node, it gets the kernel definitions from xCAT, gets a DHCP address, but then hangs on "Network configuration complete, commencing transmit of discovery packets."
I'm really not sure where else to look! It seems like if xCAT is seeing the MAC address and port, we shouldn't be having this issue...
Has anyone seen anything like this before?
submitted by
/u/always_garthand [link] [comments]
↧
December 11, 2017, 3:18 pm
I'm trying to write an LDAP python library to simplify a bunch of this stuff. One of the things I want it to do is be able to automatically detect common LDAP config details and connect appropriately. Namely, I still need a way to detect the following info (from an anonymous bind with no credentials):
- Manager DN (i.e. cn=Manager,dc=example,dc=com)
- Group DN (i.e. ou=Group,dc=example,dc=com)
- User/People DN (i.e. ou=People,dc=example,dc=com)
submitted by
/u/kazi1 [link] [comments]
↧
↧
December 11, 2017, 5:39 pm
For those of you who aren't familiar with NFV, it stands for Network Functions Virtualization.
The premise, as far as I understand it, is that NFV will be able to virtualize network appliances and hardware, such as routers, switches, firewalls, etc, and will be able to virtualize entire networks all together.
OPNFV is the open source version of NFV that the Linux Foundation has been working on.
So what's your guys thoughts and opinions on this? How much will this change things?
submitted by
/u/anacondapoint6 [link] [comments]
↧
December 12, 2017, 3:35 am
I took over as a sysadmin recently and inherited a NetBackup setup that is obscure and overly complex for what it needs to do. I have no documentation whatsoever about what is running. I can see some netbackup processes running from ps output, but that is all I got.
I'd like to read the existing tapes and see what has been backed up so far. Any ways to do this without reading the silly 1000+ page NetBackup documentation?
Do you have any recommendations for a stupidly simple tape backup system? I have a NetApp filer with approximately 100TB of data that I'd like to backup to tapes periodically.
submitted by
/u/reacharavindh [link] [comments]
↧
December 12, 2017, 9:08 am
Basically, I want an RBAC solution to managing authorized_keys configs even though we don't have a central authentication DB.
We have many users who use SSH tunnels into our systems through a bastion host/jump box. Each of these users has their authorized_keys file on the bastion host managed with certain permitopen="host:port",no-pty, etc options to limit their access. Many of these users have the same configuration because they have the same role. Each time there is a new server they need access to or something I have to manage each users config to address it.
I'd like to do something like this as the line with their key:
include="/etc/ssh/authorized_keys_options/rolename" public_key comment
This would allow me to manage roles rather than individual users and ease my monotony. Can it be done?
I'm open to a different approach to managing the bastion host configuration so long as it doesn't make more pain instead of less.
submitted by
/u/flickerfly [link] [comments]
↧
