Posts
Running LXC/Proxmox containers unprivileged
Running an unprivileged lxc container with recent systemd Recent builds of systemd (around version 252) implemented a bunch of features that break proxmox/lxc containers. The canonical way of working around this is to enable nesting, but this isn’t really recommended as it gives access to the host’s /proc and /sys.. it only takes a bug and breaking out of the container becomes possible.
There is a workaround script for this.. it’s not installed by default, and as far as I know not in any packages.
read more
Posts
Pipewire
Fix for pipewire being silent on login Pipewire runs as a user process, and for some reason on my setup it wasn’t working on login.. Symptoms are needing to switch devices to make audio start working.
This fixes it with restart on every login:
In /etc/xdg/autostart/pipewire.desktop put:
[Desktop Entry] Exec=/usr/bin/systemctl --user restart pipewire Name=Restart pipewire Type=Application X-KDE-StartupNotify=false OnlyShowIn=KDE; Icon=plasma NoDisplay=true I presume something like that is supposed to be there already, but currently on Debian Testing it isn’t.
read more
Posts
Winbind Stuff
Winbind stuff I’m not going to go into how to setup a machine with winbind, becuase it involves writing smb.conf and judging by the sites I visited doing this, the syntax changes rapidly enough that anything I write will be obsolete in 6 months.
Instead I’ll just point you at the source:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member https://wiki.samba.org/index.php/Idmap_config_ad Things I found whilst adding a server this way - bearing in mind I’m using RFC2307 throughout not rid:
read more
Posts
Active Directory With Bind9
Active directory with bind9 Conventional wisdom would have it your machines have to use windows dns. Not a wisdom I’ve ever subscribed to.. DNS is not magic, not even Microsoft DNS.. In reality it’s something I even used in production for a while with zero issues..
On your zone file just add:
_DomainDnsZones NS ad.example.com. _ForestDnsZones NS ad.example.com. _msdcs NS ad.example.com. _sites NS ad.example.com. _kerberos._tcp SRV 0 0 88 ad.example.com. _kerberos-adm.
read more
Posts
Debian and Ad
Adding debian to Active Directory I setup a samba4 server for single signon - originally I had kerberos/ldap but making windows talk to that turned out to be more trouble than it was worth.
Using realmd and sssd I was able to get enrollment for a server down to this script:
DOMAIN=$(hostname -d) REALM=$(echo $DOMAIN | tr "[:lower:]" "[:upper:]") apt-get update apt-get -y install sssd-ad sssd-tools realmd adcli packagekit krb5-user samba-libs cr udini realm --automatic-id-mapping=no join $REALM pam-auth-update --enable mkhomedir crudini --set /etc/sssd/sssd.
read more