Recent content by nosense

@gea, I have been on vacation/holiday for 3 weeks! Ahh, now back to reality. I can confirm that the patch works fine on all my systems, but there is still a loose end that is going to bite again down the road. Namely October 2023 when Microsoft enforces AES encryption for...

@gea, Yes, I can confirm that the initial fix scenario does NOT work. Initially I thought I had success, because everything worked after the procedure (no errors or warnings and user access worked fine). Unfortunately, via the magic of AD, the remote site AD server was glad to let OmniOS...

@gea, well all I can say is I am confused. Are you saying the mere act of having OmniOS leave the domain but AD account still exists and then rejoining the domain with same AD account fixes the issue? If so, then the rejoin procedure must be rewriting RPC/krb5 settings from their previous...

@gea, I went to Post the question on Topicbox today before coming here, and was surprised to see the question already posted. Thanks! Let's see what they say.

@oneplane, Thanks, good piece of info. Unfortunately, Illumos does not always equal OmniOS but is usually close. I was trying to find those options to enable sealing, but I don't see them available, or can't find them documented anywhere. At this point in the game it IS a requirement and should...

@gea, that's a lot of good information, but there is no solution I see. Yes, I have checked all those areas and there is no information pertaining to this issue. Your previous STH post OmniOS update to support secure RPC on Windows AD | ServeTheHome Forums addresses the state of NETLOGON...

@oneplane, thanks for the input, but OmniOS does not use Samba. SMB is native.

Am I missing something? What is the status of support in OmniOS for Microsoft's requirement of RPC sealing coming July 11, 2023 (two months) already pushed back. It addresses CVE-2022-38023 & CVE-2023-28268. I continue to get NETLOGON 5838 warnings from OmniOS requests even with the latest...

@gea Thanks gea, Maybe you missed it in my last post, but running /etc/init.d/napp-it stop causes snapshots and presumably snap retention to stop working. Maybe this is where the problem lies. This was with auto.pl still enabled. (it is now disabled in cron, because I am handling the jobs...

@gea, I wanted to provide an update to the situation discussed above (It took a while, but I have found the culprit): I took your suggestion to stop napp-it by running /etc/init.d/napp-it stop, but this did not resolve the problem. Also, the snapshot jobs quit operating when stopped this way...

@gea I appreciate your checking my sanity! if I do a napp-it stop, what about autojobs. Will they still run? I know that the auto.pl scripts still runs under crontab. I don't need the webserver (GUI) per se, but I need the autojobs to still run. Just haven't followed all the dependencies in...

Thanks gea, I did that with the 19.12.b14 system, which never had 21.06 on it, and it did the same thing (en enabled but limited menus). Yes, there is a 04_TLS Email folder and it is populated on all machines. Again, this happened on three machines so it is not a 1 off. Shortly after updating...

Nope!

@gea, I forgot to check email functionality again earlier, but I can now report that release 19.12b14 napp-it email does work on r151038. Only change was backtracking from release 21.06a7.

Release 21.06a7 Settings are @ en There is no possibility to switch between menu settings to the right of logout. This is on 3 machines. I did switch back to version 19.12b14 on one machine, and all menu options (incl. TLS email) are there, but still no option to the right of logout. The other...