UCS Samba/AD: How to establish trust with native Microsoft Active Directory domains

Logos von UCS und Windows mit verbindenden Pfeilen

Establishing a trust relationship means giving users of a domain access to the resources of another domain. In some situations this can extend the options for identity management. In the following example, I will refer to the interaction between Samba in UCS and Microsoft Windows. I will explain in detail how a so-called trust relationship can be configured and what the current state of implementation is.

Reporting for professionals: Log activities in the UCS LDAP directory service

Many services and processes running in a domain document their activities fully automatically in the background. The log files contain information about users’ logins to the system, installation and uninstallation of software, access to web pages, error messages and other information. Univention Corporate Server (UCS) also creates such reports – either behind the scenes in the form of log files or by using the UCS Admin Diary. You can also obtain ready-made reports as CSV or PDF files via the Univention Management Console or Shell.

In this article, I would like to show you how to create audit-proof log files of the LDAP directory service with Univention Directory Logger. I’d also like to tell you how to obtain a complete overview of the operations in a UCS domain with Admin Diary and how you can evaluate data from the directory service with Univention Directory Reports.

How To configure the BigBlueButton video conferencing solution for UCS and use it easily

Since the beginning of spring, school authorities and other educational institutions have been faced with the challenge of continuing their teaching with no or only limited face-to-face interaction. This article introduces the web conferencing system BigBlueButton, which may be a possible solution to this problem. In the first part of the article I would like to give you an overview of the most important functions of BigBlueButton and briefly discuss what you need to pay attention to the sizing of the servers and how to deal with problems caused by NAT and firewalls of the users. In the second part, I will explain how to integrate BigBlueButton into your UCS environment step by step so that users can use it with their usual credentials.

Samba 4 and OpenLDAP: SURF relies on UCS

SURF is the cooperative association of Dutch educational and research institutions. One of the goals of our organization is to facilitate research with HPC (High Performance Computing). We run national super computer clusters and provide computing power, data transport, data management and analysis for the Dutch academic community, i.e. to universities, universities of applied science, senior secondary vocational institutions (MBO), UMCs and research institutions.

Secure Communication Processes in UCS with (Self-generated and Signed) Certificates

Certificates – Why and What for

In this article I would like to give you an insight into the topic “Securing the Internet-based exchange of information through certificates”. I’ll take a quick look back at the beginnings of the Internet and the use of protocols such as HTTP, SMTP, POP … and their encrypted transport via SSL or TLS. Above all, however, I would like to explain to you how you can use public certificates with Univention Corporate Server to secure your data transfer or also how you can create trustworthy certificates by yourself with Let’s Encrypt. Completely secure and free of charge on top.

Setting up an Automatic Account Lockout after Failed Login Attempts

By default, UCS users can enter the password incorrectly any number of times without being locked out by the system. In order to make brute force attacks to crack passwords more difficult, admins can set up an automatic lockout that prevents an account from being accessed after a user-defined number of failed attempts.

Univention Corporate Server offers several methods for authentication and authorization. In this blog article I will show you how to log failed login attempts to the system via PAM stack, OpenLDAP and Samba respectively and how you as an admin can set a limit for the number of unsuccessful logins.

How to integrate with LDAP – Example Redmine

In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how you can use LDAP provided by UCS to expand or use in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will detail the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

Videoconferences at Univention

In times of telecommuting they have become indispensable: videoconferences.

Anyone who frequently participates in them knows that nothing is more disturbing than distorted scraps of conversation and lagging interlocutors. A flawless transmission, however, enables employees to focus on the essential topic and exchange information about it, even in a digital environment. It adds up to a good feeling keeping control of the data when discussing internal company information or when talking to customers.