Brief Introduction: What is a Linux Derivative?

Univention Corporate Server (UCS) and Univention Corporate Server @ school (UCS@school) are Debian derivatives, i.e. operating systems derived from the Linux distribution Debian GNU/Linux. So, what exactly is Linux, what is a Linux distribution, and what does derivative mean? Read on to find out more about these terms and the connection between UCS and Debian GNU/Linux.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Web Proxy and “Shalla List” for Access Rules to External Websites and Higher Performance at the Same Time

For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

HowTo: Web-based Linux Terminal Server with 2FA

Timo Denissen of the Professional Service Team of Univention described in February with the blog article “Desktops with Guacamole remote control” how computers can be remote controlled via the browser. In this How To I would like to show how this principle can be extended with the help of privacyIDEA and xRDP to a terminal server environment which can be used completely in the browser, integrated into the domain of the UCS and secured by 2-factor authentication.
I assume in the HowTo that a functional UCS Master already exists. I run this virtualized using Proxmox. I use a second VM for the terminal server environment.
The following steps are described in detail in this HowTo:

  1. Prepare LinuxMint with xRDP
  2. Installing and configuring privacyIDEA and RADIUS on the UCS Master
  3. Integrate xRDP with privacyIDEA
  4. Install and configure Guacamole with RADIUS Plugin

How To: Easily Evaluate and Permanently Operate Apps with Appliances

IT environments are a dynamic situation with changing problematics, requirements and needs of users. System administrators have to face these dynamics while maintaining IT operations. Therefore, they have to regularly deal with new software solutions and check whether they fit the requirements, needs and circumstances of their own IT environment. In this article, we want to show how Univention App Appliances can help with this. As pre-configured virtual images ready for immediate use with an integrated operating system, they can be used to quickly try out new software, switch it off if it fails to deliver the desired results, or, if the evaluation is successful, transfer the test solution to live operation.

UCS: How to Connect your Printers

In this article with corresponding how to film we are going to explain how to connect printers in UCS. Univention Corporate Server offers a printing system that can be implemented even in complex environments. Printers and printer groups are managed in the Univention Management Console, UMC for short. The print services are based on CUPS – that’s the Common Unix Printing System. The printer queues are managed by CUPS and UMC.
PPD files (PostScript Printer Description) describe the technical capabilities of the printers. These files contain information about the printers’ features, i.e. whether it’s a color device, whether duplex printing is possible, which paper trays are available, which resolutions and which printer command languages are supported (e.g. PCL or PostScript). UCS provides a variety of PPD files, so most printers can be accessed and configured without having to install additional drivers. If you have to set up extra PPD files, please have a look at our manual.

Easier than you may expect – How you gradually implement an IDM for larger organizations

Quick question: when an employee leaves your or your customers’ company, how many systems do you have to touch to disable all of their IT access rights? If your answer is more than one, you should think about introducing or improving an Identity Management System. An Identity Management System, in short IdM, takes care of your employees, their authentication, and the roles and privileges they have within your IT environment. However, adding an IdM is often seen as a difficult task. This does not have to be the case! Thus, let me show you how you can quickly introduce UCS as your identity management system while keeping most of your services intact.

Film Tutorial: Providing Central Mail Services in UCS

In our 7-minute film tutorial we will show you how to set up your own e-mail server with UCS. You will first learn why you should install the UCS Mail Server component from the Univention App Center on a UCS slave and how to proceed with the installation. When configuring the server, we will show you how to ensure that users can receive and send e-mails. At this point we will briefly go into the subject of e-mail quota.