azure active directory – Enterprise App and SSO

Created an enterprise app in Azure for vendor. Needs explicit attributes/claims in order to allow SSO. Under SSO configuration in Users Attributes & Claims we have defined an attribute required and in source attribute we hard coded what is needed. IN Azure, quotes were added and when the source attribute is sent it is including the quotes which is causing issues. We have another source attribute using hard coded numbers and quotes are not sent but they show in Azure. How can I not send quotes to vendor? Cannot delete in Azure.

javascript – Como adicionar class “active” dinamicamente em Bootstrap 4?

Criei um template em Bootstrap 4.3.1 mas não consigo mudar a classe “active” para a página vigente.

Por exemplo: Quando eu clicasse na outras páginas (empresa.php, contato.php e etc, mudava o estado “active” para a página clicada. Mas não está funcionando.

inserir a descrição da imagem aqui

Meu código:

header.php

    <!DOCTYPE html>
<html lang="pt_BR">

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" />
    <link rel="stylesheet" href="./assets/css/custom.css" />
    <link rel="shortcut icon" href="./assets/images/favicon.webp">
    <title>Lorem Ipsum</title>
</head>

<body>
    <div class="menu-top" id="home">
        <nav class="navbar fixed-top navbar-expand-lg navbar-light bg-light">

            <div id="logo">
                <img src="https://pt.stackoverflow.com/./assets/images/your_logo.png" alt="Belfar - Indústria Farmacêutica">
            </div>

            <button class="navbar-toggler" data-toggle="collapse" data-target="#menu">
                <span class="navbar-toggler-icon"></span>
            </button>

            <div id="menu" class="collapse navbar-collapse">
                <ul class="navbar-nav ml-auto">
                    <li class="nav-item active">
                        <a class="nav-link" href="index.php">Home</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="empresa.php">Empresa</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="certificados.php">Certficado</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="produtos.php">Produtos</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="portfolio.php">Portfólio</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="faq.php">FAQ</a>
                    </li>
                    <li class="nav-item">
                        <a class="nav-link" href="contato.php">Contato</a>
                    </li>
                </ul>
            </div>
        </nav>
    </div>

footer.php

    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js " integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo " crossorigin="anonymous "></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css"/>
<script src='https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js'></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js " integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM " crossorigin="anonymous "></script>

<script type="text/javascript ">
    $(document).on('click', '.navbar-collapse', function(e) {
        if ($(e.target).is('a')) {
            $(this).collapse('hide');
        }
    });
</script>

<script>
    $('.navbar-nav li ').click(function() {
        $('.navbar-nav li').removeClass('active');
        $(this).addClass('active'); 
    }); 
</script>

CSS

    nav {
    min-height: 100px;
    padding: 10px 10%;
    font-family: 'Montserrat', sans-serif;
    font-size: 14px;
    font-weight: 600;
    text-align: center;
}

.navbar {
    padding: 10px 10%;
}

nav .navbar-nav li a {
    font-size: 16px;
    color: #041C34 !important;
    margin: 5px 5px;
}

.navbar-nav a:hover {
    background: #041C34 !important;
    color: #FFFFFF !important;
    width: 100%;
}

.navbar-nav .active a {
    background: #041C34 !important;
    color: #FFFFFF !important;
    width: 100%;
}

azure – Occasionally connected hybrid Active Directory

I’m to assist someone to upgrade the hardware on a yacht. They currently have Active Directory, running on a Server 2008 machine installed on the boat.

They also have an Office365 subscription, with a number of hosted email addresses.

I plan to consolidate these two, and setup hybrid AD.

My concern is with the occasionally connected nature of the boat. I remember in the olden days that should an AD server in a forest not sync for 90 or 120 days, it would “tombstone”, and would need to be massaged back into the forest. The nature of connection on the boat (if at sea) would mean that there could be extended (i.e. 60+ days) where there would be no internet connection.

How does a hybrid topology handle this? Is there a max number of days that an AD server can be disconnected from the internet before it tombstones?

