Labesquire - CIF-Rochester/wiki GitHub Wiki
Labesquire is an interesting server. One that, truly, has no right to exist in the form it does presently.
As of this moment in time, two-way forest trusts between IdM (FreeIPA) and Active Directory seem to be pretty non-functional, in that they work one-directionally, in the direction we don't want (We'd want FreeIPA users to authenticate on Windows Clients, not Active Directory users authenticating with Linux Machines). Previous solutions of synchronizing FreeIPA and Active Directory have been broken for a number of years (since RHEL 6).
In Spring 2026, the decision was made to move away from pgina.fork, on account of it not being updated for 8 years, and Microsoft openly stating that they intend to break the method it uses for Windows 12 home. Additionally, from an administration standpoint, pgina very much limited our ability to allow users to download new software and install it (often including games!).
Windows 11 Professional interacting with Windows Server as an Active Directory is simply better supported, allows for everything we want to do, and has some amount of less jank, whilst also adding a different jank.
The Hardware itself was previously Trantor
Hardware
| Component | Specs |
|---|---|
| System | OptiPlex 990 01 |
| CPU | Intel i5-2500 |
| Cores/Threads | 4/8 |
| RAM | 2x4GiB DDR3 |
| Storage | 120 GiB SSD |
| IPs | eno1: Dynamic |
| GPU | AMD ATI Radeon HD 5000/6000/7000 |
| OS | Windows Server 2012 |
A discussion on How Labesquire works with Distress
Simply put, they don't interact directly with each other. Instead, users must interact to both of them through a third party, being http://portal.cif.rochester.edu. Logging in here allows users to authenticate against FreeIPA, create an Active Directory account with their credentials (Thereby syncing them), and creates a method for users to change their password in one place to change it in two places. A method for users to change their passwords if they have forgotten them is also provided. Portal is hosted on Korvax At this point in time.
Labesquire handles authentication for the domain ad.cif.rochester.edu, and is only accessible on Internal Network 2.
Installation.
Honestly, it's pretty weird.
Install Windows Server 2012 from a disc in the lab (And use the key on the aforementioned disc).
Update Windows Server 2012.
Setup Active Directory and CA.
Link it to Portal
etc
I will complete this documentation later, when we finalize how portal works a bit better.