Posts

Remotely connect to Windows 11 PC using a "passwordless" account

Remotely connecting to a Windows PC with a Microsoft "passwordless" is possible and I finally found a simple workaround at https://cmdrkeene.com/remote-desktop-with-microsoft-account-sign-in/ Copying it here is it does not get lost: On the PC hosting the remote desktop session (running Windows Pro or better), run the following command, replacing the example email address with your Microsoft Account email address that you use to login to the computer. runas /u:MicrosoftAccount\username@example.com winver This command runs the “winver” program under the credentials of the user account specified. It sounds (and is) pretty simple, but what it does in the background is caches your Microsoft Account credentials. Since your local user account had no password, it wasn’t eligible for RDP use even if it has appropriate permissions otherwise. After supplying the password and pressing Enter, you’ll know it worked if you see the About Windows dialog box open. Go ahead and close it and the

Running a serial login terminal under systemd

TL;DR: $ sudo systemctl edit serial-getty@ttyUSB0 [Service] ExecStart= ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM StandardInput=null StandardOutput=journal TTYPath= TTYReset=no TTYVHangup=no From the other node: $ tio /dev/ttyUSB0 I have a MINI PC  in the comm area which hosts a few useful services at home. I got tired of how unstable the Raspberry Pi is, so replaced it with something that is almost as power efficient, but runs orders of magnitude faster. With support for both an SSD and an NVMe I can have software RAID for extra reliability. The problem is that the onboard network (something based on RTL8111) insists on running at 100M and keeps flapping up and down. Got tired of troubleshooting it so got a USB network adapter  which runs at 1G and is much more stable. Recently I noticed that the link would die, and as I have no way of getting into the machine easily to troubleshoot, I decided to give it a serial console. Got a male USB to serial converter , and a
Removing replica (FreeIPA in containers) Running FreeIPA in containers, and a few notes on the replicas: replica=replica.domain sudo podman exec -it ipa-replica-manage del $replica sudo podman exec -it ipa-csreplica-manager del $replica sudo podman exec -it freeipa pki securitydomain-show sudo podman exec -it freeipa pki -d /etc/pki/pki-tomcat/alias/ -n 'subsystemCert cert-pki-ca' -C /etc/pki/pki-tomcat/alias/pwdfile.txt securitydomain-host-del "CA $replica 443"

FreeIPA cluster with containers

Notes on how to install a FreeIPA cluster on Ubuntu. Mostly following the instructions on https://github.com/freeipa/freeipa-container Start with what would be the primary host. If you install a third replica you would want to review the replica agreements to ensure you have a two-way replication between all pairs of nodes.

Installing Gentoo with full disk encryption

The purpose of this exercise - install Gentoo where all disk partitions are encrypted. Boot from a system rescue disk and partition the disk - use GPT partition table where the first partition is reserved, second is the boot, and the third one is for the rest of the data. Device Start End Sectors Size Type /dev/sda1 2048 32767 30720 15M BIOS boot /dev/sda2 32768 442367 409600 200M Linux filesystem /dev/sda3 442368 375093902 374651535 178.7G Linux filesystem Encrypt partitions number 2 and 3, and open them cryptsetup luksFormat /dev/sda2 cryptsetup luksFormat /dev/sda3 cryptsetup luksOpen /dev/sda2 crypt_boot cryptsetup luksOpen /dev/sda3 crypt_data Format the boot partition mkfs.btrfs /dev/mapper/crypt_boot Prepare LVM for the rest, and format the top level vgcreate vg0 /dev/mapper/crypt_data lvcreate -l 100%FREE -n data vg0 mkfs.btrfs /dev/vg0/data Mount and set up any subvolumes mount /dev/vg0/data /mnt/gentoo btrfs subvol create /mnt/gentoo/@ /mnt/gentoo/@home umount /mnt/gentoo Now

The Short Introduction to TLS Certificates

Why do we need TLS? If you have to ask this question, then you probably do not need TLS at all. TLS is a technology that allows for authenticated and/or encrypted communication. However, I am not going to explain in details what TLS is. If this is the question whose answer you're seeking, then you have better try a search on Google . This HOWTO is aiming at guiding you through the basic steps in creating your own TLS certificates for your own servers. This means that I am assuming that you know enough about *nix like operating systems, and that you also have an idea what TLS certificates are used for. Create the certificate The process of creating an SSL certificates usually goes like this: Create a private key Create a certificate request Send the certificate request to your CA Receive the certificate from your CA Now, we'll cover each step on the way. Create the private key First we need to generate your key. It is also possible to generate it on the fly in the next step, but

Getting rid of the /lib symlink on Gentoo

The /lib and /usr/lib symlink on Gentoo I find quite annoying. These just let software make assumptions about whether they should use /usr/lib or /usr/lib64 , and I personally prefer if things break so they can be fixed. I wanted to follow what RedHat (and Fedora) are doing, which is, 32-bit stuff goes in lib and 64-bit in lib64 . Luckily, Gentoo was also headed this way. So, here is what I did. First I prepare a custom profile. This profile inherits these two: default/linux/amd64/13.0/desktop/gnome/systemd , which I normally use features/multilib In the custom profile I add make.defaults with the single line SYMLINK_LIB="no" . Get rid of the lib symlink, but do it carefully. First copy everything from lib64 to lib (well, I just opted for hard linking everything): sudo rsync -avPAH --link-dest /lib64/{,} /lib.new/ sudo rsync -avPAH --link-dest /usr/lib64/{,} /usr/lib.new/ sudo bash -x -c 'rm -v /lib && mv /lib.new /lib' sudo bash -x -c 'rm -v /usr/