Sysadmin Mega Thread

wait till you’re 29

been there with no college degree, the only one in my workplace

at least I’m finishing college this year

thought of moving into infrastructure for many times, but it’s not very well paid in my area, and jobs are even more scarce than development

by 29/30 you’ll feel old, body will ache for days if you sleep in a weird position and you’ll get fat(ter) without even trying

Samba AD isn’t too bad these days, especially since Fedora packages it now. Zentyal isn’t too terrible of you want a GUI.

Using Samba AD with FreeIPA is the masochistic move. I was able to establish one-way trust, but it’s tedious to make it functional for anything.

I have note used FreeIPA yet. No need to in my environment, yet.

What’s the deal with 512e/4k drives? Are they mostly plug and play or do I need to worry about something… looking to throw them in a FreeNAS box that already has some Ironwolfs. Not going to add them to the same pool or anything but not sure if there are issues having them on the same backplane… er, its a storinator, so no backplane, but any issues whatsoever (same HBA though).

Yeah. As long as you have somewhat modern partitioning tools everything is automatic and fine. The only detail to watch out for is starting a partition on a block that isn’t on a 4K boundary.

Like, here is from an external backup drive of mine. Note that I didn’t create that first partition I just left it there. But my version of fdisk does complain about it because block 34 / 8 is 4.25. (8 because there are 8 512b blocks in 4K)

# fdisk -l /dev/sdi
Disk /dev/sdi: 7.28 TiB, 8001563221504 bytes, 15628053167 sectors
Disk model: Expansion Desk  
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: DBA06CA0-5EC2-4625-B70F-4A6138CCCFE5

Device      Start         End     Sectors  Size Type
/dev/sdi1      34      262177      262144  128M Microsoft reserved
/dev/sdi2  264192 15628052479 15627788288  7.3T Microsoft basic data

Partition 1 does not start on physical sector boundary.

Makes sense and good to know… I’m guessing (hoping) that FreeNAS and/or ZFS will be smart about that?

Hey everyone,

I am trying to get wireguard running in a windows domain with the users having the ability to switch on and off the vpn on their bidding (yes, requirement. I don’t make the rules. ATM we got IPSec and would love to get away from that…)

Sadly since the MS14-025 Patch (2013ish) i can no longer just set the “wireguard.exe /installtunnelservice” in a schtask, so that any user (even without admin creds) can start it.

Does anyone have a solution for this? (still need it to be safe and not just either give everyone admin creds or hardcoding them into some script)

(PS: Would love to not have to enable the auditing for program-openings, I know that I could use a program opening event as a trigger, but would rather refrain from doing this the extremely hacky way. A bit hacky is okay though )

Also: Finally made an account here, hopefully I found the right place.

I think you just need to set HKLM\Software\WireGuard\LimitedOperatorUI dword to 1. Then non-admins can start/stop tunnels, although they are prohibited from adding/removing tunnels. Also, they need to be in the network configuration group.

https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md

That transfer rate suspiciously seems like a 100mbps link bottleneck. See if an ethernet cable somewhere is negotiating at 100BASE-TX.

Wow. Did not find that previously, seems to hit the spot perfectly though.
Will test and get back to you.

Edit: Forgot to thank you (!) and wanted to express my annoyance about this not being something that is at least “easy” to find…

I’ve been learning to setup wireguard recently and getting the information I need all in one place is definitely a chore.

Well, for the most part it has been much better than learning IPSec or OpenVPN, but (still not tried) if that small Option is working, it would have saved me 8h work.
I can only recommend the linuxserver/docker-wireguard image as it is nicely documented and works just as you would expect.

The Wireguard macOS client is pretty great for the end-user, but I haven’t figured out how to automate deployment yet. Since it’s a 3rd party app still, you can’t push a mdm profile for it and it stores the credentials in the user’s keychain which is nice for security but a pain to manipulate in a script.

Been using the vyatta patch on Edgerouters for the server. Kind of clunky there. If you accidentally configure 2 clients with the same IP address, it’s difficult to reverse.

i just spent the last four hours troubleshooting freeipa server only for it to some how fix itself and i have no idea how.

fuck im tired and I dont undertstnad but oh well its working and im off to bed.

Ntp get out of sync maybe?

Maybe you should try freelager or freestout instead?

Looking increasingly likely that Ubiquiti is killing the EdgeMax product line. The new ISP-oriented hardware relies on a controller like Unifi does.

With all there latest moves over last two years you know you saw it coming

nope.

Turns out that during the Cleanup script in the package update it comments out the krb5.conf id block which fucks everything up.

So I have to uncomment out those lines then re-run ipa-server-upgrade.

Then it works.

Spoke with the SME on it today.