openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842022-01-09T13:45:36ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #104730 (Closed): "Direct Rules" der Firewall greifen nicht mehr.https://progress.opensuse.org/issues/1047302022-01-09T13:45:36Zflaccostefan@invis-server.org
<p>Im Firewall-Setup des invis-Servers haben wir vor einiger Zeit einen Satz an "Direct-Rules" hinzugefügt. Hier die zugehörige XML-Datei:</p>
<pre><code><?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0">-o intern -j MASQUERADE</rule> -->
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i vpn -o intern -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i intern -o vpn -m state --state RELATED,ESTABLISHED -j ACCEPT</rule>
</direct>
</code></pre>
<p>Die hier gesetzten Regeln dienten dazu ein Class-Routing zwischen den Schnittstellen "intern" und "vpn" zu ermöglichen. Beide Schnittstellen sind Teil der Zone "internal". Ohne diese Regel war es nicht möglich via VPN auf Netzwerkkomponenten hinter dem invis-Server zuzugreifen.</p>
<p>Unter openSUSE 15.3 (invis 14.3) scheinen diese Regeln nicht mehr zu greifen.</p>
<p>Vermutlich liegt das daran, dass inzwischen "nftables" anstelle von "iptables" als Firewall-Backend genutzt wird.</p>
invisAD-setup - action #81078 (Closed): Aktualisieren unseres Dehydrated-Setupshttps://progress.opensuse.org/issues/810782020-12-15T19:52:27Zflaccostefan@invis-server.org
<p>Die Konfiguration von Dehydrated sollte um die Direktive "cleanup" ergänzt werden. Das sorgt dafür, dass alte Zertifikate automatisch gelöscht werden.</p>
<p>Um dies umzusetzen müssen unter /etc/dehydrated vom Benutzer dehydrated angelegt werden können. Aufgrund inkorrekter Besitzrechte im derzeitigen Setup klappt das nicht, was Folgefehler nach sich zieht.</p>
<p>Es scheint auch so, dass keine "domain.txt" Datei angelegt wird. Dies sollte während des invis-Server Setups automatisch geschehen.</p>
<p>Das Toolbox-Script "actdehydrated" verwendet noch das Kommando "ifconfig", welches nicht mehr im openSUSE Standard-Setup enthalten ist. Das Script muss auf das Kommando "ip" umgestellt werden.</p>
invis-backup - action #67930 (Closed): Add pruning functionality to invis-bbuhttps://progress.opensuse.org/issues/679302020-06-10T07:13:19Zflaccostefan@invis-server.org
<p>For the first step pruning should run:</p>
<ol>
<li>manually for disk backup</li>
<li>automatically for net backup </li>
</ol>
invisAD-setup - action #67156 (Closed): Add cc-mailadress for emergency mailshttps://progress.opensuse.org/issues/671562020-05-22T07:31:59Zflaccostefan@invis-server.org
<p>In the case of a problem, the invis-server sends mails to a named administrator. This is usually an external service provider. Such mails should also be sent to a local manager. We should add a cc-address to our configuration and extend the emergmailer script.</p>
invisAD-setup - action #55349 (Closed): add a Script-entry for the inhume-script into invis-Porta...https://progress.opensuse.org/issues/553492019-08-11T14:30:12Zflaccostefan@invis-server.org
<p>inhume is a script to remove orphaned data from exited users out of kopano and owncloud.</p>
invisAD-setup - action #45731 (Closed): Bug: firewalld is blocking everything until it's restartedhttps://progress.opensuse.org/issues/457312019-01-04T15:54:45Zflaccostefan@invis-server.org
<p>After a reboot of an invis server the new firwalld daemon is blocking everything until it is restarted.</p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invisAD-setup - action #43313 (Closed): Create an upgrade path from samba 4.6 to 4.7 with MIT ker...https://progress.opensuse.org/issues/433132018-11-03T12:40:58Zflaccostefan@invis-server.org
<p>We have to do upgrade tests with our heimdal based samba 4.6 setups to samba 4.7 with MT kerberos</p>
invisAD-setup - action #35946 (Rejected): GroupPolicies to rollout software to windows-clientshttps://progress.opensuse.org/issues/359462018-05-06T11:58:51Zflaccostefan@invis-server.org
<p>We should add GPOs to the invis-Server AD for an automatic rollout software-packages like Kopano-Outlook-Extension, Kopano-Deskapp or ownCloud-Client to the connected windows clients</p>
invisAD-client - action #31636 (In Progress): bringing invis-client package to opensuse factoryhttps://progress.opensuse.org/issues/316362018-02-10T17:01:11Zflaccostefan@invis-server.org
<p>In github (<a href="https://github.com/invisserver/invisAD-client" class="external">https://github.com/invisserver/invisAD-client</a>) I startet a very small invis-client project. It's goal is to add opensuse Linux workstations to an invis-server AD domain. Using this tool is a litlle bit complicated because it has to be cloned from github before using it.</p>
<p>We should bring this as a rpm package into opensuse-factory to make it easy for opensuse clients to join an invis-server domain.</p>
<p>Steps:</p>
<ol>
<li>build a package in spins:invis:testing</li>
<li>request to add it to factory</li>
</ol>
invisAD-setup - action #25802 (Closed): Switch to firewalldhttps://progress.opensuse.org/issues/258022017-10-05T17:36:44Zflaccostefan@invis-server.org
<p>The upcoming openSUSE leap 15 replaces the traditional SuSEfirewall2 with the firewalld system. Therefor we have to migrate our fw-settings from SuSEfirewall2 to firewalld. SuSEfirewall2 is not completely replaced, but we decided to switch firewalld. The migration script susefirewall2-to-firewalld will help to migrate.</p>
invis-server - action #23880 (Closed): Chemnitzer Linux Tage 2018https://progress.opensuse.org/issues/238802017-09-02T21:43:55Zflaccostefan@invis-server.org
<p>Presenting invis-Server at CLT 2018</p>
invisAD-setup - action #23746 (Closed): Adding sudoers rules to active directory.https://progress.opensuse.org/issues/237462017-08-29T08:02:07Zflaccostefan@invis-server.org
<p>Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.</p>
<p>Info: <a href="http://jhrozek.livejournal.com/3860.html" class="external">http://jhrozek.livejournal.com/3860.html</a></p>
invis-server - action #23664 (Closed): OpenRheinRuhrhttps://progress.opensuse.org/issues/236642017-08-26T07:19:14Zflaccostefan@invis-server.org
<p>Presenting invis-Server at OpenRheinRuhr.</p>
<p>Staff: Stefan, Ines, Ingo, (Dimitri?)</p>
invis-server - action #23662 (Closed): Kieler Linux Tagehttps://progress.opensuse.org/issues/236622017-08-26T07:10:26Zflaccostefan@invis-server.org
<p>Presenting invis-Server at Kieler Linux Tage.</p>
<p>Staff: Stefan, Ines</p>
<p>invis-Server Talk: <a href="http://www.kilux.de/index.php?seite=programm.html&untermenu=Besucher-Info#325" class="external">http://www.kilux.de/index.php?seite=programm.html&untermenu=Besucher-Info#325</a></p>