serverfault.com

I have two hard drives of the same model: HGST HUH721010AL5200 (10TB SAS). Both are declared as 10TB by the manufacturer, but the reported usable sizes differ: Drive A: 9.095 TB visible Drive B: 8.909 TB visible My server requires at least 9TB per disk, so the smaller one will not work. Images: Disk 9TB+ Disk 9TB+ stats Disk 8.9TB Disk 8.9TB stats I was following these instructions: https://talesinit.blogspot.com/2015/11/formatted-with-ty

I want to make a valid TLS certificate for my MX server but I'm confused which hostname/SN I have to set. The MX dns record is published with a cname to serve multiple domains. Example: MX mail.mydomain.com CNAME mail.mydomain.com > server1.otherdomain.com A server1.otherdomain.com x.x.x.x So I don't know which hostname I have to use for the tls certificate. Should I use the mx name? (in that case it is different by domain), or maybe the match is checked using the ptr resolution? Or the name is smtp Helo exchange?

I have certbot that keep a valid certificate and key in its folder /etc/letsencrypt/archive/ The cert is public (644) and key is restricted to root (600). I'm wondering how can I let exim read as TLS certificate. Exim doesn't run as root and cannot read the key. I imagine is not a good idea to change key permission to a group with exim use, what is the best practice? Does certbot like to change its key permission? What happen at key renewal?

I have a slow bash script which I would like to replace with awk, if possible to achieve the following. The input file has 3 columns. Date, FQDN and a Label. The Labels can be replaced by a Flag if a condition is met. The input file has a row for each site (FQDN) with a label on that day. The output file has 1 row / day and the sites are transposed/moved to the columns. LABELS - low - mid - high - nil # when site has -le 2 labels in total and no label on this day - null # when site has -gt 2 labels in total and no label on this day FLAGS - init # first and only value - warn # 30 consecutive days with null - so null label is replaced with warn flag input_data: DATE FQDN LABEL 2025-12-01 www.site_1.tld high 2025-12-02 www.site_1.tld low 2025-12-03 www.site_1.tld mid 2025-12-03 www.site_2.tld low 2025-12-04 www.site_1.tld high 2025-12-04 www.site_2.tld high 2025-12-04 www.site_3.tld in

I’m dealing with a customer which uses a proxy for Internet access; an explicit proxy, not a transparent one. You need to actually call it, and the configuration is deployed to all users using a proxy.pac file and Group Policies. Now, the customer wants to use some Azure services with Private Endpoints (I’m specifically interested in services using HTTPS connections). The networking and DNS resolution are in place, but the proxy gets in the way, because it can’t access those Private Endpoints (they don’t want everyone to be able to connect to them, thus they are filtering access; allowing the proxy would allow all users going through it); this means all actual users of those services need to bypass the proxy when connecting to them. This is easily (enough) achieved for a web browser by setting proxy exclusions, either in the proxy settings of the client or in the proxy.pac file. It’s cumberstome, but it works. But here’s the

I am trying to connect an iPhone (iOS 16/17) to a MikroTik RouterOS 7.8 using IKEv2 + IPsec and it consistently fails. The same configuration does work with a Debian 13 client using strongSwan. The error message in RouterOS log is always identity not found for server:valid.fqdn peer: (here it changes depending on the config: RFC822 or FQDN or ADDR4 depending on the content of local ID config in iOS VPN) Environment: MikroTik RouterOS: 7.8 with RB3011UiAS iOS 18.6.2 with iPhone 14 VPN type: IKEv2 (IPsec) Client: iOS built-in VPN (IKEv2) Authentication: Certificates Here parts of the RouterOS config: /ip ipsec mode-config add address-pool=pool-vlan35-private name=ikev2-pool /ip ipsec profile add dh-group=ecp256,modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile /ip ipsec peer add exchange-mode=ike2 name=ikev2-peer passive=yes profile

Here's the Windows 11 SmartCard popup for the CAC card PIN. A recent update in the last six months has caused the dialog to occlude the first line. Is there any way to determine what caused this? Can I fix it? The dialog works so it isn't a big deal. Is this a unique "me-only" problem?

I am running Guacamole to log in to VMs via Browser. I am able to log into Guacamole via OpenID, so with my EntraID Account. But now I also want to automatically login as the same user onto the vm via entra id automatically. Manually is no issue as the VMs are registered in the EntraID. But when clicking the VM I want it to happen automatically. Any ideas on how to do this? Right now I can only use a generic user for automatic login.

Working with Rancher Desktop (newest stable) on Windows 11 (WSL2), I would like to access a pod via the browser. Anything but port-forwarding. I did already which does not work -- which was working in Docker Desktop. I want to work with the more stable Rancher Desktop. Only the access via a browser is difficult. By NodePort By LoadBalancer Adding a /etc/host entry Via an Ingres route. Of course i could use port-forwarding, but that is not a good option when creating new pod versions. Localhost is never accessable. The 192.168.127.2 is not accessable. I hope you can help me so to enjoy Rancher Desktop even more.

I'm trying to set up Guacamole with Pocket-ID via OpenID and I'm getting a "Invalid callback URL" error. My currently used redirect-URL will lead to an infinite authentication loop. I have no idea what I should change in order to make it work. And the documentation isn't really helpful. So far I'm using the following configuration to make it happen. With that, the authentication actually works but can't continue: OpenID config openid-authorization-endpoint: https://auth.domain.ch/authorize openid-jwks-endpoint: https://auth.domain.ch/.well-known/jwks.json openid-issuer: https://auth.domain.ch/.well-known/openid-configuration openid-client-id: 33248302-..... openid