I have written articles on how to start using RealmD and SSSD for integrating ubuntu into a windows network. However, prior to that I wrote an article on using PBIS. RealmD and SSSD is, by far, the superior method IMHO and experience, so for all of those folks that want to switch, you probably want to get rid of PBIS on a bunch of servers. To that end, I just wanted to drop a line (for myself and anyone else that needs it) on how to remove an existing PBIS install on a server.
Thankfully, PBIS did make it pretty easy, the two following commands will get you there:
sudo /opt/pbis/bin/domainjoin-cli leave
sudo /opt/pbis/bin/uninstall.sh uninstall
The first command disconnects/unjoins your server from the domain. The second command removes PBIS.
There is probably some additional cleanup that can and should be done as well but I think that the above will at least clear the way for working with SSSD and RealmD.
For this tutorial I will be walking through how to use a tool called Realmd to connect an Ubuntu Server or Ubuntu Desktop system to a Windows Active Directory Domain.
In the past I wrote an article talking about how to use Powerbroker Identity Services to do the same thing, but the scope of the article was limited to the server version of Ubuntu only. Furthermore, it has since been my experience that PBIS is an unreliable solution at best.
Part of the confusion I have had on this issue in the last two years has been in thinking that there are only one or maybe two ways to make an Ubuntu Desktop/Server OS connect to a Microsoft Active Directory domain and they both used the same underlying stuff. In fact there are more like 10 different ways to do it all using a mix and match of different technologies.
Finally, I don’t like proprietary stuff. PBIS, while having a free version, was still proprietary. Today we will be using a suite of tools called SSSD. SSSD was created by Redhat and it’s opensource. Furthermore we will be using RealmD, which is a “wrapper” of sorts for SSSD that makes it easier to setup and configure. That’s the short of it. Let’s get started. (more…)
One of the things I wanted to get from my OpenVPN Access Server was a usage report that would be emailed to me regularly. OpenVPN Access Server writes such logs to a file in /var/log on Ubuntu and Debian based systems. However it also writes a lot of other things. So I first started by examining the log. The key information I wanted was:
Date and Time of Successful Connections
In my setup, OpenVPN connected users are put into a unique IP subnet and assigned an address by a DHCP server that is part of Access Server. All very easy to setup. In digging through the logs I found entries that are made whenever an IP address is assigned to a newly connected user.
An entry looked something like this: (more…)
You have two servers that both run linux. An origin server and a target server. You want to open up an SSH connection as the root user from the origin server to the root user account on the target server. Furthermore, you do not want to be prompted for a password but you still want it to be relatively secure.
Do you work with MySQL? I do… quite a bit.
Do you often script stuff on your server to make your life easier? I do that as well… quite a bit…
Are you including your database user account and password (or worse… your mysql instance root user account and password!) in plain-text in your script… I was doing this… and it is bad practice from a security standpoint for sure…
Okay, so if you have a bunch of scripts (and I have several for database maintenance and database backups) floating around and many of them contain your MySQL root user account credentials… that can be a real issue. There is a better way!