I fixed it! Shut down the VM, then ran an offline quiescence and that did it:
xe host-call-plugin host-uuid=<Host UUID> plugin=coalesce-leaf fn=leaf-coalesce args:vm_uuid=<VM UUID>
It did take about 45 minutes, but once it was done the space was free. Xencenter is now happily reporting the used space as 4127Gb and a virtually assigned is 4115Gb, it's not perfect, but I'll take it!
I have need of a simple website, one that prompts for an AD username and password, if you enter them correctly you get a "Congrats, you are using the correct username and password" and if wrong, then a "Wrong username and password" page. I could build it from scratch, but I just don't have the time, so a pre-bakes linux install that needs to be slightly customized or a rock solid HowTo is what I need.
Having this in place will help us solve iPad proxy issues we are running into, or at least help us rule out the username and password being entered wrong which will solve ~60% of our iPad tickets and help shape the perception of the issue.
Thanks in advanced!
@IRJ said in Pre-Baked LAMP server with AD Authentication in Apache:
@JaredBusch said
This github project has not been modified in a year, but looks like it will handle things for you.
https://github.com/adldap/adLDAP
Or you can roll your own by setting up mod_auth_ldap in Apache or PHP based LDAP.
Beat me to it.
That looks promising, but I know the pieces are out there, getting linux to do LDAP auth is one thing, but where I fall short is getting that to also work in Apache. All of which I could do if I had the time. Hence my need for a clear simple set of instructions to get it working as quickly as possible.
I took the quote out and now it works....
<Directory "/var/www/html/ad_test">
AllowOverride all
order allow,deny
allow from all
AuthType Basic
AuthName "Please enter your AD credentials"
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
AuthLDAPBindDN [email protected]
#Account used to bind to AD
AuthLDAPBindPassword xxxxxxxx <---- no quotes
#Account Password
AuthLDAPURL ldap://dc.domain.tld:3268/dc=domain,dc=tld?sAMAccountName?sub?(objectClass=*) <---- no quotes
#Server Address for the bind
Require valid-user
</Directory>
So I've been given a little bit of money to buy a software tool to help me with AD. I'd like this tool to:
Yes, I know you can do all of this in powershell, and yes I know there are some free tools out there. But I have tried the free ones and have found none that work, and I simply do not have the time to develop and test powershell scripts for me to use once a year when I do all of this. I am looking for easy point and click and go.
Thanks in advance for your suggestions.
Yeah, this will be a dedicated piece of hardware with the hypervisor on it and just a single VM, the Smoothwall install. Nothing else, and it will not be tied into my existing pool, it will be, for the most part stand alone.
As to the point of no access if things go down, I don't see that as a major issue, because if things go down like that, then I will need to be on site, in which case I would have physical access to the server and will then be able to fix it from there if needed.
This device is how my network is connected to the internet, so if it goes down I have zero remote access, with or without it being virtualized.
Looking at the Edge routers I think this is the way to go. I am going to suggest we get a ERL for the satellite store and and ER-8 for the main store to replace the Netgear that is currently there and quite old.
Looks like the total cost for the two is under $400, which I think I can justify pretty easily.
@scottalanmiller said in Suggestions on a VPN Solution:
@Dashrender said in Suggestions on a VPN Solution:
@coliver said in Suggestions on a VPN Solution:
But I think the big one is that you don't want your firewall to handle switching. You should have an independent dedicated switch for that task.
What's the concern here? The ER-X specifically has a switch chip in it, where the ERL and ER8 don't. Granted I probably wouldn't use the ER-X in a 15+ user environment (though even then that's completely arbitrary and I should only care about bandwidth throughput, not number of users).
It's just not good practice to mash everything into an "all in one" device. You'd never want an AP in your router, and an AP is just a wireless switch. Keep your devices lean and purposeful.
Agreed!
I plan to go with the ERL at both sites, the main site already has a separate switch from the Netgear router, so it'll be a drop in replacement there. At the remote site, I will use the ERL with an 8 port gigabit switch and add in a ubiquiti AP for wireless. Keeps it simple and modular.
For servers I go with Ubuntu Server. Most are running 14, though one or two are 16. We do have one or two CentOS servers, but they were put in place before my time.
For Desktops, I am partial to Ubuntu with the Cinnamon UI, but I spend most of my day in OS X at work and Windows 7 at home. But my work Macbook is due for replacement, so I am considering a high end PC laptop and switching to Ubuntu full time.
So I worked out it needed HVM enabled, so I used the Debian 8 template, which gets the setup going. However it won't detect the HDD controller and therefore I cannot get it installed.
Anyone gotten Smoothwall to run as a VM in Xen? If so, how did you get the HDD to be detected?
The setup does allow for me to insert a driver floppy, but I am unsure about where I'd get the drivers and how would I attach a virtual floppy drive to Xen.
