I think i your case a free IP in edit 192.168.1.x range…
My range is 192.168.1.0/24
“Free” meaning “not assigned”
Sorry, see edit
As we are on the subject, why do we need a vanilla samba in the nspawn container?
Stupid question: why two IPs for the same server?
SAMBA dc runs in a systemd nspawn container.
Good catch! Because Samba 4 runs inside a container which is basically a virtual machine inside the real NS
Samba upstream package does not provide the DC role, by now.
Whilst the Domain Controller seems capable of running as a full file server, it is suggested that organisations run a distinct file server to allow upgrades of each without disrupting the other
Moreover, I must admit it simplified a lot the configuration both on the file server side (the “host” machine) and the domain controller side (the “guest” machine/container).
So I’m sure an additional IP address is a small price to pay for having them both on NS7
Thank you all for enlighten me! I really didn’t know!
Of course doesn’t matter. I just want to understand some things which are new for me.
Your question was not stupid at all. I want to say thank you @GG_jr for sharing your experience: your feedback is very important for developers and I’m sure it will be very useful to those who endeavor NS7 testing
AFAIK the first outside Pesaro
You know this is not supported on ns6 neither it is planned on ns7. However I hope it can be implemented easily with SSSD, with OpenLDAP backend. I tried it with AD, but
realmd seems supporting the join to a single domain only.
I probably would have tripped up on this too, so I’m glad you talked this out here for us to understand it too.
Ahhh, I thought you guys were going to get rid of that 90 sec shutdown hold timeout.
Yeah… But power on is fast.
Any news about “sogo-frontends” package?
I installed snort clean after updates to a fresh install rule policy Expert and…
May 23 11:34:26 server88 snort: FATAL ERROR: /etc/snort/rules/snort.rules(6698) Unknown rule option: 'ssl_version'. May 23 11:34:26 server88 snortd: Starting snort: [FAILED]
[root@server88 rules]# cat snort.rules |grep 6698 alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Compromised Website response - leads to Exploit Kit"; flow:to_client,established; file_data; content:"<!--ded509-->"; content:"<!--/ded509-->"; distance:0; metadata:policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.jsunpack.jeek.org/?report=c94ca7cda909cf93ae95db22a27bb5d711c2ae8f; classtype:trojan-activity; sid:26698; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SUSPICIOUS services.exe in URI"; flow:established,to_server; content:"GET"; http_method; urilen:<100; content:"/services.exe"; http_uri; nocase; fast_pattern:only; pcre:"/\/services\.exe$/Ui"; reference:md5,145c06300d61b3a0ce2c944fe7cdcb96; classtype:bad-unknown; sid:2016698; rev:12;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII"; flow:established,to_server; content:"/detail.asp?"; nocase; http_uri; content:"action="; nocase; http_uri; content:"ASCII"; nocase; http_uri; pcre:"/ASCII\(.+SELECT/Ui"; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006698; classtype:web-application-attack; sid:2006698; rev:7;)
Those run-time thingy thingies still are in the hart of nethserver, probably the heritage of SME.
systemctl reboot/poweroff should take care of that, why can it not be trusted?