serverfault.com

Environment Domain Controller: Windows Server 2019 on AWS EC2 (m7i-flex.large Free tier) Client: Windows Server 2019 on AWS EC2 (m7i-flex.large Free tier) Domain: akar.com AWS Region: eu-north-1c Both instances: Same VPC (vpc-0e12e37b3587d07d9), same subnet (subnet-0f30e285fd347b26a), same security group Problem Client fails to join the domain with error: Add-Computer : Computer 'EC2AMAZ-3QBIJJU' failed to join domain 'akar.com' from its current workgroup 'WORKGROUP' with following error message: The specified domain either does not exist or could not be contacted. What Works All diagnostics pass successfully: On Domain Controller: All AD services running (DNS, Netlogon, NTDS, KDC) dcdiag /test:DNS passes completely Get

I'm working on implementing a WebTransport server in the browser using Direct Sockets API UDPSocket. I've tried to compile several existing WebTransport server implementations to WASM without success. So, I'm starting from scratch to an appreciable degree, and the first order of business is handling the ClientHello sent from WebTransport client, and providing the ServerHello to the client, according what WebTransport client expects. I'm able to generate self-signed certificates that work, so that's not an issue. How would you go about implementing the TLS client-server exchange in the browser, using JavaScript or an existing library that is designed to be compiled to WebAssembly (for use in the browser)?

I am learning LDAP and wanted to setup user authentication on a linux client via an LDAP directory distributed on two servers: ldap an sub. Host IP are: client = 10.0.0.1/24 ldap = 10.0.0.100/24 sub = 10.0.0.101/24 Here is what I want to achieve: ldap hosts domain uni.edu with a referral to sub.uni.edu sub hosts domain sub.uni.edu with posixAccount alice client is configured with ldap as its LDAP server and alice can authentify with LDAP (which implies contacting the referred server). Here are the results of two LDAP searches on my client showing that referral mechanism seems to work (the first one without the -C option to chase referrals and the second one with it): $ ldapsearch -x -H ldap://10.0.0.100/ -b "dc=sub,dc=uni,dc=edu" # extended LDIF # # LDAPv3 # base <dc=sub,dc=uni,dc=edu> with scope subtree #

I just update my server to ubuntu 24.04 but fail2ban seems to not work, only sshd seems to be monitored. For example my server has exim4 and it is completely ignored. I tried to purge fail2ban installation to start from a scratch configuration but it didn't helped. I added just this file: /etc/fail2ban/jail.d/jail.local [exim] enabled = true Than I tried to raise the debug level to DEBUG but I didn't find something very useful: 2025-12-06 15:33:42,842 fail2ban.jail [161308]: INFO Creating new jail 'exim' 2025-12-06 15:33:42,842 fail2ban.jail [161308]: INFO Jail 'exim' uses systemd {} 2025-12-06 15:33:42,842 fail2ban.filter [161308]: DEBUG Setting usedns = warn for FilterSystemd(Jail('exim')) 2025-12-06 15:33:42,842 fail2ban.filter [161308]: DEBUG Created FilterSystemd(Jail('exim')) 2025-12-06 15:33:42,845 fail2ban.filtersystemd [161308]: DEBUG Created FilterSystemd 2025-12-0

My server's IP address is listed on Spamhaus. It is running on Ubuntu and using Postfix to forward incoming emails to certain emails, such as my Gmail emails. According to Spamhaus: "Make sure port 25 access is limited to mail server access only / end-users should be using SMTP authentication on port 587 or 465" So how can I "Make sure port 25 access is limited to mail server access only"? I found this answer : iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited ip6tables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited But I don't think my Postfix has a username and password set up (how can I set up the username and password?). Any ideas wha

I'm running a rootless podman container where I mount an NFS4 volume. Writing to NFS works Inside the container, I can move a directory that is not in NFS into NFS, and it also works But if I move to NFS from the host instead of from the container, I can't write to it inside the container The ACL & owner for both directories are the same podman run -it --rm \ -v /tmp/local:/local:U \ -v /mnt/nfs:/nfs \ ubuntu:latest # my subuid is 558752 so this maps to 559752 on the host useradd -u 1001 myuser su myuser # creating folder from container works fine mkdir /nfs/created_from_container touch /nfs/created_from_container/file1 #OK! # moving a folder to nfs from within the container also works fine mkdir /local/moved_by_container touch /local/moved_by_container/file1 #OK! mv /local/moved_by_container/ /nfs/ touch /nfs/moved_by_container/file1 #OK! # but this doesn't work

I made a release update of my server and unfortunately it has an exim4 instance and now it has been upgrade to v.4.97 It seems this version introduced a tainted data check and for some reason all my email are not delivered anymore. I tried to add this config .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA allow_insecure_tainted_data = yes .endif But it didn't help, maybe this workaround is deprecated. Then my current transport config: local_mysql_delivery: driver = appendfile directory = /var/mail/${domain}/${local_part}/ maildir_format delivery_date_add envelope_to_add return_path_add user = mail group = mail mode = 0660 Doesn't work, but I didn't understand from documentation how I have to change the directory property.

We are testing Azure Backup File Recovery for a Linux OS-disk (Ubuntu 22.04). The VM has two disks: OS Disk Data Disk The Azure Portal reports: The VM is protected successfully The selected recovery point includes both the OS disk and the data disk No warnings or skipped disks appear in the Backup Jobs view What happens during File Recovery We downloaded and executed the File Recovery script on multiple test VMs and multiple recovery points (including older ones). In all cases: Azure provides only one single LUN through iSCSI: /dev/disk/by-path/...-lun-0 -> /dev/sdc /dev/disk/by-path/...-lun-0 -> /dev/sdd These two iSCSI paths combine into a single multipath device: /dev/m

A resource group is a collection of resources that share the same lifecycle, permissions, and policies. How many resources can a resource group contain? I mostly care about Cognitive Services resources. Here are the hierarchy levels in Azure: Management Group ├─ Quota: how many subscriptions are allowed? ↓ Subscription ├─ Quota: how many resource groups are allowed? ↓ Resource Group ├─ Quota: how many Cognitive Services resources can it contain? ↓ Cognitive Services Resource (aka instance) ├─ Example quotas: │ - OpenAI deployments │ - TPS / RPM / Tokens per minute (visible when creating or editing an endpoint in that resource) │ └─ Contains: - models - deployments - endpoints

I am improving an existing CI and CD setup and the team wants to move toward a stronger DevSecOps model where security validation happens much earlier in the pipeline. The challenge is that our deployments are time sensitive and any added scan or check can slow down the delivery cycle. Currently we use basic static checks, but want to add more depth such as cloud config validation, container image scanning, secret scanning, and automated policy testing. We need to run inside our existing Git based workflow without forcing developers to change how they commit or merge. For teams that follow DevSecOps practices, how do you add early stage security checks while keeping build and deploy times under control? Do you run all scans on every commit or only on merge? Do you separate fast checks and deep scans into different stages? Any recommendations for tools or patterns that balance speed and security? Looking for practical setups that have worked