Access permissions in Active Directory not working

I’ve a server running Active Directory, and two servers for storage in my domain. Currently all the folders are open, but I wanna set up access authorizations with Active Directory groups, so only the allowed groups are able to access specific folders.

I’m adding shared folders to Windows Settings > Security Settings > File System (see image for reference). Then I configure the groups that can access it and their permissions.

But for some reason, the policy doesnt get applied (I’ve tried gpupdate), and the users without access permission, still can see and access the folder and it’s content.

What am I doing wrong?

ref image

active directory – How can I tell what AD paths an AD user will be able to query over LDAP?

How can I tell what AD paths a user will be able to query over LDAP? Eg. when I connect to our mock AD controller server as a test user via Microsoft ADExplorer, I notice I can look at (what appears to be) the entire AD structure and have the ability to edit any other object in any path.

Is there somewhere in this test user’s attributes where I can see where this access is specified? Somewhere in the user’s properties in the AD Admin Center UI? Basically, I want to limit it so that they can only query their own base (or a few select) OUs/directories when making LDAP queries or connecting over ADExplorer.

Also, is there a way to restrict them from connecting over ADEXplorer and similar apps?

linux – Ubuntu joining windows active directory issues

Im new to trying to get linux on active directory.

I got the linux pc to join the domain on the controller under computers the linux pc is listed with my other windows machines.

but on the linux pc I can only login as a linux user.

typing in domainuser or user@domain and then the password says incorrect password and im sure im typing it right.

Doesnt matter if i use the FQDN or the netbios name for the domain. in either format of or @.

enter image description here

SSH in doesnt work either with domain account.

ssh -p 23 twml\administrator@192.168.2.40
twmladministrator@192.168.2.40's password:
Permission denied, please try again.

packages installed for AD:

realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

following this guide:

https://computingforgeeks.com/join-ubuntu-debian-to-active-directory-ad-domain/

realm shows joined the domain on the linux pc.

realm list output:

root@ADTest:/home/twmlserver# realm list
lightfoot.noip.me
  type: kerberos
  realm-name: LIGHTFOOT.NOIP.ME
  domain-name: lightfoot.noip.me
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@lightfoot.noip.me
  login-policy: allow-realm-logins

controller shows the pc as joined:

enter image description here

windows server 2019 – Missing loads of tabs on active directory

I was working inside of AD UC and all of a sudden, loads of tabs from the properties menu have disappeared for everything, OU’s etc.. Now these are the only options:

properties tabs

Even with advanced mode I still don’t get ‘Members’ tab.

Any ideas? Thanks.

active directory – Mounting Windows shares on Linux using cifs fails after CVE-2020-1472 update

A patch/update to Windows domain controllers to address the CVE-2020-1472 vulnerability at my organization is causing cifs-based mounting of shared drives to fail on Ubuntu Linux machines.

The Linux machines are connecting to the Windows shares using directives in /etc/fstab, like so:

//12.34.56.78/shared_folder /home/username/shared_folder cifs credentials=/home/username/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

I have verified that the credentials in the /home/username/.smbcredentials file are correct.

This was working until our IT dept applied updates to the domain controllers last week, now I get an error when attempting to mount the drives:

mount error(13): Permission denied

In /var/log/syslog:

Feb 18 14:58:53 MyServer kernel: ( 8722.931641) Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb 18 14:58:53 MyServer kernel: ( 8722.931655) CIFS VFS: Send error in SessSetup = -13
Feb 18 14:58:53 MyServer kernel: ( 8722.932725) CIFS VFS: cifs_mount failed w/return code = -13

Microsoft has some documentation about the updates here, unfortunately the advice is a bit vague:

If the non-compliant device supports secure RPC with Netlogon secure channel, then enable secure RPC on the device.

Any tips on how to overcome this, or to “enable secure RPC” on my Ubuntu machine would be greatly appreciated.

I have tried adding server schannel = yes to /etc/samba/smb.conf as suggested here, but that did not solve the issue.