OpenVPN to Secure your Samba Authentications Automatically

Login Illustration

Samba 4 has become the tool of choice for companies with diverse clients that seek a Linux-based central identity management. However, a growing number of organizations are offering work from home options and manage distributed operations like construction companies with a computer at every construction site or an insurance provider with several offices. The securing of all authentication processes when employees log in your network also from outside, is critical to protect your data.

But how to do that?

You need to add a VPN solution which starts before the login if you want to enjoy the advantages of single sign-on and policies that Samba provides. The following how-to will describe how to add OpenVPN to an existing Samba 4 installation to automatically secure client authentications over an untrusted network.

Cool Solution – Squid as Reverse SSL Proxy

IT Netzwerk Sicherheit Illustration

What is Squid?

Squid is a caching proxy employed primarily for web content delivered via the protocols HTTP, HTTPS, and even FTP. Squid stores websites and their content in a temporary cache, making them available to a number of clients simultaneously. Consequently, the use of Squid makes it possible to speed up the response times when opening websites considerably and reduce data volumes at the same time. In addition to this core function, Squid also boasts other extensive options such as control of users’ access to the Internet (ACLs). This is a scenario which is particularly interesting for use in schools and other public facilities as well as for client authentication. Users and devices are only permitted access to the Internet if they can authenticate themselves against the proxy.

Brief Introduction: High Availability

Photo of a hospital resuscitation icon

When recently assisting a customer in choosing a new cloud service provider, the providers of choice offered 95%, 99%, and 99.9% availability labeling their service “High Availability”. For the human brain and considering a scale from 0% to 100% all of these numbers sound rather good, and we would naturally think, that these services almost never fail. However, let us have a closer look at what high availability truly means for IT environments and how it affects UCS and let us think about why you should also consider the time to recovery and planned downtimes.

Asterisk Universal Communication Solution for UCS – The Cost-Effective and Flexible Alternative to VoIP

Logo asterisk4ucs

Asterisk is a leading, freely available voice over IP (VoIP) solution that companies can employ as an Open Source software without license fees. Originally designed by Mark Spencer at the U.S. company Digium in 1999, the solution is now being continually further developed by a growing development community around the world. In addition, it offers high functionality and boasts an extensive basis for telephony, unified messaging, and third-party systems.

Collabora Online now new in the Univention App Center

With the new Collabora Online Development Edition (CODE) you can now safely run your online office in the cloud.

The LibreOffice-based solution supports all important document, spreadsheet and presentation file formats that you can integrate into your own infrastructure. Use the advantage of working with CODE to edit office documents together and independently of time and location.

Development of a Central IT Structure With Integration of Local School Servers in the Kassel District – Preparation is Everything!

Foto des Kreishauses vom Landkreis Kassel

The school IT service in the rural district of Kassel, Germany, is responsible for the maintenance and operation of the IT infrastructure in 72 schools counting a total of 25,000 pupils and 2,000 members of staff.

Support of decentralized structures as rural district

Our IT support is based in the media center in Hofgeismar, but as a rural district we are of course faced with certain challenges presented by the distribution of the schools throughout the district. Our overall support concept is oriented toward the decentralized structure. From an organizational and technical perspective, we aim to centralize as much as possible, but the individual support technicians are often out of the media center for days at a time working on site in the schools.

UCS Identity Management Manages Mail Platform With Over 30 Million Users

US Mailboxes

More than two years after the start of one of the largest projects in which Univention has been involved to date, a new mail platform with over 30 million managed end users finally went online in late 2016. UCS takes care of the identity management duties for all the user accounts.

I first reported on the challenges of the project almost a year ago in the article How can OpenLDAP with UCS be scaled to over 30 million objects?. However, it is now no longer a “gray theory” – the project has now gone live and the LDAP has had to cope with the strain of thousands of accesses every second in real time ever since.

Today, I would like to provide you with an update and share with you some of our most important findings from the going live process.

WordPress for UCS 4.1 and 4.2 now in the App Center

Screenshot von WordPress

You can now build beautiful websites and blogs with our new, free to use WordPress application for Univention Corporate Server, which is available to you in the App Center, and benefit from the integration into UCS’ identity management.

This app is provided as a Docker-based app. WordPress will update itself in the container independently, so WordPress should always stay up-to-date. The future updates for WordPress released by the App Center will then mainly update the software, which is located around WordPress in the container.

Page 1 of 1412345...10...Last »