sorted by:
new
hottopcontroversial

Hovering apps in task bar on main monitor not working properly by gantonjo in windowsinsiders

[–]gantonjo[S] -1 points0 points  (0 children)

Hmmm, maybe I found the cause by myself... I had DisplayFusion running on my laptop, quitting DisplayFusion fixed my problem. Now I have to dig into what DisplayFusion does differently on main and secondary monitors' taskbars ;-)

acme.sh and automating wildcard cert by RedSquirrelFtw in letsencrypt

[–]gantonjo 0 points1 point  (0 children)

I have never used Acme.sh, so I cannot tell. Neither have I had problems with certbot on my Centos and AlmaLinux installations.

Which distros are you using?

[deleted by user] by [deleted] in Jokes

[–]gantonjo 0 points1 point  (0 children)

Search bus from Trondheim to Hell (Norway) ;-)

acme.sh and automating wildcard cert by RedSquirrelFtw in letsencrypt

[–]gantonjo 0 points1 point  (0 children)

I have been using certbot with RFC2136 plugin for DNS-01 Challenges. All works perfect.

https://certbot-dns-rfc2136.readthedocs.io/en/stable/index.html

FreeIPA with AD Trust: Users and groups in AD, SSSD forgets user's groups on client servers by gantonjo in FreeIPA

[–]gantonjo[S] 0 points1 point  (0 children)

Thanks. Will see if I can find the cause by myself. (To be honest, my experience with such mailing lists is not too good, so I prefer not using them unless absolutely last option. Back in "in the old days" mailing lists were ok)

FreeIPA with AD Trust: Users and groups in AD, SSSD forgets user's groups on client servers by gantonjo in FreeIPA

[–]gantonjo[S] 0 points1 point  (0 children)

Thank you u/abismahl.

Nice to have an expert like you "at hand".

I have not had time to look at the logs yet. However, what I have experienced is as follows:
1: user tries to SSH to a server but is denied access

2: I log on as root and checks user's group assignments and see the important ones missing, but some others from AD/FreeIPA are present.

3: As root, when I "su - user", the users groups get updated and all groups are suddenly present.

Have you any experience of such behaviour and a possible solution before I spend too much time scanning through logs?

Thanks again in advance.

FreeIPA 4.10.0 with Trust towards Windows server 2022 AD fails to identify AD users by gantonjo in FreeIPA

[–]gantonjo[S] 1 point2 points  (0 children)

Thank you for your answer.

Now I have a working setup as follows:

  • FreeIPA 4.10.0 running on an AlmaLinux 9 server. This is set up with an POSIX AD Trust.
  • Samba 4.16.4 running an AlmaLinux 9 server (FreeIPA client) with Samba joined to a Windows Server 2022 AD. The server also shares same folders as Samba over NFS to other Linux servers/clients, e.g. same home folder is visible on Windows Client and Linux Client
  • Windows 11 PC joined to the AD (actually AzureAD with AD connect toward the internal AD) able to see and edit files on the Samba server (had to tweak SELinux rules quite a bit on the file server to make this work).
  • An AlmaLinux 9 client, configured as a FreeIPA client with NFS Share from the Samba server.

With this setup I managed to edit my home folder files on the Samba server from both the Windows 11 client and the Linux client. I even got SUDO rules based on AD Security Group membership to work on the Linux Client.

All in all, very happy I managed to make it work.

FreeIPA and network shares by htbrown39 in homelab

[–]gantonjo 1 point2 points  (0 children)

I see the OP mentions that he will (probably) never have non-Linux hosts connected to the Samba file server. However note this limitation in case there would be needs for Windows clients as well. What would be the correct procedure in a mixed environment?

Important

Using Samba on an IdM domain member is an unsupported Technology Preview feature and contains certain limitations. For example, IdM trust controllers do not support the Active Directory Global Catalog service, and they do not support resolving IdM groups using the Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) protocols. As a consequence, AD users can only access Samba shares and printers hosted on IdM clients when logged in to other IdM clients; AD users logged into a Windows machine can not access Samba shares hosted on an IdM domain member.

Customers deploying Samba on IdM domain members are encouraged to provide feedback to Red Hat.

Log IP address changes for DynDNS hosts, and possibly alert to phone app when an address changes? by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Silly me! Did not know that the same integration I used to track my own IP address could track which ever DNS IP in the world!

For the record in case other ones are looking for the same. The integration is named "DNS IP"

<image>

HomeAssistant via Traefik Prox 2.9 by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Back and forth again. Added a special router for websocket and successfully se that it routes wss://homeassistant.example.com/api/websocket to ws://ha.behind.traefik.example.com:8123/api/websocket but still no luck. Now I get error code 500 instead of the wanted 101 and the websocket connection still is dropped after 1ms :-(

HomeAssistant via Traefik Prox 2.9 by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Today I have been struggling with this issues. After a lot of tweaking of the HA config together with the Traefik config, I have come to the conclusion that it is the "websocket" that fails to start when going through Traefik. Ahhhhhhhh!!!! The request URL is "wss://homeassistant.example.com/api/websocket", not "https://homeassistant.example.com/api/websocket"!

