@JaredBusch said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
Disabling of Basic Auth should have done nothing.
If the security setting are changed on an account it makes sense to force users to reauthenticate. It might even be best practice.
I think it works the same on other providers.
But there should be some better mechanism regarding authentication in ios and android.
@scottalanmiller said in Does the end of O365 Basic Authentication mean no more app passwords:
@Pete-S said in Does the end of O365 Basic Authentication mean no more app passwords:
@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:
Customer has a LoB application called Enfocus Switch.
It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.
It stopped retrieving email on the morning of Wednesday October 12th.
Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.
The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.
That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.
We have customers doing that. Setting up MailCow to get past all the primary vendor security systems.
That makes sense.
I think you could probably run a bare mailserver with just dovecot as well. Since it only needs to handle incoming email from Microsoft and be an IMAP server, there's a lot things that becomes irrelevant - like spam detection, ip reputation etc.
I don't know if Mikrotik is in stock for you, but they have routers in the same low price range as Ubiquiti.
We've been looking at the more advanced powerful models but haven't actually done any testing yet.
It seems that their models run RouterOS and have all features unlocked regardless of the cost of the unit. They do have a couple of different generations of Router OS though.
@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:
Customer has a LoB application called Enfocus Switch.
It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.
It stopped retrieving email on the morning of Wednesday October 12th.
Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.
The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.
That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.
@JaredBusch said in UFW or IPTABLES:
@Pete-S said in UFW or IPTABLES:
So I think the current recommendation is to either stick to
ufworfirewall-cmdor just usenftdirectly.I try to. This was the first time I've had a need to go outside the box of
ufworfirewall-cmdto use directiptablesin years.
Yes, it's only when you need more control.
I've looked into this before and it wasn't not super obvious how all these tools interact. But nowadays ufw and firewalld are services to manage nftables. nftables itself manages the netfilter packet filtering mechanism in the kernel.
The ability to use iptables are just for legacy reasons and they're converted to nftables rules behind the scenes.
Since ufw (canonical project) and firewalld (redhat project) where initiated when iptables was used, I'm not sure their existence is warranted in the same way. At least not by sysadmins.
I'm looking at setting firewall rules automatically in a project and it seems like using nftables directly makes the most sense. That said I have to learn nftables first 
@JaredBusch said in UFW or IPTABLES:
@Pete-S said in UFW or IPTABLES:
So I think the current recommendation is to either stick to
ufworfirewall-cmdor just usenftdirectly.I try to. This was the first time I've had a need to go outside the box of
ufworfirewall-cmdto use directiptablesin years.
Looks like you have to add it in ufw config file etc/ufw/before.rules since there is no command for it.
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5443
COMMIT
https://www.arubacloud.com/tutorial/how-to-manage-and-forward-ports-with-ufw-on-ubuntu-18-04.aspx
With firewalld you can do:
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=public--add-forward-port=port=443:proto=tcp:toport=5443
https://linoxide.com/how-to-configure-firewall-with-firewalld/
@Pete-S said in UFW or IPTABLES:
@JaredBusch
I think ufw can collide with manual rule entering because ufw handles persistantency on it's own.A few years back debian & ubuntu also switched to nftables. So rules written in iptables format works but are obsolete.
So I think the current recommendation is to either stick to
ufworfirewall-cmdor just usenftdirectly.
Just checked and according to linode the following or newer uses nftables:
@JaredBusch
I think ufw can collide with manual rule entering because ufw handles persistantency on it's own.
A few years back debian & ubuntu also switched to nftables. So rules written in iptables format works but are obsolete.
So I think the current recommendation is to either stick to ufw or firewall-cmd or just use nft directly.
@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:
@Pete-S said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:
@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:
We've installed Ubuntu 22 a number of times reaching various points towards the goal of hosting multiple WordPress sites in a single Ubuntu v22.04 (as of this writing) using one MariaDB instance with multiple databases set up within.
Just a heads up, but there are actually several reasons to avoid this.
Professional hosting companies for example never do it.
It's simply better to run the sites isolated from each other, for example using VMs or containers like LXC. You can still use a common MariaDB server if you like.
It's more secure and it's more flexible and the overhead is insignificant.
But you may of course have your reasons for wanting to do it
Yeah, I looked into installing the latest package and it didn't want to so I left it.
Reason is n00b. It's a learning process that will give us the foundation to build on as knowledge develops.
Well, we're all beginners at first.
But yeah, you should for sure look at installing ubuntu's nginx package:
apt install nginx
Don't use the nginx' ubuntu package from nginx' repositories. That's for advanced users that use them for specific reasons. They are not the same.
A package contains not just the software needed, but also installations scripts, default configurations and other things. That's why you want to use the official ubuntu package and not nginx' ubuntu package. It significantly increases the chance that you can upgrade your ubuntu server to a newer version without problems.
