forum.opsi.org

Hello, Is it possible to revert an option to default (i.e. remove it from opsiclientd on all clients) which was previously configured on the server? Steps to reproduce: 1) add a new option for opsiclientd on a specific machine on the OPSI server (the option appears in client config after reboot) 2) ...

Hi stanislav, that's because the verify_server_cert option is not a full security feature. If you set this option, your clients will save the public key of the server ssl-cert on a initial connect. After that, the client will be decline connections, if your server-ssl-cert will be changed or expire...

Hello,

Is there any reason why "verify_server_cert" is disabled in default configuration?

Best regards,
Stanislav

Hi Niko, If we chose one of suggested solutions I would adopt that one: ... Deny for the user pcpatch the access to all other shares than the opsi_depot share. You should do this by adding the following entry to all share definitions (besides the opsi_depot) at the /etc/samba/smb.conf: invalid users...

Hello,

I have found the answer following http://download.uib.de/opsi4.0/doc/html ... ty-pcpatch.
Why is this not default?

Best regards,
Stanislav German-Evtushenko

Hello, Please tell me if I get it wrong. opsi_depot_rw, opsi_images, opsi_config and opsi_workbench shares are writable for pcpatch user. So if a PC user (this can be virus or trojan) catches pcpatch password while opsi-client-agent communicates with Samba server then the whole infrastructure is in ...

Hello Niko, The script can now handle an IP instead of a hostname / fqdn. This was giving weird results before. This is the answer to my question. Thank you. I did a quick test this morning accessing an client with winexe via an IP and it did work. I used the statically linked version that we ship w...

Hello Stanislav, I just touched the script. Providing a new version of winexe over Opensuse Build Service is a big pain. If you want a newer version I'd recommend compiling it yourself. I prefer having a working DNS in my environment as it saves you a lot of hassle. With kind regards Niko Hi Nico, ...

n.wenselowski hat geschrieben:Hello Stanislav,

for the upcoming release the deployment via IP should be possible without touching the script.
With kind regards
Niko

Hello Nico,

winexe is updated, right?
I suppose IP address is more reliable than DNS anyway, what do you think?

Stanislav

loggenk hat geschrieben:Hi Stanislav,
So, if I understand it correctly, byAudit don't need a create_drivers_link?

Exactly.

I thought I saw it beofre. Okay, thnxs, i'll test it.

May be I missed something from this long thread.

Stanislav