|
I have this laserjet printer that sometimes just doesn't accept print jobs. Instead of troubleshooting it I'm buying another one. Is that wrong of me? No, it's not. gently caress printers.
|
# ? Dec 11, 2021 21:39 |
|
|
# ? Apr 18, 2024 09:56 |
|
Depends on which model. There is a printer shortage going on. You might need to make that one last longer.
|
# ? Dec 12, 2021 00:43 |
|
redeyes posted:Depends on which model. There is a printer shortage going on. You might need to make that one last longer. Eh, I’ll just have my friend carry his printer over from his dorm room.
|
# ? Dec 12, 2021 01:05 |
|
How are people handling domain joining laptops when everybody is working remotely now? Like... if I lift and shift a domain controller to Azure, can I domain join laptops without needing a VPN? I'm shamefully uninformed about that.
|
# ? Dec 13, 2021 14:05 |
|
Ideally you'd move to Azure AD and manage devices with Intune. If you really really need actual AD join then you can deploy an always-on VPN using Intune and then do a Hybrid Join.
|
# ? Dec 13, 2021 14:22 |
|
Thanks Ants posted:Ideally you'd move to Azure AD and manage devices with Intune. If you really really need actual AD join then you can deploy an always-on VPN using Intune and then do a Hybrid Join. That's the goal I think. We're already managing devices with Intune, it's just... figuring out how to make our domain open to regular over-the-internet joining that I'm struggling with. edit-- huh, apparently I'm just an old fogey, you don't even need a domain controller in the cloud, you can just connect directly to Azure AD. Count Thrashula fucked around with this message at 15:54 on Dec 13, 2021 |
# ? Dec 13, 2021 15:01 |
|
Thanks Ants is pointing you in the right direction. Autopilot with Azure AD Hybrid Join. It's not super straightforward, unless you already have an Always On VPN solution. Expect to have to put some engineering resources in. To directly answer your question, no, you cannot join a domain without a VPN.
|
# ? Dec 13, 2021 15:55 |
|
No. 1 Juicy Boi posted:edit-- huh, apparently I'm just an old fogey, you don't even need a domain controller in the cloud, you can just connect directly to Azure AD. Keep in mind that plain ol' Azure AD cannot do Kerberos authentication. Joining a computer to Azure AD in the non-Hybrid way will not join it to a domain. If you only use modern apps that use SAML or equivalents, then you're good, no more domain needed for you. But if you have legacy apps that need Kerberos, then you need to look at Autopilot with Azure AD Hybrid Join.
|
# ? Dec 13, 2021 15:58 |
|
Internet Explorer posted:Keep in mind that plain ol' Azure AD cannot do Kerberos authentication. Joining a computer to Azure AD in the non-Hybrid way will not join it to a domain. If you only use modern apps that use SAML or equivalents, then you're good, no more domain needed for you. But if you have legacy apps that need Kerberos, then you need to look at Autopilot with Azure AD Hybrid Join. If you want to be galaxy brained, you could always put your onprem web-apps behind Azure web proxy.
|
# ? Dec 13, 2021 21:59 |
|
No. 1 Juicy Boi posted:How are people handling domain joining laptops when everybody is working remotely now? Where I'm at right now we're full-on Azure AD and it's awesome. Take machine out of the box, sign in with my Azure AD account, and it pulls everything from InTune. Not a beautiful image like the old days but definitely good enough. No domain controllers, no VPN, just beautiful borderless clouds
|
# ? Dec 13, 2021 22:20 |
|
redeyes posted:Depends on which model. There is a printer shortage going on. You might need to make that one last longer. Yeah you weren't kidding.... good gracious
|
# ? Dec 14, 2021 17:07 |
|
Apparently Lexmarks are in stock though! I could install that and immediately quit.
|
# ? Dec 14, 2021 17:28 |
|
I've always made sure to push toward leasing printers with an included service contract and removing desktop printers everywhere I go because it saves time and it really is cheaper if people commit to ditching the desktops and printing things in B&W that belong in B&W. But yeah this past year we've had to deploy a couple desktop ones and it's amazing how much time and a percentage of my workload that managing these dumb things can be.
|
# ? Dec 14, 2021 18:58 |
|
Has anyone here actually understood ssh certificates? I'm reading about them and it seems smart, but I hit my dumb wall/no one can explain things in simple terms. In particular, I would love if they could integrate with FreeIPA, somehow.
|
# ? Dec 16, 2021 09:27 |
|
bolind posted:Has anyone here actually understood ssh certificates? I'm reading about them and it seems smart, but I hit my dumb wall/no one can explain things in simple terms. I have to second this, including IPA. Last week/this weekend/Monday I had to deal with expiring certificates. My network admin was talking about doing it with me (I was going to just use Ansible to move them into place), but he never got around to buying them until the last business day. So I had to scramble to put them into place last minute. NA even the balls to ask me at 4:55 if I planned to work last weekend on a Skype call with my boss.
