@CCWTech said in Unable to connect Ubuntu with Google Online Accounts:

Jun 08 11:15:59 CCW-HAL systemd[3523]: vte-spawn-8b4a59a3-a060-4bdd-92e6-285656bdb9a2.scope: Consumed 3.448s CPU time.
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:01 CCW-HAL gnome-shell[3803]: g_closure_unref: assertion 'closure->ref_count > 0' failed
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started app-gnome-org.gnome.Terminal-10924.scope - Application launched by gnome-shell.
Jun 08 11:16:29 CCW-HAL dbus-daemon[3552]: [session uid=1000 pid=3552] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.167' (uid=1000 pid=10927 comm="/usr/bin/gnome-terminal.real" label="unconfined")
Jun 08 11:16:29 CCW-HAL systemd[3523]: Starting gnome-terminal-server.service - GNOME Terminal Server...
Jun 08 11:16:29 CCW-HAL dbus-daemon[3552]: [session uid=1000 pid=3552] Successfully activated service 'org.gnome.Terminal'
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started gnome-terminal-server.service - GNOME Terminal Server.
Jun 08 11:16:29 CCW-HAL systemd[3523]: Started vte-spawn-9cee1911-372a-4bb4-8b57-694984e43990.scope - VTE child process 10955 launched by gnome-terminal-server process 10931.
Jun 08 11:16:49 CCW-HAL gnome-control-c[8079]: Error showing account: Child process exited with code 1
Jun 08 11:16:53 CCW-HAL gnome-online-accounts-panel.desktop[9764]: GLib-GIO: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)GLib-GIO: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ‘gio-vfs’GLib: unsetenv() is not thread-safe and should not be used after threads are createdGLib-GIO: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’GoaBackend: Loading all providers: GoaBackend: - googleGoaBackend: - owncloudGoaBackend: - windows_liveGoaBackend: - exchangeGoaBackend: - lastfmGoaBackend: - imap_smtpGoaBackend: - kerberosGoaBackend: activated kerberos providerGLib-GIO: _g_io_module_get_default: Found default implementation gnutls (GTlsBackendGnutls) for ‘gio-tls-backend’Failed to create account: Dialog was dismissed
Jun 08 11:16:53 CCW-HAL xdg-desktop-por[3907]: Realtime error: Could not map pid: Could not determine pid namespace: Could not find instance-id in process's /.flatpak-info
Jun 08 11:17:01 CCW-HAL CRON[11093]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jun 08 11:17:01 CCW-HAL CRON[11094]: (root) CMD (cd / && run-parts --report /etc/cron.hourly)
Jun 08 11:17:01 CCW-HAL CRON[11093]: pam_unix(cron:session): session closed for user root
Jun 08 11:17:06 CCW-HAL kernel: WebKitWebProces[11026]: segfault at 55bd22ad9adc ip 000055bd22ad9adc sp 00007ffd1f6adbe8 error 14 likely on CPU 2 (core 2, socket 0)
Jun 08 11:17:06 CCW-HAL kernel: Code: Unable to access opcode bytes at 0x55bd22ad9ab2.
Jun 08 11:17:36 CCW-HAL gnome-shell[3803]: Window manager warning: WM_TRANSIENT_FOR window 0x3a02767 for 0x3a02778 window override-redirect is an override-redirect window and this is not correct according to the standard, so we'll fallback to the first non-override-redirect window 0x3a006dc.
Jun 08 11:17:42 CCW-HAL systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
Jun 08 11:17:42 CCW-HAL systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Jun 08 11:17:42 CCW-HAL systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
Jun 08 11:17:42 CCW-HAL systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
Jun 08 11:18:10 CCW-HAL gnome-shell[3803]: Window manager warning: WM_TRANSIENT_FOR window 0x3a029e2 for 0x3a029f0 window override-redirect is an override-redirect window and this is not correct according to the standard, so we'll fallback to the first non-override-redirect window 0x3a006dc.