@scottalanmiller said in Smoothwall on XenServer 7.1:
@NerdyDad said in Smoothwall on XenServer 7.1:
Couldn't something like Untangle work for you?
SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.
Precisely. SmoothWall's filtering is heuristic based rather than a traditional blacklist/whitelist type thing.
Plus we've paid them, a lot, so switching now is not really a possibility.
The frustrating thing here is that they have built in support for VMWare, but not Xen.
Are there any good linux substitutions for AD and Windows Server?
The client I have in mind for this is currently running about 10 workstations (Windows 7 Pro), all joined to AD domain. The server is used as a DC, DNS, file server and application server.
My thought was to replace Windows Server with a Linux distro and would smell, taste and look like a Windows AD server to the Windows clients and then split out the Application server onto it's own Windows VM (probably Windows 7, because that is all it really needs).
So what do you guys think? Is there a way to do this for free using Linux?
EDIT: Mods, can you move this into the IT Discussion section. I am not sure how I accidentally posted it here, second post today I've done that with.
@JaredBusch said in Substitutes for Active Directory and Windows Server:
@scottalanmiller said in Substitutes for Active Directory and Windows Server:
You can turn those things off, of course.
Do this.
@scottalanmiller said in [Substitutes for Active Directory and Windows Server]
Or just use CentOS, Fedora, openSuse, Ubuntu, etc. as your Samba 4 base OS. Even FreeBSD is an option.
I would not do that. That requires more advanced knowledge of the pieces needed. Uunless the OP desires to learn those skills, doing things this way would be a waste of time when there are solid products available.
If I could maintain it 8 hours a day 7 days a week, then I would totally build it from scratch. Something that could be fun to do.
However, I can only maintain it from a distance and fleetingly, so having something that is tried and true, offers a solid community and has a time saving front end is what I would need in order to keep them up and running smoothly.
I'll give NethServer a go, since it seems to check the boxes I need.
Yeah, it seems like an extra step that just complicates and confuses things.
Yeah, if he decides not to go back, then he definitely needs to name them somewhere. I am sure local papers would be interested in the story. Though he should make sure that doing so does not expose him to legal action.
Hey guys,
Anyone have a link to a good step by step for setting up a Server 2012 R2 Radius server? The only ones I could find (admittedly this was a few months ago) were for Server 2008 or 2003.
I could also use on on how to setup LDAPs (LDAP over SSL) for Server 2012 R2 as well.
Hi Guys,
I need a "quick" way to wipe 200+ macbooks. The ideal solution would be to boot them from a thumb drive and have them launch a HDD wipe with little to no interaction from the tech (a single are you sure type thing would be ok). Then when the process starts we'd pull the thumb drive and boot the next one.
It does not have to be super wiped, a single pass of a format like command would be just fine.
I tried DBAN on them, and while I can get the CD to boot, I cannot get a thumb drive to boot at all. And with the CD you cannot eject it till after it's done, which is less than ideal.
I found a software called Disk Wiper, which works, but it take 5+ minutes to get it going, multiply that by 200+ and we'd be spending way too much time clicking things to get this done.
Thanks in advance!
EDIT: These are White Unibody macbooks that we are retiring and selling to a third party. We need out data off of them before they take them, though a "light" erase would be fine, we don't need any sort of DoD erasing. Trying to minimize the time spent on each laptop, as adding a single minute to the process makes the entire job take 3 - 4 extra hours of tech time.
Jamf's Casper Suite and DEP. So MDM.
Configurator is not really a management tool, it's a setup tool to get the iPads into the MDM reasonably quickly and with minimal interaction on each device.
@r3dpand4 said in Active Directory - Scripting the adding/removal of users to group:
@anthonyh When you say their username matches a certain pattern what do you mean? Whatever the qualifier is it'd have to be perfectly consistent so you can build a RegEx around it for filtering, but it's definitely doable.
Where does OP say username? He wants to match based on some AD attribute, and in his example he mentioned email domain from the email field. Or did I miss something?
@r3dpand4 said in Active Directory - Scripting the adding/removal of users to group:
@anthonyh You're fine I'm also half dead from a head cold/sinus infection, I just reread the post. Query the groups you're wanting, run a foreach loop against the results, then an if/else statement with the -like switch against whatever the domain is you're wanting to filter to specify your action.
I suspect that the OP is wanting some code examples. At least that's what I'd be after if I were him.
Anthony:
https://technet.microsoft.com/en-us/library/ee617193.aspx?f=255&MSPPError=-2147217396 is a place to start, it'll help you write the bit that get's group members.
https://gallery.technet.microsoft.com/scriptcenter/Getting-Users-ALL-7417b71d - May have some useable snippets to get the info you need from the user.