|
# ? Dec 16, 2021 12:52 |
|
IUG posted:I have to second this, including IPA. Last week/this weekend/Monday I had to deal with expiring certificates. My network admin was talking about doing it with me (I was going to just use Ansible to move them into place), but he never got around to buying them until the last business day. So I had to scramble to put them into place last minute. NA even the balls to ask me at 4:55 if I planned to work last weekend on a Skype call with my boss. Do you have ssh certs up and running? I can’t even understand them/make a PoC in a lab setting.
|
# ? Dec 16, 2021 13:50 |
|
bolind posted:Do you have ssh certs up and running? I can’t even understand them/make a PoC in a lab setting. I ended up with an Ansible playbook/role that put them into these places on the systems: Centos / Redhat: /etc/pki/ca-trust/source/anchors/ update-ca-trust Ubuntu: /usr/local/share/ca-certificates/ update-ca-certificate The "update-ca-*" command makes them take effect on the systems. Our certificates were the bundles for these locations, and there was a single cert/key pair that was put in other locations for nginx, load balancers, and some of the web servers (librenms, graylog, etc). I also have a question for this thread, but on another subject. What is a good, open source, tracker of systems' OSs and updates? My boss wants a summary of which systems are running Ubuntu 20, 18 (god help me there's a 16 in there), Centos 8/7, etc, and have it all on one page/portal. Our firewall can do it, but for a price, so that's not going to work for us.
|
# ? Dec 16, 2021 14:35 |
|
I use Spacewalk for that but it's EOL and doesn't support any of the RHEL 8 derivatives. Will probably retire it next year, but we've been moving away from it for a while since it got EOL'd and we aren't going to pay for Satellite. Our current process is to use an Ansible playbook that gathers host facts, dumps them into a CSV, then uses Snipe-IT's API to update any changed asset info, so we have real-time data on all our machines whenever we want. It's simple enough that we could include package/version information if we cared (we don't). Sheep fucked around with this message at 15:13 on Dec 16, 2021 |
# ? Dec 16, 2021 15:04 |
|
Sheep posted:Our current process is to use an Ansible playbook that gathers host facts, dumps them into a CSV, then uses Snipe-IT's API to update any changed asset info, so we have real-time data on all our machines whenever we want. It's simple enough that we could include package/version information if we cared (we don't). We’re using Snipe-IT too, and I would love this, but it is way beyond my skill level. Plus our Snipe system doesn’t include the instances in Openstack, VMs, etc. Hell, just the CSV would be better than the nothing we have now.
|
# ? Dec 16, 2021 15:39 |
|
Could be a good time to broaden your skillset and learn Ansible? It's not particularly difficult to dump host facts from Ansible into a local CSV. Snipe-IT's API is pretty well documented too if you wanted to roll your own automatic updator yourself, same with OpenStack and presumably VMware. The Python3 CSV importer we use is linked off of SnipeIT's main github repository. My rule is if I have to do the same thing more than three times a year, it gets automated. Keeping databases updated with information that is automatically generated by other systems is like 100% top of the "this should be automated" pile since there's no reason for human interaction between two computer systems (VMs/deployment/etc & asset tracking, for example). Sheep fucked around with this message at 17:25 on Dec 16, 2021 |
# ? Dec 16, 2021 17:19 |
|
Ansible I'm fine with, but it's API calls I've hardly ever done. Plus the problem with not all our Ansible targets not being in Snipe-IT. I was just looking into AWX/Ansible Tower, but it seems that they don't have a summary of Ansible Facts unfortunately. We still got to get around to installing that too...
|
# ? Dec 16, 2021 17:38 |
|
Found an HP printer in stock and ordered it yesterday! Then today found out it's actually backordered! Anyway I'm with you Rick on reducing the printer footprint. Some day....
|
# ? Dec 16, 2021 22:19 |
|
Manager who shouldn't be entrusted managing a hot dog stand: "X isn't working RRRRRRGH!" Me: "OK, let's take a look. Can you tell me this and that?" "You changed something!" Dude, if your attention span isn't even sufficient to answer the two questions in a four-line email, then... I swear he's the Hydra. Fix one problem, he comes up with three more.
|
# ? Jan 5, 2022 11:26 |
|
bolind posted:Manager who shouldn't be entrusted managing a hot dog stand: "X isn't working RRRRRRGH!" I've been working for these types of users for a few months. I tried giving them a script to fill out whenever they send the desk an email: pre:[---start copying here---] * When did you first notice the issue? * Is this issue preventing you from getting your work done? * What action are you trying to take? * What happens when you try to take this action? * What device and app are you using? * What troubleshooting steps have you taken so far? * When are you available to work on this issue? Include a few time windows for 2-3 days out (if can wait that long). Please include time zone -- we have users all over the world. * What is the best contact number for you? Please include direct line. [---stop copying here---]
|
# ? Jan 5, 2022 16:31 |
|
LOL to the idea of ever answering a phone for any reason whatsoever
|
# ? Jan 5, 2022 17:08 |
|
Need a hardware recommendation. I work in the headquarters office, but we have 3 remote offices. All of the offices complain that their internet “sucks”. So, I’ve had some folks do speed tests and we seem to be getting what we pay for, it’s just that our wireless sucks. So I would like to get some new hardware in there. All the offices have the basic wireless router from the provider. I was thinking about getting a basic mesh network like Google/Nest Wifi however I have concerns. 1. I hate google 2. I don’t think I remotely monitor and update those networks without the app So, is there a recommended mesh hardware I could buy for offices of ~5 employees that I can remotely administer via web interface?
