What Are You Doing Right Now
-
@dashrender said in What Are You Doing Right Now:
@hobbit666 said in What Are You Doing Right Now:
Wondering how do people here apply certificates to internal websites?
e.g. A unifi controller, so when I visit https://unifi01 I don't get the warning.Do you use external provider like 123reg and buy a SSL cert or do something internal?
Normal old school certs from GoDaddy or Digicert apply easily to these situations, you create a CSR, export it, use that information on the cert providers website, export your cert from them, install it on your internal host - done.
This isn't so easy to do with Let's Encrypt. This is because LE needs to check your ownership of a website by having direct access to that website.
That said, assuming you do have a website, you can have LE include a SAN, which is your internal servername, export the cert from the externally facing site, after LE installs the cert, then import that cert to your internal server. Then manually do that process whenever the cert is updated on the external server.
LE does not require connectivity to your server. You can also use DNS authentication. Have been able to do it since late last year I do believe.
-
@penguinwrangler said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@penguinwrangler said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Everyone always blames not knowing Linux for not knowing computing basics. This thread he says he's all confused because it is Linux, but he obviously doesn't understand the Windows terms he's trying to use or just things like what a network is. He's literally mixing concepts like AD Domains and access points thinking that they are related. Understanding Windows at all would make Linux clear to him here.
"What does "hardwired to the network" mean to you?"
My first question when reading his post.
Yeah, he's really struggling with the basics of like "what is a network".
With people like that, I usually step back and ask, what are we trying to accomplish? What end result do you want. They usually can tell you that, then you now how to handle it.
I did, and he had no idea.
I know, I read that. I have to think that he is not (please for the love of our profession) actually an IT person.
Does that make it better? Someone outside of IT should know even more to talk in goal terms and not throw technical terms about.
-
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
-
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
-
@jaredbusch said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@hobbit666 said in What Are You Doing Right Now:
Wondering how do people here apply certificates to internal websites?
e.g. A unifi controller, so when I visit https://unifi01 I don't get the warning.Do you use external provider like 123reg and buy a SSL cert or do something internal?
Normal old school certs from GoDaddy or Digicert apply easily to these situations, you create a CSR, export it, use that information on the cert providers website, export your cert from them, install it on your internal host - done.
This isn't so easy to do with Let's Encrypt. This is because LE needs to check your ownership of a website by having direct access to that website.
That said, assuming you do have a website, you can have LE include a SAN, which is your internal servername, export the cert from the externally facing site, after LE installs the cert, then import that cert to your internal server. Then manually do that process whenever the cert is updated on the external server.
LE does not require connectivity to your server. You can also use DNS authentication. Have been able to do it since late last year I do believe.
Oh nice. So you just run the LE script on the internal host (assuming it's allowed out to the internet) then update the DNS when told, then continue the script and get the cert? awesome!.
Question - do you have to update the DNS record each time you renew (to ensure you still own the domain?) -
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
Good to know.
-
I'm stuck in a meeting for the next hour with a whole leg of my boxers wedged firmly in my butt crack. There is no escape. There is no fixing it. There is only suffering.
-
@mattspeller said in What Are You Doing Right Now:
I'm stuck in a meeting for the next hour with a whole leg of my boxers wedged firmly in my butt crack. There is no escape. There is no fixing it. There is only suffering.
Hopefully there are no "hostages" in this situation. Hahaha
-
@mattspeller said in What Are You Doing Right Now:
I'm stuck in a meeting for the next hour with a whole leg of my boxers wedged firmly in my butt crack. There is no escape. There is no fixing it. There is only suffering.
Make others suffer with you and give everyone atomic wedgies.
-
-
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
-
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Correct, I think @Dashrender and I were talking about SMB shares though.
-
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Exactly why I was so confused. how is that not working? He's asking for all this info, but doesn't have any info on what was tried or why it failed.
-
@coliver said in What Are You Doing Right Now:
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Correct, I think @Dashrender and I were talking about SMB shares though.
The share type doesn't matter, you still have to authenticate to it, proving you are the person / system that has access to the share.
Unless of course you're using anonymous access. . .
-
We've got the "can't get to the store, car won't move" problem, but we are all wondering if he has opened teh garage door yet.
-
@scottalanmiller said in What Are You Doing Right Now:
We've got the "can't get to the store, car won't move" problem, but we are all wondering if he has opened teh garage door yet.
The car would happily move through a garage door. . .
-
@dustinb3403 said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Correct, I think @Dashrender and I were talking about SMB shares though.
The share type doesn't matter, you still have to authenticate to it, proving you are the person / system that has access to the share.
Unless of course you're using anonymous access. . .
Understood, I think @Dashrender was assuming it worked similar to how SMB shares work on an AD domain with a Windows client. Where it authenticates in the background.
-
@coliver said in What Are You Doing Right Now:
@dustinb3403 said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Correct, I think @Dashrender and I were talking about SMB shares though.
The share type doesn't matter, you still have to authenticate to it, proving you are the person / system that has access to the share.
Unless of course you're using anonymous access. . .
Understood, I think @Dashrender was assuming it worked similar to how SMB shares work on an AD domain with a Windows client. Where it authenticates in the background.
On every linux system I've used credentials still had to be provided explicitly for that connection.
Edit: I've only connected to windows shares a few times (so take it for what its worth)
-
@dustinb3403 said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dustinb3403 said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@penguinwrangler said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@dashrender said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
It's odd because, for Linux, being on a domain doesn't make sharing files between them easier. For the use case listed it would add near zero benefit.
is that true? If a Linux box is part of a domain, it's not easier to map a SMB share? i.e. don't need to provide credentials when making the connection?
You'd still have provide credentials. It makes no part of the mapping easier, at least to my knowledge.
As long as there is SSH enabled, you have sftp between the Pis themselves and you can do that on Windows Boxes with something like Filezilla. Don't even need to map or "setup" shares.
Correct, I think @Dashrender and I were talking about SMB shares though.
The share type doesn't matter, you still have to authenticate to it, proving you are the person / system that has access to the share.
Unless of course you're using anonymous access. . .
Understood, I think @Dashrender was assuming it worked similar to how SMB shares work on an AD domain with a Windows client. Where it authenticates in the background.
On every linux system I've used credentials still had to be provided explicitly for that connection.
That was my point. You hit the nail on the head.
-
Hmmm.... sounds totally legit. Especially the part where I get to pay for my own travel to/from Savannah, GA....
https://community.spiceworks.com/topic/2075696-seeking-business-partner-for-product-invention