@Pete-S said in Debian 11 & php8:

@scottalanmiller said in Debian 11 & php8:

Debian 12 "Bookworm" is, in theory, under a month away and is going to PHP 8.2. So that is very good. But the long release cycles are always going to be a challenge that there isn't really a reason for.

Not a challenge at all but the reason to run "stable" is for stability. Meaning an update will never break your system and you get bug fixes and security updates. You won't get new features but you won't get new bugs that breaks your system either or changed functionality.

If you don't want or need that stability and favor new shiny things then you just install debian "testing". It's a rolling release.

Debian is not just one distro. Many companies run "testing" on workstations and "stable" on production servers.

There is a third option and that is Debian "unstable". Then you get new packages as soon as they are available. This is for the enthusiasts and debian developers primarily and not recommended for the general user that just wants something that works.

And just run containers. Then new libs aren’t an issue. The host shouldn’t matter at this point, so run stable. Then run containerized workloads for the rest and they can stay up to date.

@WrCombs said in Reboot resets Desktop Win 10 -:

So found out the user is actually corrupt, this is the 4th time this has happened according to the internal IT team, and they're looking to get the PC replaced

It’s always best to replace a corrupt user. The can leave so much of a mess.

@lilyleiden said in User migration to azure:

We just tested migrating a small batch of test users to our new Azure tenant.

While migrating the PC/user account was no problem, the fact that people get a completely blank user profile, certainly was a showstopper!!

Many of our users has had their AD profile for years, even a decade and has a lot of individual settings, ways to work, shortcuts, quick links, favorites/browser cached passwords etc. and they loose all that.
Management has currently halted the process due to the protests.

So I am on the lookout for a way to link/migrate the old profile/profile settings, when Azure joining the PC?

As far as I know, the only option is using third party software. There are several options.

We have for many years used USMTGUI from Ehlertech for domain profiles (USMTGUI use USMT for local and Domain profiles) but USMTGUI (corporate edition) also has a really simple to use function for migrating a profiles content to an AAD user, after the PC has been joined to Azure.

As said there are several third party options but as we already knew USMTGUI prior to switching to Azure, and USMTGUI makes it possible to handle all scenarios with one program, we have not really tried any of them.

@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

Source NAT rules. No clue how this work on UniFi though.

On an EdgeRouter it looks like this.
946132be-32b8-4225-9f4a-75634d00754b-image.png

08dbe439-afef-4e97-9a09-d72b48ca19bb-image.png

I assume it goes here in UniFi.
d70f4ee8-a60f-4803-b5da-df26f0d19ce5-image.png

1ffc5074-9466-441d-a320-32fd181f3fa0-image.png

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

It's a production database so there should be an email when the application connects and absolutely no user should ever, ever, ever be able to log in unless it's an admin doing an emergency backup and/or restore (likely alerts would be off during a restore.)

I cannot imagine a MS SQL Server based client-server application that does not make a billion DB calls all day long. So you will have to exclude that system user from being audited.

@scottalanmiller said in Get Alert Whenever There is MS SQL Server Access:

There's no user ever authorized to just connect.

The application user is always connecting. Repeatedly.

@Dashrender Check this thread
https://learn.microsoft.com/en-us/answers/questions/955731/who-deleted-an-appointment-from-a-shared-calendar

Hello,

First of all, let me thank you for your wonderful work. This made our lives much easier...

If you don't mind, I would like some help: I'm running this script on 2 FreePBX machines, both are practically the same. On one machine, I have no problems viewing contacts with more than one number (In both the XML file and on the phone itself).
However, on the other machine, I can only see on phone number for each contact, even if they have more than one phone number, again, it happens both when I visit the XML file directly from a browser and on the phones.
I can't think of any difference between both the pbx's.

I'd appreciate your help and I'll be happy to provide additional details, logs, info, etc..

Thanks a lot!

LOL...absolutely!

SAM...making IT better for humans...have an extra avatar on us....

@melvinsilva said in Ubiquiti - UDM + APs - Guess Wireless Affecting POS Traffic:

If the GUEST network is activated, the POS network traffic is degraded

Have you checked to see if the network is saturated? Does this happen when it is activated only, or only when guests are there using it too?

Check out WingetUI, which can manage packages for choco, scoop, and winget.

@gjacobse said in WINGET: Not available on Win10.:

Why would Winget not be available on a brand new device with the most updated build?

All my reading has stated that it is native since 1709..

Okay - been to many days since I found this. Seems that yes,.. on a fresh OEM install of Win10 it is not there.

After being fully updated it has been there. So - might just be the Media Creation Build in use that it isn't on. Which is fine with me.

@Mario-Jakovina said in Should I give my SSN to a U.S. Senator?:

I am not US citizen, but I do not see what is a big deal about giving your SSN to anybody?
Isn't it just a unique number of a citizen in public records? It is not some secret code, right?

They're not even unique!

SSN are not supposed to be used as an ID, but they are used as a form of ID a LOT.

Side question: When does 23.04 get moved into LTS mode?

@sjigabby said in Avimark "Microsoft Word not properly installed..." error appears suddendly:

@MC_Bol Trying to help a friend with this issue, we have uninstalled word and reinstalled multiple times and still getting the error message. Please help!!

the issue is you have to remove. Not remove and install again. Having it installed appears to not be an option.