PowerMe!

Was trying this on Kubuntu 22.04:

root@kub-jh:~# apt-get realmd sssd oddjob oddjob-mkhomedir adcli sssd-ad cifs-utils msktutil
E: Invalid operation realmd

Instead I tried:

root@kub-jh:~# sudo apt install sssd-ad sssd-tools realmd adcli
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
……….

also, I realized on some systems with ufw firewall as in mine, needed to allow tcp 9090

Ah figured out. It seems like you can use google authenticator installed on the OS by appending :

auth required pam_google_authenticator.so nullok

to. /etc/pam.d/cockpit

On Webmin one can set up MFA from the UI.

When I was using Fedora server, I explored cockpit. I was trying to remember why I did not pursue! As you have said, Webmin is nice alternative. One of the reasons I liked webmin was it also allows one to set up multi-factor authentication (MFA). Any advice on how one can set up MFA on cockpit access?

Thanks Wolfgang for the note.
1)
I liked Windows Admin Center as it gives everything on the same platform. A quick and nice way to monitor updates on a remote machine, RDP, PS-remote-ing and also SMB. It uses TLS too. Windows Admin Center seems to have a module (to be subscribed) for accessing Windows servers on Azure.
2)
With the rise of Ransomware, RDP and PowerShell based remote-ing is always under scrutiny by security teams.
3)
Anyone have successfully implemented a 2FA with the RDP? I would be interested in that. I tried a 2FA using JumpCloud that was not possible, although it worked perfect on the host’s terminal. Absence of an MFA option in the Windows machines scares me most. Sometime I wonder why Microsoft is ignoring that.

Thanks Bo for the info about Cygwin- I never realized that as I always used linux too. Thanks for the reference too. Now there you go- if we are using the tool from Cygwin (unix-like) why not use a dedicated linux host.

In my experience, adding troubleshooting-tools to a production server (may be a bit our of scope. for our discussion) should be a last resort. The problem is that if you are using a buggy piece of software or forgot one that has acquired a vulnerability, you expose the production server to security risks. The only one I ever used was a portable wireshark and winpcap to troubleshoot LDAP authentication issues and to analyze packets that uses older protocols such as SMB1. But I remove them once the troubleshooting is done.

Nice article.
1) When working on network servers, I tend not add any tools unless required. My favorite in windows was pathping where I was able to assess packet loss and latency in the different hops in the connectivity test. In one used case, it helped us identify packet loss in a BGP route that was affecting a VPN to a data center. With the path ping data we were able to convince the ISP to adopt a different route.
2) When troubleshooting network congestion, I normally create test VM / host with iperf to simulate the server-client traversing a switch or firewall.
3) Thanks for the tip about fast.com. It seems like with the settings button there one can configure it to use multiple servers.

Ah makes sense. You are right that is not available with ciminstance!

I was reading, it appears they have removed get-wmiobject in powershell-6: https://docs.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7.2#wmi-v1-cmdlets

I found a reference that used cim to achieve this, doing a Query – thought might be of interest:

https://powershell.one/wmi/root/cimv2/win32_networkadapterconfiguration-SetTcpipNetbios

win32_networkadapterconfiguration seems to be an interesting class for network config tweaking.