I’m building a telescope, of which more anon. I don’t want to build a mount for it, so I’m going to use my existing Mead GOTO mount. This means that:
We generally connect to backend servers via a jump-box or bastion host. On Windows this means RDP into the jump-box, then RDP from the jump-box to the backend server. However, recently a Windows update meant that the jump-box (which had the update) couldn’t RDP to the backend server (which hadn’t got the update). No RDP => no access to update the VM to restore RDP. Lots of fun!
In that case I managed to use Remmina from a Linux box to access the backend directly; however since we are going to hit this issue again we needed a better fix.
Cue PowerShell; this is deployed via Octopus so will work when RDP doesn’t. As an additional perk it means updating becomes much easier.
Continue reading
This gallery contains 4 photos.
Just finished some radiator cover brackets: One of the really great things about having a workshop is being able to make exactly the right bracket to solve a simple problem. Saves all that wandering round a DIY shop looking for … Continue reading
Joining Active Directory is currently a manual operation. There is no reason why it couldn’t be done by SaltStack – that is left as an exercise for the reader! Continue reading
You need to keep the time consistent across your machines for a number of reasons – not the least is basic sanity. AD needs the time consistent as otherwise Kerberos won’t work. Standard practice is to use the DC as the time source. Fortunately NTP makes it pretty easy.
Continue reading
This post finishes off the key parts of the AD configuration.
sssd-pkg: pkg.installed: - name: sssd
Continuing AD with SaltStack; onwards with Samba!
samba-pkg: pkg.installed: - pkgs: - samba - samba-common
SaltStack provides an easy, fast way to manage systems – from one to thousands. One of its key capabilities is configuration management – “make it look like this” – and this series of posts describes how to implement the AD join described in a previous post. Continue reading
Sometimes it is handy if users are managed somewhere other than /etc/passwd – somewhere central. Sometimes this happens to be Active Directory.
This post describes an approach on Debian Jessie against AD on Windows 2016 based on this excellent RedHat Guide’s Configuration 3 – SSSD/Kerberos/LDAP. It works very well for me. If you use a Debian-based distribution (Ubuntu, Debian etc) then hopefully it will work for you too.
I originally published this data on the Debian Wiki; I intend to expand it somewhat here.
Martin's Blog 