syslogs which gets messages sent in systemd-journald and stored the data in the disk. To view the systemd messages execute journalctl and can be used with additional parameters. In this post we are going to see quick howto use journalctl command and how to use it
SMTP Reply codes are used to determine the error in the message, SMTP(Simple Mail Transfer Protocol) is a standard protocol for sending emails, the client sends and the server responds, a response is with the 3 digit code which contains the meaning for the response with the codes, find the below SMTP reply codes
In this post we are going to see how to write a script to find the subnet calculator, we are using korn shell to write. the interpreter we are going to use /bin/ksh, the korn shell supports MacOS, Linux and Unix flavours. This will be helpful for assign the ip address to the server ip planning.
How can I use breakout rooms in Microsoft Teams?
Only the meeting organizer can start breakout rooms.
The meeting organizer can start a breakout room on the desktop client only.
Participants can join a breakout room from desktop, web or mobile.
UNIX shell programs executes the user command. User can enter like a command directly or executes a set of commands from a file called as a script file or program. Shell scrips are not compiled, it is interpreted executes line by line.
In this post we are going to see Linux user and group administration, this is applicable for RHCSA Exam for RHEL 8 / 7 versions. We are going to see Linux users and group creation, modification, deletion. Managing user and group can be done by command or GUI tools
What is CentOS
CentOS is a reproduction of Redhat enterprise Linux(RHEL), CentOS is a stable release unlike Fedora it is a beta version of RHEL, CentOS provides regular updates and security patches like Redhat. CentOS is open source platform, so anyone can download and use it it and distribute for free.
In general the version control is used to preserve the changes made in a software codes, documents and other formats. For example if a group people are accessing the documents like release notes or instructions, if someone edits, so that we can find what he has changed from the previous versions, so that we can able to restore the changes made and back to original. we have the history of documents that are stored in version controlled.
Most of the Linux operating system is free to download, under GPL license anyone can download the software and use it, there are lot of distributions are available. Linux is a collection of softwares based on the Kernel.
And also linux operating system receives free updates, patches and security updates frequently. In this blog we will see Linux distributions which are frequently used and their download link.
Office 365 identity models – Introduction
Choosing the right authentication method for Office 365 looks simple on paper, but when you get down in the weeds and take a closer look you may realize it’s not that easy.Choosing the correct authentication method is the first concern for organizations wanting to move their apps to the cloud.
This is the continuation article for Office 365 identity model. Let us see more about the identity model in this chapter.
How Pass through authentication works
As far we know until today, the best solution form the Microsoft point of view is, to use ADFS to authenticate on-premises users for cloud services such as Azure or Office 365. This is working very well and there are many articles about how to configure the clams etc. can be found in internet and also on my Blog.
However, if a company don’t want to use ADFS for authentication, there is another way Microsoft supports, but it is not so common like the ADFS solution. In this article I want to present an alternative way using AAD with Pass-through.
Please find the whole authentication progress here,
- The user tries to access an application, for example, Outlook Web App.
- If the user is not already signed in, the user is redirected to the Azure AD User Sign-in page.
- The user enters their username and password into the Azure AD sign in page, and then selects the Sign in button.
- Azure AD, on receiving the request to sign in, places the username and password (encrypted by using a public key) in a queue.
- An on-premises Authentication Agent retrieves the username and encrypted password from the queue. Note that the Agent doesn’t frequently poll for requests from the queue but retrieves requests over pre-established persistent connection.
- The agent decrypts the password by using its private key.
- The agent validates the username and password against Active Directory by using standard Windows APIs, which is a similar mechanism to what Active Directory Federation Services (AD FS) uses. The username can be either the on-premises default username, usually userPrincipalName, or another attribute configured in Azure AD Connect (known as Alternate ID).
- The on-premises Active Directory domain controller (DC) evaluates the request and returns the appropriate response (success, failure, password expired, or user locked out) to the agent.
- The Authentication Agent, in turn, returns this response back to Azure AD.
- Azure AD evaluates the response and responds to the user as appropriate. For example, Azure AD either signs the user in immediately or requests for Azure Multi-Factor Authentication.
- If the user sign-in is successful, the user can access the application.
Federated identity offers some unique security options not available in other scenarios, but it also has the most requirements in terms of server infrastructure to implement. To enable federated identity, you need to deploy Active Directory Federation Services (ADFS) in an on-premise network. A typical deployment would be a two-server farm at separate sites (Azure has an option to add a second site for single datacenter customers). Two additional servers are needed in a DMZ (demilitarized zone, sometimes referred to as perimeter network) to securely publish ADFS to the internet. Once ADFS is in place, federated identity can be enabled with a few PowerShell commands.
Similar to pass-through authentication, user logon attempts are passed back to the ADFS farm to validate against your local active directory. Outlook 2013 or later will leverage modern authentication to communicate with ADFS. Web browsers will get redirected to the ADFS server to complete their authentication. This lets you use what’s called SmartLinks technology to allow users to logon directly to SharePoint online without entering a username or password.
You also have access to security features not available in other scenarios. You can enable client access filtering which lets you restrict access to Microsoft cloud services based on IP address (commonly used for hourly employees that shouldn’t be able to check email from home). You can also integrate with on-premise multi factor authentication servers (although you should be looking at Microsoft Azure options for MFA).
- Full SSO capabilities in the web browser and Outlook.
- Advanced security configurations available including the ability to filter connection on source IP address.
- No need to sync a password hash.
- ADFS farm can be reused with other cloud services that support SAML.
- Additional infrastructure requirements.
- Additional points of failure.
- Additional cost to setup.
- SSL certificate from a public CA is required which will require periodic updating.