I think is the first NS 7a3 AD configured! Isn’t?
Thank you all!
1 Like
AFAIK the first outside Pesaro 
You were asking about accounts from multiple domains… like john@dom1.com patricia@dom2.net
You know this is not supported on ns6 neither it is planned on ns7. However I hope it can be implemented easily with SSSD, with OpenLDAP backend. I tried it with AD, but realmd seems supporting the join to a single domain only.
1 Like
I probably would have tripped up on this too, so I’m glad you talked this out here for us to understand it too.
2 Likes
Ahhh, I thought you guys were going to get rid of that 90 sec shutdown hold timeout.
2 Likes
Yeah… But power on is fast.
Hi Davide,
Any news about “sogo-frontends” package?
I installed snort clean after updates to a fresh install rule policy Expert and…
May 23 11:34:26 server88 snort[2705]: FATAL ERROR: /etc/snort/rules/snort.rules(6698) Unknown rule option: 'ssl_version'. May 23 11:34:26 server88 snortd: Starting snort: [FAILED]
[root@server88 rules]# cat snort.rules |grep 6698 alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Compromised Website response - leads to Exploit Kit"; flow:to_client,established; file_data; content:"<!--ded509-->"; content:"<!--/ded509-->"; distance:0; metadata:policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.jsunpack.jeek.org/?report=c94ca7cda909cf93ae95db22a27bb5d711c2ae8f; classtype:trojan-activity; sid:26698; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SUSPICIOUS services.exe in URI"; flow:established,to_server; content:"GET"; http_method; urilen:<100; content:"/services.exe"; http_uri; nocase; fast_pattern:only; pcre:"/\/services\.exe$/Ui"; reference:md5,145c06300d61b3a0ce2c944fe7cdcb96; classtype:bad-unknown; sid:2016698; rev:12;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII"; flow:established,to_server; content:"/detail.asp?"; nocase; http_uri; content:"action="; nocase; http_uri; content:"ASCII"; nocase; http_uri; pcre:"/ASCII\(.+SELECT/Ui"; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006698; classtype:web-application-attack; sid:2006698; rev:7;)
Those run-time thingy thingies still are in the hart of nethserver, probably the heritage of SME.
systemctl reboot/poweroff should take care of that, why can it not be trusted?
Only the Expert policy has more than 10 rules enabled, it seems the rule policy still need some tweaking, I know we’ve talked about this before when I was trying ips in v6.7.
I can’t test snort at all really until I can get snort running with Expert policy per my previous post.
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|connectivity
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|expert
May 23 11:34:23 server88 esmith::event[2669]: Rule Stats...
May 23 11:34:23 server88 esmith::event[2669]: #011New:-------27256
May 23 11:34:23 server88 esmith::event[2669]: #011Deleted:---0
May 23 11:34:23 server88 esmith::event[2669]: #011Enabled Rules:----20467
May 23 11:34:23 server88 esmith::event[2669]: #011Dropped Rules:----0
May 23 11:34:23 server88 esmith::event[2669]: #011Disabled Rules:---6789
May 23 11:34:23 server88 esmith::event[2669]: #011Total Rules:------27256
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|expert
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|security
May 23 11:56:59 server88 esmith::event[3249]: Rule Stats...
May 23 11:56:59 server88 esmith::event[3249]: #011New:-------0
May 23 11:56:59 server88 esmith::event[3249]: #011Deleted:---0
May 23 11:56:59 server88 esmith::event[3249]: #011Enabled Rules:----8
May 23 11:56:59 server88 esmith::event[3249]: #011Dropped Rules:----906
May 23 11:56:59 server88 esmith::event[3249]: #011Disabled Rules:---26342
May 23 11:56:59 server88 esmith::event[3249]: #011Total Rules:------27256
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|security
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|balanced
May 23 12:11:03 server88 esmith::event[3881]: Rule Stats...
May 23 12:11:03 server88 esmith::event[3881]: #011New:-------0
May 23 12:11:03 server88 esmith::event[3881]: #011Deleted:---0
May 23 12:11:03 server88 esmith::event[3881]: #011Enabled Rules:----10
May 23 12:11:03 server88 esmith::event[3881]: #011Dropped Rules:----785
May 23 12:11:03 server88 esmith::event[3881]: #011Disabled Rules:---26461
May 23 12:11:03 server88 esmith::event[3881]: #011Total Rules:------27256
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|balanced
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|connectivity
May 23 12:12:47 server88 esmith::event[4406]: Rule Stats...
May 23 12:12:47 server88 esmith::event[4406]: #011New:-------0
May 23 12:12:47 server88 esmith::event[4406]: #011Deleted:---0
May 23 12:12:47 server88 esmith::event[4406]: #011Enabled Rules:----2
May 23 12:12:47 server88 esmith::event[4406]: #011Dropped Rules:----8
May 23 12:12:47 server88 esmith::event[4406]: #011Disabled Rules:---27246
May 23 12:12:47 server88 esmith::event[4406]: #011Total Rules:------27256Trusted?
Not a big deal at all, just, what seems an unnecessary delay during reboot, I don’t think any of my v6.7 installs have a delay, I’ve only noticed this on v7, but now I can’t remember about v6.7.
Shoot, I just realized I forgot to snapshot this install before I installed ips, now I’ll have to reinstall to test anything else. Boo.
2 Likes
I think I did that for about 10 times. 
1 Like
Your in the testing mode, so try a systemctl reboot and time it 
No need for systemctl, simply shutdown at shell shuts the machine down in a couple seconds.
The 90 delay is triggered when using the gui shutdown options.
1 Like
I bet snort changed default configuration once again.
@filippo_carletti can you take a look on it?
I just removed the package from the yum group, you can install sogo from the UI as soon as mirrors are in sync.
I think the timeout on shutdown from interface is something more systemd related. We are investigating it!
Listed modes are from upstream project pulled pork.
2 Likes
Saw a LSB for httpd-admin more then once, I would start there
1 Like
BTW, where did the file-server go to?
It’s on my workbench: it will be released soon
Hi guys,
i set up a NS7A3 VM for test and installed Samba AD as discribed above.
I tried to join a win7 machine to this domain, but got a message, that the domain was identified as “nsdc-test.ns7a3.at”, but however it could not connect to domain controllers.
What did i do wrong?
1 Like