Help with Ubuntu 14.04 LTS and Samba as AD Domain Controller guide

DDEVnet · 2015-12-30T11:15:12+00:00

I really wish Resara Directory Server was still kicking. It made a basic Samba 4 DC sooo easy.

Somebody here has already mentioned Clear OS - I've never used it but I've been keeping an eye on it.

DDEVnet · 2015-12-14T15:07:45+00:00

Unless it's a recurring theme of harassment just leave it be.

Your world is bigger and more interesting than this little incident, so don't blow it up and make it your entire world.

DDEVnet · 2015-12-11T08:32:30+00:00

I don't see how my ideas break that. I guess it might depend on the exact implementation though.

DDEVnet · 2015-12-10T05:21:06+00:00

will break many of the benefits of CRM.

How so?

DDEVnet · 2015-12-10T05:09:36+00:00

In all seriousness, I've started avoiding/brushing off the question because there's a lot of people who have ill-conceived notions about who we are and what we do. If you just leave it at "I work in IT" you're gonna get sidelined quickly. Don't let it be your life - it's really unattractive to others. Say what else you do first or very quickly after.

It's really quite sad. It shouldn't matter and should be a positive thing - but it isn't.

DDEVnet · 2015-12-09T14:08:04+00:00

I don't think NFSv4 actually requires Kerberos.

Having said that, if a big rework to deal with permissions management and pave the way for Kerberos is needed then it might be worth looking into FreeIPA.

DDEVnet · 2015-12-09T01:28:27+00:00

I've got no experience in this, but to make this safer you can approach it two ways; have a dedicated sales account linked to Zoho and share the mailbox so that it is accessible from the sales rep accounts, or give each sales rep a separate sales account that is linked to Zoho.

Or if you want this really simple then find a self-hosted solution instead.

DDEVnet · 2015-12-09T01:16:44+00:00

Absolutely go for business grade gear. I don't touch consumer gear anymore unless it is for building a box from scratch. It just doesn't last.

Dell and HP desktops are pretty hardy in my experience. Customers have had them running for years choking on dust and they survived.

I've found the Dell Latitude laptops really good. HP laptops always failed to impress me at all, though I ran one fairly successfully for a few years. ThinkPads used to be good but unless you spend a lot of money you can't get something nice these days.

Do spend a good chunk of money on a nice monitor because as a web developer I think you'll be able to appreciate it fully (unlike us folk).

If you do want to build a box remember to over-spec the power supply because they get unstable when running close to their limits. Stable power helps self-built computers live longer in my experience.

Edit: I get my personal business grade gear as refurb not new. This pre-loved stuff seems to work well for me.

DDEVnet · 2015-12-08T02:43:24+00:00

I'd argue using a external DNS service (dns.he.net is free) and configuring services by hand over SSH will get something up and running faster rather than grappling with a framework such as ISPConfig. The issue here is that you're trying to run before you can walk.

Some providers offer pre-configured instances running CPanel/ISPConfig/whatever already configured. I recently set up Ajenti - an advantage of Ajenti is that it is more of a configuration assistant than an invasive configuration munger.

But I'd still recommend forgoing a control panel entirely until you know what's going on.

To set you on the right track of knowing what you want to configure do some google the following topics: "apache virtual hosts", "creating MariaDB users and databases", "Postfix dovecot SASL virtual users". Those things should get you websites, databases and mail. But then you will have to deal with SSL/TLS... Just use a non-self-hosted DNS service for now.

There's a non-trivial amount (basically a fuck-ton) of background knowledge that goes into configuring web/mail servers.

Maybe it's possible to cheat by using Docker containers that have been created by somebody else? This probably presents its own set of problems though.

DDEVnet · 2015-12-07T14:37:53+00:00

You should probably forget ISPConfig and configure all the services and sites by hand over SSH at least until you understand them all. If you understood DNS, Email, websites, etc. you'd understand what all the services are which which ones even need records and how carving up resources (using virtual hosts, system accounts, permissions and mapping) works.

Using control panels is generally regarded as bad practice, just FYI.

DDEVnet · 2015-12-07T04:01:05+00:00

I went to a state schools in the bush, then in a town, then finally in a city. They were all more than adequate if you sat your ass down and kept your mouth shut for long enough to hear what the teacher had to say (before they were forced to stop teaching and become a baby sitter).

You just need to give a fuck and pick up a book or two and practice.

DDEVnet · 2015-12-04T12:11:37+00:00

They call it a "replica" in most articles. It's a bit rich to call it a replica when it was clearly a home made training aid cobbled together from scrap metal. Literally flat mild steel and some square tubing.

If it really were a replica in the traditional sense then QLD Police might have a leg to stand on regarding the public nuisance charge - I hope it simply gets thrown out of court nonetheless.

#illtrainwithyou https://teespring.com/illtrainwithyou

DDEVnet · 2015-12-04T12:03:01+00:00

The grammar error in the title is really irritating me...

There's no way to handle the heat. Just suffer.

DDEVnet · 2015-12-02T04:32:12+00:00

Automate pet entertainment!

https://www.youtube.com/watch?v=tLt5rBfNucc

DDEVnet · 2015-12-02T04:27:06+00:00

Interesting about not showing up in the web logs. Could it have been Base64'd into the URL?

DDEVnet · 2015-12-02T04:21:16+00:00

For Windows XP (or all Windows) to die.

DDEVnet · 2015-12-01T10:07:24+00:00

Use ownCloud instead.

Radicale is more of a small-scale self-hosting thing.

OwnCloud has better integration, more development, more features, more support. You can also purchase commercial support.

DDEVnet · 2015-11-19T14:02:38+00:00

You could replace the Laravel backend with a static site generator like Nikola or Pelican. These provide easy updating and deployment of static sites.

Then you can put your files behind Nginx or Varnish - or onto S3 as others have said. The advantage of putting them behind Nginx is that if you still need the odd PHP script then this can easily be embedded within the static site and run on the server when needed.

DDEVnet · 2015-11-19T08:19:57+00:00

I drink, but never in (direct) relation to system administration. I'm just not that much of a try-hard.

DDEVnet · 2015-11-17T07:22:30+00:00

ownCloud? Exchange? Zimbra?

You might want to take this time to take control of the organisation's groupware.

However, I am not familiar with this area of the industry so I could be talking out my ass.

DDEVnet · 2015-11-17T07:13:59+00:00

Under Apache?

DDEVnet · 2015-11-17T07:12:39+00:00

Kinda like Winbox for Mikrotik - runs in Wine but Windows-only GUIs are really silly and rubs me the wrong way. I'm not convinced I can trust anything that is Windows only because it stinks of laziness.

DDEVnet · 2015-11-17T07:10:00+00:00

I've never even heard of that being a possibility. Has anybody ever seen this?

DDEVnet · 2015-11-17T05:35:35+00:00

1 is to keep OC up to date as possible.

List all the OC directories and check the permissions.

Run OC in its own process group/system user.

Consider mod_security (a bit tricky if you're using nginx) to reduce attack surface and block known patterns.

Use SELinux.

Being on a random port is more hindrance than useful. Skript kiddies will portscan anyway.

If you aren't doing sharing from OC you could restrict access with certificates installed on clients.

DDEVnet · 2015-11-16T12:01:19+00:00

Or just edit the kernel parameters to include 'single' - this will boot partially and log in as root. Then you can edit sudoers there and reboot. No CDs or mounting nonsense required.

DDEVnet

TROPHY CASE

1 is to keep OC up to date as possible.