@scottalanmiller said in Does the end of O365 Basic Authentication mean no more app passwords:

@Pete-S said in Does the end of O365 Basic Authentication mean no more app passwords:

@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.

That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.

We have customers doing that. Setting up MailCow to get past all the primary vendor security systems.

That makes sense.

I think you could probably run a bare mailserver with just dovecot as well. Since it only needs to handle incoming email from Microsoft and be an IMAP server, there's a lot things that becomes irrelevant - like spam detection, ip reputation etc.

@JaredBusch said in UFW or IPTABLES:

@Pete-S said in UFW or IPTABLES:

So I think the current recommendation is to either stick to ufw or firewall-cmd or just use nft directly.

I try to. This was the first time I've had a need to go outside the box of ufw or firewall-cmd to use direct iptables in years.

Yes, it's only when you need more control.

I've looked into this before and it wasn't not super obvious how all these tools interact. But nowadays ufw and firewalld are services to manage nftables. nftables itself manages the netfilter packet filtering mechanism in the kernel.

The ability to use iptables are just for legacy reasons and they're converted to nftables rules behind the scenes.

Since ufw (canonical project) and firewalld (redhat project) where initiated when iptables was used, I'm not sure their existence is warranted in the same way. At least not by sysadmins.

I'm looking at setting firewall rules automatically in a project and it seems like using nftables directly makes the most sense. That said I have to learn nftables first 🙂

@PhlipElder said in Misc go-to FOSS options:

@scottalanmiller said in Misc go-to FOSS options:

@PhlipElder said in Misc go-to FOSS options:

@scottalanmiller said in Misc go-to FOSS options:

@PhlipElder said in Misc go-to FOSS options:

@scottalanmiller said in Misc go-to FOSS options:

@PhlipElder said in Misc go-to FOSS options:

@scottalanmiller said in Misc go-to FOSS options:

@PhlipElder said in Misc go-to FOSS options:

Workloads are multiple WordPress sites on one Ubuntu server OS (boy, what a lot of fun it is trying to get any documentation that gives a clear step-by-step ... just blew up the server for the umpteenth time now need to figure out what broke it as search sucks at this point for me) as well as Mastodon.
We'll be setting up some SFTP sites for clients once we get the WordPress sites online.

It's not terrible, but yeah, there is a surprising lack of documentation on that. It's like the single most common Linux server task and it seems no one knows how to do it.

I can only imagine that there was a time when everyone knew how to do it and because of that, stopped teaching it, and now no one knows. But you need it constantly.

Wow, no kidding.

The number of "How to set up WordPress multiple sites on one VPS/Ubuntu Server" articles is crazy and they're all somewhat different. Plus, there's "multisite" which is *.domain.com hosting subdomain sites. We don't want that.

Got a good How-To pointer? Please & Thanks?
*Sorry for co-opting the thread.

I really need to make one. BUt that's not going to be a "this week" item as I'm in Costa Rica for my anniversary.

My team needs it too. I should be able to hand this stuff off to them easy peasy and I can't.

Happy anniversary. How many years?

Understood.

19 married, 21 together!

Suweet. December is 20 for my wife and I. It's been an amazing ride. :0)

Cool, almost the same. Pre-emptive congrats to you as well.

Ta.

Looking forward. Have lots of surprises for her.

nice

@scottalanmiller said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:

Wow, talk about documentation fragmentation. 😞

We've installed Ubuntu 22 a number of times reaching various points towards the goal of hosting multiple WordPress sites in a single Ubuntu v22.04 (as of this writing) using one MariaDB instance with multiple databases set up within.

NGINX is set up and the server blocks are in place.

This last go-around we managed to get three sites up and running without issue. Once the fourth went in all of a sudden the server would only serve one of the sites no matter what URL was being requested.

Certificates are being handled by RapidSSL as a personal preference. We've not had any issues there.

Please and thanks.

And, crash and burn again. :0(

As soon as I install the second site the server only pushes the last one set up. sigh

I bet it is a matter of being in alphabetical order. That causes a lot of "mystery" issues in this kind of setup.

e41cb55e-8ce3-44bc-9655-be3ad311d3f1-image.png

I fat fingered it. The ">" at the end of the domain for server_name is what did it.

Since all of the setup files were copy and paste, whenever that got introduced it carried onwards.

