Setting up an Automatic Account Lockout after Failed Login Attempts

By default, UCS users can enter the password incorrectly any number of times without being locked out by the system. In order to make brute force attacks to crack passwords more difficult, admins can set up an automatic lockout that prevents an account from being accessed after a user-defined number of failed attempts.

Univention Corporate Server offers several methods for authentication and authorization. In this blog article I will show you how to log failed login attempts to the system via PAM stack, OpenLDAP and Samba respectively and how you as an admin can set a limit for the number of unsuccessful logins.

How to integrate with LDAP – Example Redmine

In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how you can use LDAP provided by UCS to expand or use in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will detail the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

Videoconferences at Univention

In times of telecommuting they have become indispensable: videoconferences.

Anyone who frequently participates in them knows that nothing is more disturbing than distorted scraps of conversation and lagging interlocutors. A flawless transmission, however, enables employees to focus on the essential topic and exchange information about it, even in a digital environment. It adds up to a good feeling keeping control of the data when discussing internal company information or when talking to customers.

How To: Easily Evaluate and Permanently Operate Apps with Appliances

IT environments are a dynamic situation with changing problematics, requirements and needs of users. System administrators have to face these dynamics while maintaining IT operations. Therefore, they have to regularly deal with new software solutions and check whether they fit the requirements, needs and circumstances of their own IT environment. In this article, we want to show how Univention App Appliances can help with this. As pre-configured virtual images ready for immediate use with an integrated operating system, they can be used to quickly try out new software, switch it off if it fails to deliver the desired results, or, if the evaluation is successful, transfer the test solution to live operation.

UCS: How to Connect your Printers

In this article with corresponding how to film we are going to explain how to connect printers in UCS. Univention Corporate Server offers a printing system that can be implemented even in complex environments. Printers and printer groups are managed in the Univention Management Console, UMC for short. The print services are based on CUPS – that’s the Common Unix Printing System. The printer queues are managed by CUPS and UMC.
PPD files (PostScript Printer Description) describe the technical capabilities of the printers. These files contain information about the printers’ features, i.e. whether it’s a color device, whether duplex printing is possible, which paper trays are available, which resolutions and which printer command languages are supported (e.g. PCL or PostScript). UCS provides a variety of PPD files, so most printers can be accessed and configured without having to install additional drivers. If you have to set up extra PPD files, please have a look at our manual.

bitpack.io Introduces New UCS-based Solution at ImPuls e. V. Association

An outdated IT landscape, many different desktop systems with proprietary software and corresponding license costs had repeatedly confronted the administrators of the association ImPuls e. V. from Hohen Neuendorf, Brandenburg, with problems. A solution was sought that would make both setting up new workstations and maintaining already existing desktops easier. The responsible persons also desired the possibility of interconnecting all facilities while at the same time retaining full control over their data.
We, the company bitpack.io from Birkenwerder, have modernized the IT infrastructure of the association in recent months. The new systems are running since July 2019: Univention Corporate Server is the central component; furthermore Kopano, Nextcloud and OnlyOffice are being used. In this article we would like to briefly introduce you to the project.

UCS@school and Open-Xchange for Schools in Basel

For some time now, we have been looking for a consistent solution for the mail system used by our teachers and students. We need a secure environment that’s easy to manage. In a combined effort, ICT Medien and Adfinis SyGroup, a Swiss Service Provider, migrated the schools’ existing mail system with around 32,000 accounts. We connected the current identity management (UCS@school) to the e-mail and groupware solution Open-Xchange. In this article we’re going to describe the initial situation, talk about our considerations, the planning phase, and the requirements for the new mail and groupware solution. We’re also going to tell you about our system architecture and the servers involved. During the migration we encountered some problems – you’re going to read about them and about our solutions. Before we start with the more technical details, we’d like to say how happy we are with the new Open Source solution: The new mail system fulfils all requirements in terms of security, high availability, and the current data protection guidelines.

Linux Programs in Windows: Just Integrate UCS in Active Directory

Our Univention App Center offers many open source applications from all areas, which you can add to your UCS environment in just a few clicks. Whether groupware, CRM or backup solution – the list of apps is growing continuously. If you want to use these applications in a Windows environment, UCS offers a particularly convenient way of doing so: UCS can be integrated with existing Windows environment, in particular, in an existing Active Directory domain.

After such an integration for which you use our app ‘Active Directory Connection’, the Active Directory (AD) continues to work as a the primary directory service, while UCS can extend the AD domain by exactly those open source software solutions that are available in the App Center.