|
# ? Jan 6, 2022 20:10 |
|
Can you afford Meraki (and are you OK with the *insane* lead times on it right now)
|
# ? Jan 6, 2022 20:14 |
|
Gotta push meraki as it was a fuckin dream if you go full stack (switch, firewall\router,wifi) and never have to worry about being in person again (unless you gotta change modem hardware)
|
# ? Jan 6, 2022 21:31 |
|
As someone that ran a full meraki stack for a while it worked great for the core use cases, but I constantly ran up against limitations in the non-autovpn configurations to the point where I ran vms to manage the IPsec tunnels.
|
# ? Jan 6, 2022 21:34 |
|
Main thing with Meraki was provision and set up all the devices locally before you ship them out to the remote offices to deploy. We had more than a couple of times where a switch would just bug out and hang on provisioning and the only option was to RMA the thing. Hell of a lot easier to box up and ship back a switch when it's sitting on a chair in your office than it is when you've racked it and cabled everything up on the other side of the country and you're under a deadline to get the office up and running. Used to be able to get demo accounts & units to test things with and make sure it's all up your alley before dropping 30 thou on a full deployment, no idea if recent supply shortages have made that more difficult or not. We ran it full stack in all our offices and it was pretty slick, sounds up dexter's alley as well. Sheep fucked around with this message at 21:41 on Jan 6, 2022 |
# ? Jan 6, 2022 21:37 |
|
Aruba's are perfectly fine for smaller offices if you're not all in on Meraki gear, I've deployed a ton of Aruba poo poo; easy to deploy and Just Works.
|
# ? Jan 6, 2022 21:40 |
|
The Fool posted:As someone that ran a full meraki stack for a while it worked great for the core use cases, but I constantly ran up against limitations in the non-autovpn configurations to the point where I ran vms to manage the IPsec tunnels. Yeah if you want VPN tunnels then use something else and put the routes into the Meraki firewall. I use a pfSense appliance for this.
|
# ? Jan 6, 2022 22:04 |
|
Thirding or whatever Meraki if you can afford it. My backup recommendation used to be "unifi is great", and then "unifi is ok". Now I'm at "no need to switch away from unifi but also don't switch to it"
|
# ? Jan 7, 2022 02:16 |
|
I’m so mad at Meraki right now. Whatever you do do not stack their switches. I’m running beta firmware because their management plane crashes SO MUCH.
|
# ? Jan 7, 2022 02:19 |
|
nvrgrls posted:Thirding or whatever Meraki if you can afford it. what have you been encountering with the unifi ecosystem
|
# ? Jan 7, 2022 03:22 |
|
Thanks for the suggestions! I’m worried all of this might still be overkill: We’re a nonprofit that is very basic (think O365+Zoom) so we really just need stable Wifi. Is there anything more basic?
|
# ? Jan 7, 2022 03:43 |
|
Potato Salad posted:what have you been encountering with the unifi ecosystem I've had a few APs shipped that were just straight up bad, some that would randomly disconnect and reconnect a few hours later... Not A LOT, but more than I'd expect for the price point and the vendor lock. Customer service has not been great (but I do love their message board/community support).
|
# ? Jan 7, 2022 04:42 |
|
dexter6 posted:Thanks for the suggestions! What's the rest of your network stack right now? What do you have for switches and firewall at the remote offices? And is it 3 remote offices x 5 users at each office every day? If you want to deliver reliable Wi-Fi that you can manage remotely there aren't that many names to look at.... meraki, unifi, aerohive (I guess extreme bought them now), aruba.... Dans Macabre fucked around with this message at 04:55 on Jan 7, 2022 |
# ? Jan 7, 2022 04:52 |
|
nvrgrls posted:what's the rest of your network stack right now? what do you have for switches and firewall at the remote offices?
|
# ? Jan 7, 2022 04:53 |
|
|
# ? Apr 18, 2024 09:56 |
|
dexter6 posted:No stack. Current setup in that office is AT&T u-verse router. And because that doesn’t cover the office, they bought a AT&T hotspot and put it in the front of the office. If you wanted to go cheap you could get one of those tp-link extender things but if you want reliable, that ain't it. I had that at my house and it sucked.
|
# ? Jan 7, 2022 04:56 |