Domain Replication Service (DRS) with Samba for Empowering Distributed Environments

In larger environments with thousands of users, you can often find multiple Domain Controller offering authentication and authorization services. For Windows-based endpoints, UCS utilizes Samba 4 to provide these services. In between the different Samba 4 servers, UCS uses the Domain Replication Service (DRS) to keep the server data synchronized. While Samba 4 does a superb job in replicating the data, there are some tweaks you can utilize to optimize the replication, to provide better performance in distributed environments. Let us have a look!

Provide Solutions for Home Office Team Collaboration

In recent days and weeks, many employees retreated to home office to break chains of infection, others plan or would like to do so. But not everyone has the tools to continue working productively and together with colleagues in as many areas as possible. Working remotely and the collaboration of several people from the home office place special demands on the way a team works and on the tools it uses.
As an open hyperintegration platform and with the Univention App Center, Univention Corporate Server (UCS) offers a whole range of different applications which enable effective and collaborative working from the home office. Among the more than 90 applications in the App Center are solutions for file sharing (Nextcloud, ownCloud or Seafile), for project management (OpenProject and the Kanban solution Wekan), video conference (Kopano Meet), real-time communication (Rocket.Chat) or knowledge transfer (MediaWiki Bluespice). All these solutions are also available as virtual appliances with a pre-configured UCS, which you can put into operation with a very manageable effort and make available to your colleagues for the home office.

Brief Introduction: What is a Linux Derivative?

Univention Corporate Server (UCS) and Univention Corporate Server @ school (UCS@school) are Debian derivatives, i.e. operating systems derived from the Linux distribution Debian GNU/Linux. So, what exactly is Linux, what is a Linux distribution, and what does derivative mean? Read on to find out more about these terms and the connection between UCS and Debian GNU/Linux.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Web Proxy and “Shalla List” for Access Rules to External Websites and Higher Performance at the Same Time

For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

HowTo: Web-based Linux Terminal Server with 2FA

Timo Denissen of the Professional Service Team of Univention described in February with the blog article “Desktops with Guacamole remote control” how computers can be remote controlled via the browser. In this How To I would like to show how this principle can be extended with the help of privacyIDEA and xRDP to a terminal server environment which can be used completely in the browser, integrated into the domain of the UCS and secured by 2-factor authentication.
I assume in the HowTo that a functional UCS Master already exists. I run this virtualized using Proxmox. I use a second VM for the terminal server environment.
The following steps are described in detail in this HowTo:

  1. Prepare LinuxMint with xRDP
  2. Installing and configuring privacyIDEA and RADIUS on the UCS Master
  3. Integrate xRDP with privacyIDEA
  4. Install and configure Guacamole with RADIUS Plugin

How To: Easily Evaluate and Permanently Operate Apps with Appliances

IT environments are a dynamic situation with changing problematics, requirements and needs of users. System administrators have to face these dynamics while maintaining IT operations. Therefore, they have to regularly deal with new software solutions and check whether they fit the requirements, needs and circumstances of their own IT environment. In this article, we want to show how Univention App Appliances can help with this. As pre-configured virtual images ready for immediate use with an integrated operating system, they can be used to quickly try out new software, switch it off if it fails to deliver the desired results, or, if the evaluation is successful, transfer the test solution to live operation.

UCS: How to Connect your Printers

In this article with corresponding how to film we are going to explain how to connect printers in UCS. Univention Corporate Server offers a printing system that can be implemented even in complex environments. Printers and printer groups are managed in the Univention Management Console, UMC for short. The print services are based on CUPS – that’s the Common Unix Printing System. The printer queues are managed by CUPS and UMC.
PPD files (PostScript Printer Description) describe the technical capabilities of the printers. These files contain information about the printers’ features, i.e. whether it’s a color device, whether duplex printing is possible, which paper trays are available, which resolutions and which printer command languages are supported (e.g. PCL or PostScript). UCS provides a variety of PPD files, so most printers can be accessed and configured without having to install additional drivers. If you have to set up extra PPD files, please have a look at our manual.