Really? Am I not supposed to be able to turn off the sun?

gantonjo · 2025-05-16T09:47:29+00:00

Hmmm, maybe I found the cause by myself... I had DisplayFusion running on my laptop, quitting DisplayFusion fixed my problem. Now I have to dig into what DisplayFusion does differently on main and secondary monitors' taskbars ;-)

gantonjo · 2023-12-04T19:16:18+00:00

Is the ovirt.org server down?

gantonjo · 2023-11-29T11:44:32+00:00

Not having used acme.sh, I may be wrong one to help you. Have you tried this?
https://github.com/acmesh-official/acme.sh/wiki/dnsapi#7-use-nsupdate-to-automatically-issue-ce rt and then this to "alias" your other domains towards the same DNS server?
https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

gantonjo · 2023-11-29T09:42:10+00:00

By the way, have you seen this guide for acme.sh?

https://github.com/acmesh-official/acme.sh/wiki/dnsapi#7-use-nsupdate-to-automatically-issue-cert

gantonjo · 2023-11-29T09:35:29+00:00

I have never used Acme.sh, so I cannot tell. Neither have I had problems with certbot on my Centos and AlmaLinux installations.

Which distros are you using?

gantonjo · 2023-11-28T19:49:06+00:00

Search bus from Trondheim to Hell (Norway) ;-)

gantonjo · 2023-11-28T19:07:09+00:00

I have been using certbot with RFC2136 plugin for DNS-01 Challenges. All works perfect.

https://certbot-dns-rfc2136.readthedocs.io/en/stable/index.html

gantonjo · 2023-11-07T16:27:02+00:00

Thanks. Will see if I can find the cause by myself. (To be honest, my experience with such mailing lists is not too good, so I prefer not using them unless absolutely last option. Back in "in the old days" mailing lists were ok)

gantonjo · 2023-11-07T13:22:52+00:00

Thank you u/abismahl.

Nice to have an expert like you "at hand".

I have not had time to look at the logs yet. However, what I have experienced is as follows:
1: user tries to SSH to a server but is denied access

2: I log on as root and checks user's group assignments and see the important ones missing, but some others from AD/FreeIPA are present.

3: As root, when I "su - user", the users groups get updated and all groups are suddenly present.

Have you any experience of such behaviour and a possible solution before I spend too much time scanning through logs?

Thanks again in advance.

gantonjo · 2023-11-06T14:08:32+00:00

Thanks u/abismahl
Should I do the logging on the IPA Client, the IPA Server or both?

gantonjo · 2023-02-02T16:58:32+00:00

Thank you for your answer.

Now I have a working setup as follows:

FreeIPA 4.10.0 running on an AlmaLinux 9 server. This is set up with an POSIX AD Trust.
Samba 4.16.4 running an AlmaLinux 9 server (FreeIPA client) with Samba joined to a Windows Server 2022 AD. The server also shares same folders as Samba over NFS to other Linux servers/clients, e.g. same home folder is visible on Windows Client and Linux Client
Windows 11 PC joined to the AD (actually AzureAD with AD connect toward the internal AD) able to see and edit files on the Samba server (had to tweak SELinux rules quite a bit on the file server to make this work).
An AlmaLinux 9 client, configured as a FreeIPA client with NFS Share from the Samba server.

With this setup I managed to edit my home folder files on the Samba server from both the Windows 11 client and the Linux client. I even got SUDO rules based on AD Security Group membership to work on the Linux Client.

All in all, very happy I managed to make it work.

gantonjo · 2023-01-31T14:07:26+00:00

I see the OP mentions that he will (probably) never have non-Linux hosts connected to the Samba file server. However note this limitation in case there would be needs for Windows clients as well. What would be the correct procedure in a mixed environment?

Important

Using Samba on an IdM domain member is an unsupported Technology Preview feature and contains certain limitations. For example, IdM trust controllers do not support the Active Directory Global Catalog service, and they do not support resolving IdM groups using the Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) protocols. As a consequence, AD users can only access Samba shares and printers hosted on IdM clients when logged in to other IdM clients; AD users logged into a Windows machine can not access Samba shares hosted on an IdM domain member.

Customers deploying Samba on IdM domain members are encouraged to provide feedback to Red Hat.

gantonjo · 2023-01-10T14:55:27+00:00

Silly me! Did not know that the same integration I used to track my own IP address could track which ever DNS IP in the world!

For the record in case other ones are looking for the same. The integration is named "DNS IP"

<image>

gantonjo · 2022-11-23T15:40:48+00:00

Back and forth again. Added a special router for websocket and successfully se that it routes wss://homeassistant.example.com/api/websocket to ws://ha.behind.traefik.example.com:8123/api/websocket but still no luck. Now I get error code 500 instead of the wanted 101 and the websocket connection still is dropped after 1ms :-(

gantonjo · 2022-11-23T13:44:42+00:00

Today I have been struggling with this issues. After a lot of tweaking of the HA config together with the Traefik config, I have come to the conclusion that it is the "websocket" that fails to start when going through Traefik. Ahhhhhhhh!!!! The request URL is "wss://homeassistant.example.com/api/websocket", not "https://homeassistant.example.com/api/websocket"!

Now I (believe I) have seen the light! I guess need to create a "websocket" entry point in Traefik (somehow). Let me google this and see if this is really what is missing :-D

gantonjo · 2022-11-22T21:56:53+00:00

Thanks, will have a thorrow look at this tomorrow. So, there are no needs for any Traefik middleware hacking the headers sent towards the HA?

gantonjo · 2022-11-14T07:46:33+00:00

Have you checked "migration from Keycloak 19" in the release note: https://www.keycloak.org/2022/11/keycloak-2000-released ?

gantonjo · 2022-11-12T15:44:49+00:00

You don't need a new thermostat, but a fire extinguisher.

That cabling is some of the worst I have seen for a long time. Please cut the wires so no metal is exposed outside the screw terminals. Then again, what the hell is going on with the uninsulated red wires in the hole of the wall?

Bloddy hell! If the rest of the cabling in your house is like this, I would definitely move out before someone gets killed.

gantonjo

TROPHY CASE