Blogs

Intro After setting up the AD trust, every time I logged in the shell defaulted to /bin/sh. To change it to /bin/bash or any other shell of your choice you can do the following. Editing SSSD.conf Navigate to /etc/sssd/ and open sssd.conf in an elevated text editor. It should look something like [ …

Intro To better protect my web accessible services, I decided to use Fail2Ban in conjunction with Cloudflare’s WAF to block IPs with more than 3 failed login attempts. I already leverage Cloudflare’s CDN and geo-blocking capabilities on my homelab, so I opted to utilize their WAF to …

Intro After creating my domain trust between AD and FreeIPA, I was left wanting to access restricted resources in Linux using my AD accounts. To circumvent this, I mapped a group from AD to FreeIPA and gave it the appropriate permissions. Create the group in AD The first step would be to create a …

Intro After creating a trust in FreeIPA, I kept having to write the full domain alongside my username whenever I tried to access the system. These are the steps I took to log in only with my username. Editing SSSD.conf Navigate to /etc/sssd/ and open sssd.conf in an elevated text editor. It should …

Intro I’ve been playing around with FreeIPA in my homelab for a while and have always wanted to enable seamless authentication between all my hosts regardless of their operating system. I stumbled upon the concept of cross-domain trusts between FreeIPA and Active Directory which allows us to …

Intro One of the nodes in my lab runs pfSense and if the vm is down, my network is down. This prevents my nodes from reaching quorum, and thus preventing pfSense from starting. To solve this, I needed a way for the vm to start without quorum. This was achieved by creating a oneshot service that runs …