Looks like it may be a known bug: https://launchpad.net/bugs/2019739

@Pete-S said in Debian 11 & php8:

Not a challenge at all but the reason to run "stable" is for stability.

Once you start abandoning the integration, though, you are abandoning stability. The idea of using an LTS and then replacing the parts of the OS that aren't up to date is counterproductive. Choose the most up to date, best supported, most stable version and use the fully tested and integrated components instead.

The idea of "stable" is not stability in IT terms, that's a myth. It's actually against that. The idea of current is for IT stability. Stable, in reference to an OS like this, is in reference to the versions of products remaining stable so that unsupported, out of date software from bad vendors can be used without updating for long periods of time. Not a positive stable, it's a bad stable.

@WrCombs said in Reboot resets Desktop Win 10 -:

So found out the user is actually corrupt, this is the 4th time this has happened according to the internal IT team, and they're looking to get the PC replaced

It’s always best to replace a corrupt user. The can leave so much of a mess.

@d-cunnings
I realize this is nearly a year old but you can actually just backup the AAD user profile with USMT as USMT will see the profile as a local profile.

We have done this using USMTGUI previously

@lilyleiden said in User migration to azure:

We just tested migrating a small batch of test users to our new Azure tenant.

While migrating the PC/user account was no problem, the fact that people get a completely blank user profile, certainly was a showstopper!!

Many of our users has had their AD profile for years, even a decade and has a lot of individual settings, ways to work, shortcuts, quick links, favorites/browser cached passwords etc. and they loose all that.
Management has currently halted the process due to the protests.

So I am on the lookout for a way to link/migrate the old profile/profile settings, when Azure joining the PC?

As far as I know, the only option is using third party software. There are several options.

We have for many years used USMTGUI from Ehlertech for domain profiles (USMTGUI use USMT for local and Domain profiles) but USMTGUI (corporate edition) also has a really simple to use function for migrating a profiles content to an AAD user, after the PC has been joined to Azure.

As said there are several third party options but as we already knew USMTGUI prior to switching to Azure, and USMTGUI makes it possible to handle all scenarios with one program, we have not really tried any of them.

@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

Source NAT rules. No clue how this work on UniFi though.

On an EdgeRouter it looks like this.
946132be-32b8-4225-9f4a-75634d00754b-image.png

08dbe439-afef-4e97-9a09-d72b48ca19bb-image.png

I assume it goes here in UniFi.
d70f4ee8-a60f-4803-b5da-df26f0d19ce5-image.png

1ffc5074-9466-441d-a320-32fd181f3fa0-image.png

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

There's no user ever authorized to just connect.

The application user is always connecting. Repeatedly.

@Dashrender Check this thread
https://learn.microsoft.com/en-us/answers/questions/955731/who-deleted-an-appointment-from-a-shared-calendar

LOL...absolutely!

SAM...making IT better for humans...have an extra avatar on us....

@melvinsilva said in Ubiquiti - UDM + APs - Guess Wireless Affecting POS Traffic:

If the GUEST network is activated, the POS network traffic is degraded

Have you checked to see if the network is saturated? Does this happen when it is activated only, or only when guests are there using it too?

Check out WingetUI, which can manage packages for choco, scoop, and winget.

@Mario-Jakovina said in Should I give my SSN to a U.S. Senator?:

I am not US citizen, but I do not see what is a big deal about giving your SSN to anybody?
Isn't it just a unique number of a citizen in public records? It is not some secret code, right?

They're not even unique!

SSN are not supposed to be used as an ID, but they are used as a form of ID a LOT.

Side question: When does 23.04 get moved into LTS mode?

@BraswellJay said in What determines the interface that SIP RTP streams over ...:

@BraswellJay

I finally figured out what was causing my issue.

In FreePBX under Settings->Asterisk SIP Settings there is a parameter to set the External Address used. I had this still set to the public IP of the original interface. Once I changed that parameter to the public IP of the new interface then all started to work over the new interface as expected.

Glad you sorted it out. Good work!

@Dashrender I concur about the Networking Essentials material. Good then and lot of it still relevant today. 😉