When searching for installation help, don't search for nginx, search for ubuntu nginx. Check out the link I gave in an earlier post. If a guide uses nginx repositories then look elsewhere.
Always set up the webserver with the different sites first, then look at installing wordpress, mariadb etc.
But yes, installations guides are often a mess. A lot of time people posts guides what worked for them but it's not always the best way or current way of doing things.
Sometimes guides also assumes you having certain packages already installed, which you might not have.
PS. Here is another guide that should work pretty well:
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04
@PhlipElder said in Need: How-To Step-by-Step for Multiple WordPress sites on Ubuntu 20/22 LEMP:
We've installed Ubuntu 22 a number of times reaching various points towards the goal of hosting multiple WordPress sites in a single Ubuntu v22.04 (as of this writing) using one MariaDB instance with multiple databases set up within.
Just a heads up, but there are actually several reasons to avoid this.
Professional hosting companies for example never do it.
It's simply better to run the sites isolated from each other, for example using VMs or containers like LXC. You can still use a common MariaDB server if you like.
It's more secure and it's more flexible and the overhead is insignificant.
But you may of course have your reasons for wanting to do it
https://ubuntu.com/tutorials/install-and-configure-nginx
Just for installing nginx with multiple sites.
First step is to use the official ubuntu package. There are several reasons for this but too much to go into right now.
@bbigford said in Misc go-to FOSS options:
Server OS...
Debian (not used a ton, not sure why, pretty barebones)
Debian is widely used but not widely marketed because there are no commercial interests controlling it. It's 100% community-based and community-controlled, just like the Linux kernel project.
So it's not a community sponsored by a company, unlike many other distros.
That's why is been around for a long time and why it's the base for many other distros, like Ubuntu.
Personally I like it for it's versatility to be whatever I need it to be.
@PhlipElder said in Typical services and software in SMBs?:
@Pete-S said in Typical services and software in SMBs?:
Besides the obvious Microsoft/Google/xxx for mail and office apps - what type of services or workloads are SMBs interested in? What are they spending their IT-"budget" on? What kind of business problems are they looking to solve with IT?
I'm wondering because large companies have a lot of problems or opportunities for improvement, but a lot of those comes from the fact that they are large. So small companies wouldn't have the same type of problems.
Some of you work with SMBs all day so I bet you have a pretty good grip of the situation.
Heh, all of our clients are on-premises for mail and collaboration with some being hybrid with Azure AD and O365 strictly for Teams integration.
There's a strong on-premises market niche so we've stuck with it. :0)
Nothing wrong with serving a niche. But I'd say the customers are spending their dollars on mail & office apps - regardless if they're using on-prem or cloud services.
I'd always thought that the ones running on-prem was perhaps medium sized businesses that had enough scale for it to make economic sense.
@scottalanmiller said in Typical services and software in SMBs?:
I think most SMBs have some degree of LOB applications that they also depend on. Those are very hard to identify because they are per industry.
I was thinking LOB and PBX should be pretty common, either as a service or selfhosted.
@WrCombs said in Blue Stacks:
Anyone use Blue Stacks for gaming?
I use it for work but was looking to get into some more gaming in my free time.
I've used LDplayer which is specifically aimed at gamers. No issues with any games (or other apps) but I'm not a big gamer.
You should try them both. I think game performance is also depending on your PC.
Another related thing I've been pondering is if SMBs actually turn to MSPs/ITSPs for advice on solving business problems?
Or is it the MSPs/ITSPs that approach the SMBs with suggestions for improvement?
Or are MSPs/ITSPs just doing the work that the customer wants?
Besides the obvious Microsoft/Google/xxx for mail and office apps - what type of services or workloads are SMBs interested in? What are they spending their IT-"budget" on? What kind of business problems are they looking to solve with IT?
I'm wondering because large companies have a lot of problems or opportunities for improvement, but a lot of those comes from the fact that they are large. So small companies wouldn't have the same type of problems.
Some of you work with SMBs all day so I bet you have a pretty good grip of the situation.
@scottalanmiller said in ps2 to usb adapters:
If I really think about is, most keyboards prior to PS/2 were using more traditional serial adapters. Which were digital. Duh.
Actually the first IBM PCs used the same type of electrical interface but a different connector, a 5 pin DIN.
The mouse was a real 9-pin serial DSUB at first though. If my memory is correct LOL
@scottalanmiller said in SSH jump server access control?:
The challenge is really that you have to identify a person on the network separately from their identity to applications. Generally networks are not user aware.
I believe the user-based network restrictions only extends to the target server(s). So outbound from the jump server. (As you said one jump server / IP per user and then firewalled off would be one way to do it).
So someone could potentially move laterally efter they have logged in to the target server. But other servers will probably only accept connections from jump servers so it would be hard. Which is on purpose of course.