@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

Source NAT rules. No clue how this work on UniFi though.

On an EdgeRouter it looks like this.
946132be-32b8-4225-9f4a-75634d00754b-image.png

08dbe439-afef-4e97-9a09-d72b48ca19bb-image.png

I assume it goes here in UniFi.
d70f4ee8-a60f-4803-b5da-df26f0d19ce5-image.png

1ffc5074-9466-441d-a320-32fd181f3fa0-image.png

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

There's no user ever authorized to just connect.

The application user is always connecting. Repeatedly.

@Dashrender Check this thread
https://learn.microsoft.com/en-us/answers/questions/955731/who-deleted-an-appointment-from-a-shared-calendar

LOL...absolutely!

SAM...making IT better for humans...have an extra avatar on us....

@melvinsilva said in Ubiquiti - UDM + APs - Guess Wireless Affecting POS Traffic:

If the GUEST network is activated, the POS network traffic is degraded

Have you checked to see if the network is saturated? Does this happen when it is activated only, or only when guests are there using it too?

Check out WingetUI, which can manage packages for choco, scoop, and winget.

@Mario-Jakovina said in Should I give my SSN to a U.S. Senator?:

I am not US citizen, but I do not see what is a big deal about giving your SSN to anybody?
Isn't it just a unique number of a citizen in public records? It is not some secret code, right?

They're not even unique!

SSN are not supposed to be used as an ID, but they are used as a form of ID a LOT.

Side question: When does 23.04 get moved into LTS mode?

@BraswellJay said in What determines the interface that SIP RTP streams over ...:

@BraswellJay

I finally figured out what was causing my issue.

In FreePBX under Settings->Asterisk SIP Settings there is a parameter to set the External Address used. I had this still set to the public IP of the original interface. Once I changed that parameter to the public IP of the new interface then all started to work over the new interface as expected.

Glad you sorted it out. Good work!

@Dashrender I concur about the Networking Essentials material. Good then and lot of it still relevant today. 😉

@ITivan80 said in What are you using to open HEIC files?:

Maybe you want to try the following software:

https://www.freeconvert.com/heic-to-jpg

I have done this many time and it has worked.

We have an Adobe subscription. I hadn't even thought of running a batch on the .HEIC files to convert them. It's something to look into thanks!

Not totally certain on this, but here are some additional factors.

recent Windows updates Dell Disk Protection (DDPE)in use

Thus far, the following has been working:

Outlook

Rename OST file and allow to rebuild

Word, Excel, etc

Sign out of the O365 account Delete all O365 / Office saved credentials Delete all folders that end with CACHE in the %localappdata%\Microsoft\Office\16.0\ Delete Word Normal.dotm Delete the Auto Correct file (no aways) at C:\Users\Name\AppData\Roaming\Microsoft\Office - generally just deleted them all Sign into Office using Word or Excel

@Laksh1999 said in HTML Form filling Integrating through GCP Serverless:

@Pete-S said in HTML Form filling Integrating through GCP Serverless:

API integration that allows you to submit tickets directly from other places, like a website.

How to create an api to send the email to the helpdesk email from the google form?
Here the user send an email to helpdesk email to create a ticket for their daily issue

API is the last resort and only needed in special cases.

And you don't need google forms at all.

Helpdesks like zendesk, freshdesk, zoho desk etc have widgets. It's some html/javascript you insert into your web site and a customizable form will appear.

When the user submits the form a ticket will be created with all the right information in the proper fields.

Search for the name of your helpdesk and widget and you'll find it.