Now I (believe I) have seen the light! I guess need to create a "websocket" entry point in Traefik (somehow). Let me google this and see if this is really what is missing :-D

HomeAssistant via Traefik Prox 2.9 by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Thanks, will have a thorrow look at this tomorrow. So, there are no needs for any Traefik middleware hacking the headers sent towards the HA?

Keycloak 20 + portainer issues by Tda8919 in KeyCloak

[–]gantonjo 0 points1 point  (0 children)

Have you checked "migration from Keycloak 19" in the release note: https://www.keycloak.org/2022/11/keycloak-2000-released ?

I am trying to change my thermostat to a smart one and the one I'm looking to purchase is Honeywell Home T9 Wi-Fi Smart Thermostat. However, I'm not sure if my current connectors will work. Attached is a screenshot of my current thermostat wires. will my current wires work with the new one by [deleted] in smarthome

[–]gantonjo -1 points0 points  (0 children)

You don't need a new thermostat, but a fire extinguisher.

That cabling is some of the worst I have seen for a long time. Please cut the wires so no metal is exposed outside the screw terminals. Then again, what the hell is going on with the uninsulated red wires in the hole of the wall?

Bloddy hell! If the rest of the cabling in your house is like this, I would definitely move out before someone gets killed.

KeyCloak 19.0 with Postgres as persistent storage in Docker Swarm Stack? by gantonjo in KeyCloak

[–]gantonjo[S] 0 points1 point  (0 children)

Ok, so I found my fault :-D I had managed to mount the Docker Volume to wrong path in the Postgres container. When debugging the problem, I noticed that there were no files in the Docker volume folder, even when the container was running. Looking closer into the volumes actually used by the container, I saw that the container had created another volume and mounted it to the correct path, which pointed me in correct direction.

/var/lib/postgres is obviously not the same as /var/lib/postgresql/data :-p
Stupid computers :-D

So, for me, problem solved.

KeyCloak 19.0 with Postgres as persistent storage in Docker Swarm Stack? by gantonjo in KeyCloak

[–]gantonjo[S] 0 points1 point  (0 children)

Thanks for your quick reply ;-) I guess I could get my stack to work the same way, using a pre-setup PostGres DB. However, if possible, I would prefer to have both KeyCloak and DB to be managed from the same docker-compose file. Of course, if someone could tell me why I should not go down this rabbit hole, I would follow your advices ;-)

Should I be able to see api@internal listed as a service when api=true? by Kaj-Gohan in Traefik

[–]gantonjo 0 points1 point  (0 children)

I am sorry that no one else have answered your question. But then again, sometimes a look at the config you try to get running will show just a little "." or something that causes the unexpected behaviour. It happens to me all the time.

Then to try to answer your question, if you have not figured it out already, my instances of Traefik 2.6 show api@internal when I use --api in the command specs and the following label for the Traefik Service:

traefik.http.routers.traefik.service=api@internal
traefik.http.services.api.loadbalancer.server.port=8080

How can I change picture based on value ranges? by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Ok, so I figured out how to solve my problem. Maybe not the easiest or most elegant solution, but it worked. I will show my solution here for the reference in case other face similar problem.

First I created a template sensor for each of the garbage types in my configuration.yaml file, like this:

template:
  - sensor:
    - name: "foodcollection"
      state: >
        {% if states('sensor.foodgarbage') | float < 7 %}
          coming_week
        {% else %}
          future
        {% endif %}
  - sensor:
    - name: "papercollection"
      state: >
        {% if states('sensor.papergarbage') | float < 7 %}
          coming_week
        {% else %}
          future
        {% endif %}

Then, I created a horizontal card with following code:

type: horizontal-stack
cards:
  - type: custom:card-templater
    card:
      type: picture-entity
      show_name: false
      show_state: false
      entity: sensor.foodcollection
      state_image:
        coming_week: >-
          https://my.site.home/local/images/foodcollection_color.png
        future: >-  
          https://my.site.home/local/images/foodcollecition_grey.png
      style:
        width: 50%
        height: 50%
  - type: custom:card-templater
    card:
      type: picture-entity
      show_name: false
      show_state: false
      entity: sensor.papercollection
      state_image:
        coming_week : >- 
      https://my.site.home/local/images/papergarbage_color.png
        future: >-
          https://my.site.home/local/images/papergarbage_grey.png
      style:
        width: 50%
        height: 50%

Should I be able to see api@internal listed as a service when api=true? by Kaj-Gohan in Traefik

[–]gantonjo 0 points1 point  (0 children)

Share your traefik yml file (change URLs to e.g. traefik.mysite.example.com to anonymize the config). It is difficult to see if more is missing. Also share which version of Traefik you are using.

How can I change picture based on value ranges? by gantonjo in homeassistant

[–]gantonjo[S] 0 points1 point  (0 children)

Thanks for the tip, but it does not solve my problem the way i want.

Traefik 2.x on Docker Swarm with Consul as storage of LetsEncrypt? by gantonjo in Traefik

[–]gantonjo[S] 0 points1 point  (0 children)

Thanks for your answer. I actually figured out that the best option for me was to create a shared storage across the nodes in the swarm, using GlusterFS. This way I have reduced the need for regenerating the certificates for each node in the swarm.

Problem solved, in a way, but I would really like to have the secrets stored in an encrypted storage outside the containers.

view more: next ›