Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Third Point Release for UCS 4.4

Release 4.4-3 Header

As always, the errata updates of the past months have resulted in many small and large innovations, which we have collected and released with the release of UCS 4.4-3. I would like to give you an overview of the most important new features and an outlook on what we are currently working on. Important new features include better checking of required resources during installation, avoidance of Windows Explorer crashes with extended file system permissions, documentation of best practices in dealing with Windows printer drivers and printer settings, and improvements to the Samba 4 Connector.

After receiving so much positive feedback on our questions in the article UCS 5.0 is coming!, I’d like to use this article to ask you a few questions that are relevant to the further development of UCS 4 and the direction UCS 5 will take. We highly value the UCS user‘s opinion and like to hear what you have to sayuse the comment box below or gladly write to feedback@univention.de.

UCS@school: Automatic Integration of Samba Shares into Nextcloud

The free and open source file hosting solution Nextcloud is available in the Univention App Center either preconfigured or as a virtual appliance and is therefore quickly installed and set up on UCS. Nextcloud can also offer it‘s services on a central server in large, distributed environments and is therefore ideal for integrating network shares from other computers.

Nursing and support agreement with the Max Planck Society including cost absorption

Bremen, November 27, 2019 – Due to the high interest of several Max Planck Institutes in using Univention Corporate Server (UCS) as a central identity management and platform for connecting various other services, a maintenance and support agreement between Univention and the Max Planck Society (MPG) was made last year. This agreement defines the scope of the use of UCS Enterprise
Subscriptions including maintenance and support. All institutes of the Max Planck Society can thus use a UCS standard subscription with an unlimited number of users and servers quickly and easily within the framework agreed in the contract.

The Way to the IT Concept For the Schools In the District of Harz

The district of Harz as a school authority recognized early, that a school has different needs than the public administration. Therefore the school IT is separated from the IT structure of the administrative district. Our structures enable us to remain flexible and to respond to the individual needs of the schools. A special school needs other applications and end devices than a grammar school. Nevertheless, both systems must be manageable and functional.

Web Proxy and “Shalla List” for Access Rules to External Websites and Higher Performance at the Same Time

For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.

End of Maintenance for Core Edition of UCS 4.3

The Maintenance for the Core Edition version of UCS 4.3 has expired. Users using the Core Edition of UCS 4.3 should update to a more recent version of UCS to further receive security updates, bug fixes and minor releases.
Information about the new features of UCS 4.4 can be found in our blog article UCS 4.4 Release – Admin Diary, Self Services and Windows Domain Trusts.
A description of the steps necessary for the update can be found in the blog article How To: Upgrade to new UCS version 4.4.
Customers with a valid subscription contract for UCS are not affected and will receive updates until the end of March 2020 at least. More information about the Maintenance Cycle for UCS can be found in our Wiki article Maintenance Cycle for UCS.

Add Seafile, Wekan and Zammad to Your Corporate IT Easily via App Center

We are pleased to announce a prominent addition to our App Center. Since the beginning of October the German dropbox alternative Seafile, the practical Kanban board of Trello competitor Wekan and the German Zendesk competitor Zammad are available in the App Center. This adds three popular and practical business applications to our Univention Corporate Server (UCS) offering, which you can add to your company’s IT by a simple click.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

HowTo: Web-based Linux Terminal Server with 2FA

Timo Denissen of the Professional Service Team of Univention described in February with the blog article “Desktops with Guacamole remote control” how computers can be remote controlled via the browser. In this How To I would like to show how this principle can be extended with the help of privacyIDEA and xRDP to a terminal server environment which can be used completely in the browser, integrated into the domain of the UCS and secured by 2-factor authentication.
I assume in the HowTo that a functional UCS Master already exists. I run this virtualized using Proxmox. I use a second VM for the terminal server environment.
The following steps are described in detail in this HowTo:

  1. Prepare LinuxMint with xRDP
  2. Installing and configuring privacyIDEA and RADIUS on the UCS Master
  3. Integrate xRDP with privacyIDEA
  4. Install and configure Guacamole with RADIUS Plugin