Yea if nothing else hopefully it’ll at least point you in the right direction

If the switch supports it, you login with local credentials first, navigate to its config page and configure LDAP under there. You’ll tell it the IP address of the LDAP server as well as give it its client side configuration. You give it a bind account credentials (a dedicated service account with as minimal permissions as needed) that it uses to lookup the users on the server as well as Organization Unit paths and such

When a user goes to login the switch will query the provided credentials against the LDAP server, if it’s valid the LDAP server will respond with a success and the switch will log the user in

Generally there is always a local account fallback in the event that the LDAP server is unavailable for whatever reason

Your confusion is confusing me lol

I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.

Wdym? That’s not a thing, you can have some devices on LDAP some with local logins and some with OIDC or any other combination. Authentication is generally an application layer thing and switches operate at layer 2 maybe 3 if it’s doing some routing. As long as your network has a functioning DHCP server the web UI of the switch will be able to communicate with the LDAP server that you configure it to

Do you have time to build something partially from scratch? I could see repurposing an old laptop, disassemble it and make the screen face outwards with the board affixed to the back of the screen lid.

Might take some creative routing with the internal display cable, but I’ve taken apart tons of laptops where this would be doable, especially after you’ve discarded the plastic chassis

Though you’ll still need a frame of some kind, unless you like the “raw-tech” look

I would do option A, but instead of just not using the free internet, I would use it for everything else not needing server services. So like streaming or general browsing.

Just leaving the Google fiber as a dedicated pipe for all my self hosted services

You can do this kind of split with pfSense easily

A simple scan is fine, but to actually image a dying drive for recovery purposes, you should absolutely be doing a direct connection

I’m going through it rn for Proxmox, it’s a pain in the ass.

I think it was better a tad on ESXi, but VMware stuff is a non starter for me at this point.

Meh it’s a meg, not like it’s the good ol dial up days where you’d sit there and have to wait for a few hundred KBs of a pic to load line by line LMAO

This incident will be reported

SSDs were properly destroyed

I hate when companies do this, SSDs do not need to be shredded, there’s no security benefit whatsoever. You don’t even need to do the whole “write 0s/random data X times” like with HDDs. So damn wasteful ugh.

I feel like it was just a few months ago someone else was asking this very similar thing, including wanting to handle payment processing themselves as well.

Seriously OP, do not do payment processing on your own unless you already have experience with going through PCI compliance. And if you did, you would already have made the decision to off load it to an actual payment processer lmao

Don’t be a hero, offload payment processing to a third-party.

Cybersecurity communities too, there was one guy on [The Other Site] I saw awhile back who, whenever somebody asked a question about what they should do to secure X or Y or if Z security product was better than V because they just did general IT, would always default to something along the lines of “If you don’t know, don’t bother its above you and you should shell out $$$ to an actual firm otherwise you’ll be shelling out $$$$ to another firm to clean up your mess”

Surprise surprise, when I googled his username (The fact I was even able to do this isnt a great sign for a “security professional” IMO lmao) he actually owned one of those “Databreach Triage” firms…yea…I’m sure there was no conflict of interest whatsoever lmaoo

I have a Samsung 840 (or maybe 860? Idk) 512GB bought back when 512GB was like 500$+ lol

The thing is still trucking along, being moved from system to system as the years go by. I don’t even remember what system it is in currently, but I know at some point I’ll open up a computer or server around my place and there it’ll be again lmao

A poem by ChatGPT lol: In a corner of the world, where tech giants lay, A solid state drive, aging, in the fray. Once young and swift, at data’s beck and call, Now an elder, but dutiful, standing tall.

Through systems it travels, a nomad of sorts, From desktops to servers, in electronic forts. Its label worn, its edges frayed, But in the dance of bytes, it’s never swayed.

“I don’t remember,” the owner chuckles with glee, “Which system it’s in, it’s a mystery to me. But sure as the sun rises, and the moon takes its leave, I’ll find it again, in that, I believe.”

It’s seen the rise of clouds, and the fall of disks, Survived the digital tumults, with its own little risks. Yet here it remains, a silent witness to all, A testament to duty, refusing to fall.

For in its circuits, a heart beats on, A steadfast guardian, from dusk till dawn. From system to system, it wearily sighs, Yet embraces its role, under digital skies.

So here’s to the drive, with its storied past, A relic of tech, that continues to last. May it find its rest, in a worthy machine, A dutiful servant, unseen but serene.

It’s honorable to want to keep all customer data within your control, but seriously unless you already have experience dealing with PCI compliance, that’s one part you should definitely offload to a payment processor. This might even be a clause in your insurance (Depending on what it covers)

I don’t have any particular software in mind to recommend, but I’d bet they probably have some sort of integration with processors like Stripe or something

To deploy AD, that depends.

If you like to sail the high seas AND aren’t trying to use it for a business, then no.

If you don’t want to sail the high seas or need to use it for a business, then yes, you’ll need to buy a Windows Server license

AD is heavily reliant on the DNS protocol, so heavily in fact that a large component of an AD deployment is a DNS server.

So basically, when the AD DNS server takes over on your network It’ll do DNS things as you’d expect, when it gets a DNS call with the AD domain it will answer with the AD server every time

If your AD domain and your web address domain are domain.com then whenever the AD DNS server gets theh call it won’t answer with the IP address of the web server, it’ll answer with the AD server, even when you are trying to access a web service like domain.com/Plex or something.

You can change the DNS server used on the host, but then you’ll be borkin domain functionality in weird ways

Yea, you’d want an entirely different domain or an internal like domain.lan or in my case what I should have done is made it a subdomain like ad.domain.com

And also it’s a bitch to change the AD domain once you get it all setup hence I’ve been procrastinating with hosts file workarounds lmfao

I do, for a multitude of reasons

• Easier management of family computers
• an authoritative source for Authentik SSO
• Learning experience, I’m also heavy Linux, but I try to maintain an OS agnostic philosophy with my skill set so I can have options in my career
• I was bored
• Again, since I like to maintain an OS agnostic philosophy I have a healthy mix of Windows, Linux and MacOS devices, and you CAN in fact join Linux (w/ SSSD) and MacOS to a domain too

In addition to what others have said with roaming profiles and such:

DO NOT SET YOUR AD DOMAIN AS THE SAME DOMAIN OF A WEB ADDRESS YOU USE

I…er…someone… Found themselves in this situation and have been in a mess since lmao

Yea poorly worded, I meant that the free services would kick in directly rather than having to mess with nameservers and crap like I used to do whenever I bought a domain on Google lmao

I used to use Google Domains, but then they sold that off to Squarespace.

Now I just use Cloudflare directly lol which also includes their free services, which is quite the value IMO

but friends dont let friends use plex.

I would love to get rid of Plex, but jellyfin failed the spouse test last summer and it never really liked my GDrive mount

Plus, Plex clients are everywhere, so it’s all but guaranteed that whoever I decide to onboard is going to have something compatible. I’ve even had early smart TV’s from like 2013 with that weird Yahoo app store thing that had a Plex app that still worked even when the Netflix app didn’t lolol