Because of the wiring in my head when it happened the first time I didn't see it. So, I flattened everything and started fresh. When it happened the second time I took the time to look at the original reference server block because it was seemingly obvious that I'd done something.

@syko24 I didn't have a closing } in one of my sections so it was ignoring some of the config. Fixed.

Thanks!

Found the problem and fixed it.

For anyone else having this problem:

sudo nano /etc/default/grub

Change this line: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
To: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset"

sudo update-grub

Youtube Video

@scottalanmiller said in ps2 to usb adapters:

analogue.

analogue, eh?

@DustinB3403 said in Microsoft Finally Deprecated WINS:

@scottalanmiller Finally. . . I have a customer who insists that WINS is as good as it'll ever get. . .

Now maybe I can put their nose into it. .

How many clients even know what it is? Wow.

@Pete-S said in New server q's:

@siringo said in New server q's:

Those last 2 posts are spot on Scott.

If I were to deploy a solution that was different to what everyone else was deploying, even if it was cheaper, better, faster, more resilient etc, I'd be lambasted by others simply because it was different and more likely, not understood.

That can lead to unhappy management, which can then lead to all sorts of grief for me.

This is obviously, not what I want.

Thanks for all the info & advice, it is greatly appreciated.

So you should buy the same old server model from 2016 to stay consistent with what they currently know 🙂

Unfortunately yes.

It comes under the job preservation title. I live in area where IT work is extremely hard to secure due to there not being much of it, so rocking the boat is not a good move.

this goes back to 2016, but sounds just like what you're experiencing:

*Symptoms

After you apply this update on a Remote Desktop Session (RDS) host, some new users cannot connect to an RDP session. Instead, those users see a black screen, and they are eventually disconnected. This issue occurs at unspecified intervals.*

https://support.microsoft.com/en-us/kb/3179574

Chrome is managed by GPO,… but computer not moved. We had another computer pop up with the issue Friday so issue is growing.

@JaredBusch said in KVM networking with libvirt (virsh) questions:

I assume that Debian 11 uses NetworkManager? I don't have a clean Debian system running KVM to check.

If so nmcli and its related commands are your friend.

Thanks Jared.

Reading about nmcli and seeing your screenshots led me to understand that macvtap devices are only active when the VM is actually running.

Using ip link I can now see the macvtap device on the host. One for each VM connected.

7ad85ba6-1b7b-40a2-aa7a-d8e12988683f-image.png

@Pete-S said in Save shell session to disk?:

That's why you should launch ssh like this:
ssh user@192.168.1.1 -t screen -RR
If you don't have a session going it will create one.
If you had a session going but it was interrupted, it will reconnect to it automatically.

@JaredBusch said in Save shell session to disk?:

I do not like to launch screen for no reason.

@scottalanmiller said in Leveraging Zoho Connect:

@Pete-S said in Leveraging Zoho Connect:

So I would disable feeds, groups, channels and ideas from Connect. Streamline it. Use it as a "static" information hub with manuals, links to all apps you use, phone directory (people) and whatever else you might need that is static. Have it setup as the starting page in the browser where applicable.

Trying this, but can't find where to disable.

Try settings on the right top edge.

Should look like this:
d0cf8d16-4fc0-45bb-b09b-eb0d4da5ad7d-image.png

I haven't tried which options can be disabled and which cannot.

But under Apps & Features there are some options:
5ae48811-169d-434a-8cca-7a64dfc9472c-image.png

@JasGot said in Unattended remote access utility/ computer:

@scottalanmiller said in Unattended remote access utility/ computer:

@JasGot said in Unattended remote access utility/ computer:

@ElecEng said in Unattended remote access utility/ computer:

I have been using these recently and love them plus they give you BIOS-level access and virtual media with no limitations.

https://tinypilotkvm.com/?ref=ga3&gclid=CjwKCAjwyaWZBhBGEiwACslQo4pjQM3MLVoZgitDcyDn41jEzDcbBF3k29MzbVb8urtl0MIDuJQ49hoCJ0wQAvD_BwE

This too:
https://www.lantronix.com/products/lantronix-spider/

Same issues though, no computer to access and would need one for every machine if they existed.

No. You install it on one computer and then remote (ie; RDP) into all of the others. I only pointed it out because it gives you access to the bios and pre-boot screens like tiny pilot, which can be handy.

They are handy, for sure. I was just pointing out that in order to get those features everywhere, you have to deploy those everywhere.

Audio device settings in Teams:

Teams audio settings.png