Is there a way in Kubernetes to list all API endpoints currently available? So that I can get an updated list of all possible API endpoints as long as I have at least one valid API endpoint.
I'm trying to create a bridge device for host to virtual machine only communication with systemd networking.
Currently I have a netdev and a network file. The bridge is created after a restart of networking but it does not get the IP assigned nor is it up.
The only hint I currently have that something is amiss is a journal entry: ADDRCONF(NETDEV_UP): intbr0: link is not ready
Am I missing something for bridges without an assigned physical device?
Netdev file:
[NetDev]
Name=intbr0
Kind=bridge
Network file:
[Match]
Name=intbr0
[Network]
Address=10.110.0.1/24
Does anyone know if IIS supports certificates signed with sha256ecdsa?
If viewed with openssl, i have the following parameters: Signature Algorithm: ecdsa-with-SHA256 Public Key Info: NIST CURVE: P-384
The problem is with this certificate I can't get a successful TLS handshake. I wonder if the problem is the signature algorithm or the ECDSA curve (both the certificate and the CA use P-384 public keys).
I have the following setup:
- Two Domain Controllers in different sites (both Windows Server 2016) -The sites are permanently connected via a VPN (so the servers can directly reach each other)
- The Domain Controllers are in different subnets
- The Domain Controllers are both Global Catalogs
The problem I have is with the syncing/replication of SYSVOL content. It was syncing fine, but after the reboot of one of the servers it doesn't seem to sync/replicate anymore, while GPOs still sync/replicate without any problem.
Are there any ways to debug the replication of the SYSVOL content, or tools you would recommend to monitor the SYSVOL replication?
Thanks
I'm searching for information about how to integrate U2F (using YubiKey or similar devices) into an Active Directory Windows Domain (Will be a Windows 2016 Server). Especially I'm interested in securing the windows logon to workstations/servers to require a U2F token as a second factor (password only should not work at all).
In short the goal is that each authentication is either done via password+U2F token or using kerberos tokens.
Any hints where to find further information about this specific scenario or lessons learned would be great.
I got a few questions about Kerberos with Active Directory, specifically about the ktpass tool.
The example AD I'm using (everything is on 2012R2 level):
Active Directory Domain Name: ad.example.com
Domain Controller: dc.ad.example.com
Service Server Name: server.ad.example.com
Service User Name: [email protected]
I use this as reference invocation of ktpass command:
ktpass /princ SERVICE-NAME/[email protected]
/mapuser [email protected]
/pass * /ptype KRB5_NT_PRICIPAL /crypto AES128-SHA1
Output on my Test System:
Targeting domain controller: dc.ad.example.com
Using legacy password setting method
Successfully mapped SERVICE-NAME/server.ad.example.com to [email protected].
Type the password for SERVICE-NAME/server.ad.example.com:
Type the password again to confirm:
Key created.
Now the questions:
- The /mapuser parameter maps the Kerberos principal to the user, is this the same as doing it with
setspn -U -S SERVICE-NAME/server.ad.example.com test-service-user? Or is there some other mapping done too? If so how do undo that mapping? - If I look up the test-service-user using the "Active Directory Users and Computers" tool, I see that the "User logon name" has been replaced with "SERVICE-NAME/server.ad.example.com", does that mean there is only one Kerberos principal per user possible?
- I have not specified the /out parameter - yet it states "Key created.", does this mean it has updated the password of the test-service-user or has a key been stored somewhere else (where?)?
- What does "legacy password setting method" mean?
Is it possible to fetch the public keys from a database instead of the authorized_keys file?
I would like to use such a setup to manage ssh access to things like git repositories for multiple users without the need to recreate the authorized_keys file every time a public key is changed or added.
is it possible to allow directory browsing in IIS7 only for a specific IP range? (e.g. for internal users 10.1.10/24)
As far I only see options to enable or disable it entirely.
Regards, Fionn
I currently run a Win2k3 Domain controller inside a VMware Server for a small setup, the Vmware runs on a Win2k8 system.
The problem i have is that the time on the Domain Controller is extremely unstable, is there any way to redirect the authoritative time source from the domain controller to the Host (which is also in the Domain).
The reason I have the Domain controller not directly running on the Win2k8 box on physical hardware is that it made some problems to install Vmware on the Domain controller box (and I need it because of some stuff which runs on a virtual Linux).
Or is there a way to get VMware (or any other virtualization solution) running peacefully on the same install (I hade some problem with the virtual network adapters)?
It is by no way a big domain, more for testing purposes - but wrong time is really annoying.
Thanks