HowTo: Web-based Linux Terminal Server with 2FA

Timo Denissen of the Professional Service Team of Univention described in February with the blog article “Desktops with Guacamole remote control” how computers can be remote controlled via the browser. In this How To I would like to show how this principle can be extended with the help of privacyIDEA and xRDP to a terminal server environment which can be used completely in the browser, integrated into the domain of the UCS and secured by 2-factor authentication.
I assume in the HowTo that a functional UCS Master already exists. I run this virtualized using Proxmox. I use a second VM for the terminal server environment.
The following steps are described in detail in this HowTo:

  1. Prepare LinuxMint with xRDP
  2. Installing and configuring privacyIDEA and RADIUS on the UCS Master
  3. Integrate xRDP with privacyIDEA
  4. Install and configure Guacamole with RADIUS Plugin

The Decision has been made: UCS 5.0 is coming!

Logo Effekt UCS 5.0
While we were planning the upcoming UCS development stage, we decided to start working on the next major version: UCS 5.0 is planned for next year. In this article I would like to let you take a look behind the scenes and share some of our plans with you.

It’s been almost 5 years since we released UCS 4.0. During this time, UCS has evolved a lot. At the same time, we’ve continued to maintain the old version’s features. While most of them are popular with our users, others are not. There are also some things we would do differently if we had to do them again. By jumping to the next major version, we would like to get rid of some relics and implement several new features at the same time. We’re still at the very beginning, so not all decisions are final yet – but true to the motto “be open” I would like to share some of our ideas and plans in this blog post.

Technical Difficulties with UCS 4.4-2 Download Image

After the release of the UCS 4.4-2 update, technical problems with the DVD ISO and appliance images of UCS 4.4-2 were discovered that interfere with the operation of some important apps. This prompted us to take them offline until further notice. We continue to make the UCS 4.4-1 images available for download, from which users can then simply upgrade to UCS 4.4-2 without the technical problems. In this blog post I would like to give information about the current status and the background.

UCS 4.4-2: Second Point Release

We’ve just published the second point release for UCS 4.4. Apart from some bug fixes and corrections, we’ve also implemented some new features and, of course, we’ve put some work into numerous apps.

Final Version of the UDM REST API

Looking back at the first point release (UCS 4.4-1 in June 2019), our REST API for the Univention Directory Manager was still in beta stadium. Good news: the interface for accessing the directory service is stable now. The API connects applications to the UCS directory service; access is granted via a web service using HTTPS, and data is exchanged JSON format. So, the REST API offers the same functionality as the udm command line tool.
For example, it simplifies the maintenance of user properties or computer objects from connected systems. Developers of applications offered in the Univention App Center also benefit from the new, standardized access because they are no longer limited to the UDM Python interface. The REST API of the Univention Directory Manager is by default activated on all UCS 4.4-2 DC Master and DC Backup instances.

Univention App Center receives Nextcloud 16

It has taken a while, as we had to make Nextcloud 16 compatible with the version of PostgreSQL (9.4) in UCS, but here it is: Nextcloud 16 is now available on the Univention App Center!

Aside from the significant improvements in Nextcloud 16, this version also delivers two much requested features: a secure LDAP connection and SAML SSO support. Both simply require the sysadmin to enable them, everything is pre-configured! Nextcloud is just the second app in the App Center supporting this easy SSO setup.

Vulnerability closed for possible manipulation of Docker Apps in App Center

docker-logo-blog-header

On the evening of September 6th, a vulnerability in the App Center repository server became known that allowed Docker images to be manipulated for Docker based apps. The vulnerability was in the Docker registry for the Univention App Center and allowed anonymous push of Docker images. The problem was fixed the following day by locking the anonymous push again.

Videoconferences at Univention

In times of telecommuting they have become indispensable: videoconferences.

Anyone who frequently participates in them knows that nothing is more disturbing than distorted scraps of conversation and lagging interlocutors. A flawless transmission, however, enables employees to focus on the essential topic and exchange information about it, even in a digital environment. It adds up to a good feeling keeping control of the data when discussing internal company information or when talking to customers.

How To: Easily Evaluate and Permanently Operate Apps with Appliances

IT environments are a dynamic situation with changing problematics, requirements and needs of users. System administrators have to face these dynamics while maintaining IT operations. Therefore, they have to regularly deal with new software solutions and check whether they fit the requirements, needs and circumstances of their own IT environment. In this article, we want to show how Univention App Appliances can help with this. As pre-configured virtual images ready for immediate use with an integrated operating system, they can be used to quickly try out new software, switch it off if it fails to deliver the desired results, or, if the evaluation is successful, transfer the test solution to live operation.

UCS: How to Connect your Printers

In this article with corresponding how to film we are going to explain how to connect printers in UCS. Univention Corporate Server offers a printing system that can be implemented even in complex environments. Printers and printer groups are managed in the Univention Management Console, UMC for short. The print services are based on CUPS – that’s the Common Unix Printing System. The printer queues are managed by CUPS and UMC.
PPD files (PostScript Printer Description) describe the technical capabilities of the printers. These files contain information about the printers’ features, i.e. whether it’s a color device, whether duplex printing is possible, which paper trays are available, which resolutions and which printer command languages are supported (e.g. PCL or PostScript). UCS provides a variety of PPD files, so most printers can be accessed and configured without having to install additional drivers. If you have to set up extra PPD files, please have a look at our manual.