forum.opsi.org

Hello,

Is it possible to revert an option to default (i.e. remove it from opsiclientd on all clients) which was previously configured on the server?

Steps to reproduce:
1) add a new option for opsiclientd on a specific machine on the OPSI server (the option appears in client config after reboot)
2 ...

Hi stanislav,

that's because the verify_server_cert option is not a full security feature. If you set this option, your clients will save the public key of the server ssl-cert on a initial connect. After that, the client will be decline connections, if your server-ssl-cert will be changed or ...

Hello,

Is there any reason why "verify_server_cert" is disabled in default configuration?

Best regards,
Stanislav

Hi Niko,

If we chose one of suggested solutions I would adopt that one:
...
Deny for the user pcpatch the access to all other shares than the opsi_depot share. You should do this by adding the following entry to all share definitions (besides the opsi_depot) at the /etc/samba/smb.conf:

invalid ...

Hello,

I have found the answer following http://download.uib.de/opsi4.0/doc/html ... ty-pcpatch.
Why is this not default?

Best regards,
Stanislav German-Evtushenko

Hello,

Please tell me if I get it wrong.

opsi_depot_rw, opsi_images, opsi_config and opsi_workbench shares are writable for pcpatch user. So if a PC user (this can be virus or trojan) catches pcpatch password while opsi-client-agent communicates with Samba server then the whole infrastructure is ...

Hello Niko,


The script can now handle an IP instead of a hostname / fqdn. This was giving weird results before.

This is the answer to my question. Thank you.


I did a quick test this morning accessing an client with winexe via an IP and it did work. I used the statically linked version that ...

Hello Stanislav,

I just touched the script.
Providing a new version of winexe over Opensuse Build Service is a big pain. If you want a newer version I'd recommend compiling it yourself.

I prefer having a working DNS in my environment as it saves you a lot of hassle.

With kind regards
Niko

Hi ...

n.wenselowski hat geschrieben:Hello Stanislav,

for the upcoming release the deployment via IP should be possible without touching the script.
With kind regards
Niko

Hello Nico,

winexe is updated, right?
I suppose IP address is more reliable than DNS anyway, what do you think?

Stanislav

loggenk hat geschrieben:Hi Stanislav,
So, if I understand it correctly, byAudit don't need a create_drivers_link?

Exactly.

I thought I saw it beofre. Okay, thnxs, i'll test it.

May be I missed something from this long thread.

Stanislav