LDAP Tool Box Service Desk 0.6.2 released!
LDAP Tool Box Service Desk is a web application for administrators and support teams. It allows to browse accounts in an LDAP directory, view and update their password and security status.
News on OW2 : https://projects.ow2.org/view/ldaptoolbox/ltb-service-desk-0-6-2-released/ Release on GitHub : https://github.com/ltb-project/service-desk/releases/tag/v0.6.2 Download : https://ltb-project.org/download.html
Is today #FediHire Friday? Sure looks like it!
What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.
My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.
This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.
While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.
My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.
In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best.
Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.
PMs open if you want to talk details. Boosts/reshares appreciated.
My cloud identity team, made up of people who have only ever worked in cloud/SaaS IdP setups, has just been made responsible for an Active Directory environment.
Most of them are befuddled or panicking.
Me:
Bericht KW11:
- MO: Urlaub
- DI: Rollout #3CX
- MI: Unternehmerfrühstück #netzwerken Diverses #vpn #Updates
- DO: Diverses #OPNsense Regeln angepasst. #haproxy mit #acme Umstellung von #NAT. Netzwerkberatung
- FR: Bürotag. #ActiveDirectory Fehlersuche. #OPNsense Firewall im HA-Cluster ausgerollt
Highlight: #OPNsense HA-Cluster sind ein Traum. #Gitea Projektverwaltung ist noch träumiger :D
Am Dienstag: Das Active-Directory-Webinar von heise security
Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.
SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts
Secure those AD accounts!
Five best practices for securing Active Directory service accounts https://www.bleepingcomputer.com/news/security/five-best-practices-for-securing-active-directory-service-accounts/
I'm a bit embarrassed
#TIL the passwords are stored in #ActiveDirectory without a Salt (on the domain controller).
I'm still in shock. For all my career (30+ years) storing salted and hashed passwords has been the standard (or at least I thought so)
For non-#Cybersecurity security people an explanation:
The term Salt means that each password is extended by some random data. When calculating the hash (a mathematical function which can't be reversed) this Salt is included. As the Salt is different every time a password is set or changed it guaranties that even if people choose the same password that the hash differs. Without the salt the same password would have the same hash, so attackers would instantly know which accounts have the same password. Making it much easier for them.
Actually, it is even worse. If the password was used and cracked before it is likely in a list of cracked hashes. So you don't need to crack any hashes. You can simply look it up.
E.g the NTLM hash 8AC2859EC4AF435BA6AD116B0690A904
Looking it up at https://ntlm.pw/ reveals the password "ZaqwsX7679bgHrty!"
Brute forcing it would take billions of years, but a simple lookup reveals it in milliseconds
For the love of all that is holy, is there a no-kidding, one-stop writeup on getting Debian to play nice with Windows AD?
I swear I didn't have this much trouble last time I did it... but my replacement system has a newer version and the damn thing just won't stay on the domain.
heise security Webinar: Praktische Basis-Security fürs Active Directory
Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.
heise security Webinar: Praktische Security in Windows-Netzen – Tiering und PAWs
Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.
I flubbed my password while unlocking the work computer this morning. It has been sitting here spinning for at least 5 minutes now, completely unusable until it finally announces my failure and lets me try again.
"Enterprise OS," my butt.
#Ubuntu 24.04.1 #LTS Is Now Available for Download, Here’s What’s New
This release introduces #ActiveDirectory integration and enables upgrades from Ubuntu 22.04 LTS (Jammy Jellyfish) systems.
The next point release, Ubuntu 24.04.2 LTS, is planned for February 2025. It will be a more exciting release as it will be powered by #Linux kernel 6.11 and Mesa 24.2 graphics stacks from the upcoming Ubuntu 24.10 (Oracular Oriole) release, due out in October 2024.
https://9to5linux.com/ubuntu-24-04-1-lts-is-now-available-for-download-heres-whats-new
@SecurityWriter I love it.
Yes, there are other #ldap alternatives out there. #activedirectory is not the only one. While this may be holding a lot of orgs back from switching, it's also important to recognize that many enterprise apps on both the desktop and server sides still require #microsoft #windows.
As a professional #sysadmin in the #banking industry many financial apps *only* support Windows. It makes sense to only deploy the OS where needed and/but there are complexities to managing heterogenous environments. Said complexities aren't always readily apparent either.
Having experienced a Windows to #Linux #desktop #migration years ago, I learned *a lot*. I am, however, all for ditching Microsoft but fully realize it's not always possible.
2. Windows
The Obvious Choice.
Pros:
- All the games
- Still the standard workstation
- Setting up #ActiveDirectory would be a good #Homelab project
- Great #GPU support
- Handy to have more than zero Windows machines around
Cons:
- #Microsoft
- Nominal license cost
- Shitty & worsening #privacy
How could I live without a Browser ... IN MY BROWSER ... for so long? 
#FreeBSD, jailed #guacamole authenticating via #LDAP against a #Samba #ActiveDirectory, connecting via #RDP to this machine running #Xrdp as well as some #Windows "server" 
Freitag: BKA und FBI schließen Darknet-Marktplatz, Threads offen zum Fediverse
Darknet-Server beschlagnahmt + Meta öffnet sich + KI-Resolution der UNO + Arbeitsverträge auch digital + B. Braun mit mehr Umsatz + Problem bei Windows-Servern
@lattera @drscriptt Now here's some document in the hope it might help someone
https://sekrit.de/webdocs/freebsd/nfs-jail-kerberos-samba.html
@drscriptt I'll just dump my understanding of the issue with #kerberos, #nfsv4 and #samba (or #ActiveDirectory) now on here, so if you know better, please correct me 
A kerberized service needs an SPN to prove its identity towards clients. This SPN can be attached to any account, it's just best practice to have a dedicated service account. For nfs, it must be named "nfs/<host.fqdn>". The key for this SPN must be available to the server, that's why you have to export it and add it to /etc/krb5.keytab on the server.
To access the service, you need a "service ticket" for its SPN. This can be obtained with your kerberos TGT (ticket-granting ticket). In case of NFS, this is also needed for mounting. And here's the issue with system-wide mounts, there's no user logged into the domain, so you need a "host-based initiator". Basically a key present in the host's /etc/krb5.keytab that's used for the kinit procedure.
[...]
CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers
https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom #Russian #hackers #attack #Ukraine #telecom operator #Kyivstar #ActiveDirectory #zerodaywiper #segmentation
