@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

Source NAT rules. No clue how this work on UniFi though.

On an EdgeRouter it looks like this.
946132be-32b8-4225-9f4a-75634d00754b-image.png

08dbe439-afef-4e97-9a09-d72b48ca19bb-image.png

I assume it goes here in UniFi.
d70f4ee8-a60f-4803-b5da-df26f0d19ce5-image.png

1ffc5074-9466-441d-a320-32fd181f3fa0-image.png

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

There's no user ever authorized to just connect.

The application user is always connecting. Repeatedly.

@Dashrender Check this thread
https://learn.microsoft.com/en-us/answers/questions/955731/who-deleted-an-appointment-from-a-shared-calendar

Hello,

First of all, let me thank you for your wonderful work. This made our lives much easier...

If you don't mind, I would like some help: I'm running this script on 2 FreePBX machines, both are practically the same. On one machine, I have no problems viewing contacts with more than one number (In both the XML file and on the phone itself).
However, on the other machine, I can only see on phone number for each contact, even if they have more than one phone number, again, it happens both when I visit the XML file directly from a browser and on the phones.
I can't think of any difference between both the pbx's.

I'd appreciate your help and I'll be happy to provide additional details, logs, info, etc..

Thanks a lot!

LOL...absolutely!

SAM...making IT better for humans...have an extra avatar on us....

@melvinsilva said in Ubiquiti - UDM + APs - Guess Wireless Affecting POS Traffic:

If the GUEST network is activated, the POS network traffic is degraded

Have you checked to see if the network is saturated? Does this happen when it is activated only, or only when guests are there using it too?

Check out WingetUI, which can manage packages for choco, scoop, and winget.

@gjacobse said in WINGET: Not available on Win10.:

Why would Winget not be available on a brand new device with the most updated build?

All my reading has stated that it is native since 1709..

Okay - been to many days since I found this. Seems that yes,.. on a fresh OEM install of Win10 it is not there.

After being fully updated it has been there. So - might just be the Media Creation Build in use that it isn't on. Which is fine with me.

@Mario-Jakovina said in Should I give my SSN to a U.S. Senator?:

I am not US citizen, but I do not see what is a big deal about giving your SSN to anybody?
Isn't it just a unique number of a citizen in public records? It is not some secret code, right?

They're not even unique!

SSN are not supposed to be used as an ID, but they are used as a form of ID a LOT.

Side question: When does 23.04 get moved into LTS mode?

@BraswellJay said in What determines the interface that SIP RTP streams over ...:

@BraswellJay

I finally figured out what was causing my issue.

In FreePBX under Settings->Asterisk SIP Settings there is a parameter to set the External Address used. I had this still set to the public IP of the original interface. Once I changed that parameter to the public IP of the new interface then all started to work over the new interface as expected.

Glad you sorted it out. Good work!

@Dashrender I concur about the Networking Essentials material. Good then and lot of it still relevant today. 😉

@ITivan80 said in What are you using to open HEIC files?:

Maybe you want to try the following software:

https://www.freeconvert.com/heic-to-jpg

I have done this many time and it has worked.

We have an Adobe subscription. I hadn't even thought of running a batch on the .HEIC files to convert them. It's something to look into thanks!

Not totally certain on this, but here are some additional factors.

recent Windows updates Dell Disk Protection (DDPE)in use

Thus far, the following has been working:

Outlook

Rename OST file and allow to rebuild

Word, Excel, etc

Sign out of the O365 account Delete all O365 / Office saved credentials Delete all folders that end with CACHE in the %localappdata%\Microsoft\Office\16.0\ Delete Word Normal.dotm Delete the Auto Correct file (no aways) at C:\Users\Name\AppData\Roaming\Microsoft\Office - generally just deleted them all Sign into Office using Word or Excel