I have read these articles. I am interested in whether e.g. The following scripts in an adapted form would be an alternative.
Rosi
At least the first one (centos 7), resembles what NethServer does:
In my first experiments I followed a similar procedure even on centos 6.
I obtained a working DC but I could not easily integrate it with other applications because kerberos libraries are not compatible. Also in NethServer port 53 (DNS) is already assigned to dnsmasq.
Also, NethServer prefers packages from upstream to quickly get security fixes: a recompiled samba package is not a great deal.
Thanks for the tests and the clarification. This is one of the reasons why I like this forum so much.
Rosi
Please, can you explain what do you mean? Why do you like this forum so much? Very curious
In other words, I find the forum good for several reasons:
One gets on his questions, even if they are not always correctly posed, always polite and understandable answers.
The forum is very active.
Nethserver himself, I think, is becoming more complete and better.
On questions and problems is answered very quickly and tries to help one.
And so on …
Rosi
Thanks for your words, I like to share them with the whole community mentioning a few groups here
@ambassadors_group @dev_team
Are there ongoing efforts to release the samba DC out of the container? It would make things more flexible.
Hi Ralph;
No, do not think that will ever happen.
It’s impossible for reasons quoted in this post; in short:
I am curios which flexibility you are referring to?
I’m running a NS file server in a Proxmox container and a NS DC with mail server in a KVM vm. The container gives a better performance than the vm. Splitting off the DC would give me the possibility to run the mail server in a container as well. But one container inside another does not work.
But you do not need to run the mail server on the nethserver -dc instance, or am I missing something?
Otherwise I would have a vm just hosting the dc container without any further purpose. That’s why I would prefer to run the dc by itself.
That is true!
That is preferred for multiple reasons. Mostly having to do with keeping your life simple, and conveniently also being security best practice.
You do not want any ports exposed to the WAN on your DC to minimize attack vectors. Having that Nethserver only host a DC container is perfectly defensible from that pov.
On the easing your life part: You really do not want to have to reboot a system co-hosting the DC for whatever reason, and you really do not always want to have to wait for off-hours before you reboot.
You have not stated the scope of use (private home server/small business/whatever) so this might apply less, but it is still not a bad idea. There are no resources lost, and I get away with 2GB of memory on our 15ppl company. Diskspace for this scenario is something you can almost ignore … I gave it 50GB but that is an absurd amount of overkill. I have 40TB tho.
So of you can host a server on your virtualization solution running a DC and your other needs, you can run 2 … one with a DC, and one with the rest. It really is not a bad idea to have 7 servers dedicated to one task instead of 1 doing 7, even if it is running on the same machine. The slight hassle with having to do things 7 times (updates for instance) pay off when one of these updates has a special effect, and renders the server less-operable… you will have 6 services up in my scenario … and 7 down in the other.
See image below for our Samba DC hosting Nethserver’s dashboard; as you can see, it needs little.
Well, that’s your philosophy, yet I’m not convinced.
It is not really my philosophy, I am just echoing best practices from systemengineer pov.
If you are just hosting a mailserver and want it AD backed, but nothing else connects to that AD, you’re fine with 1 VM doing both. I would look at it as a self-contained unit then. If you hook in other systems, you probably should start thinking about spreading your eggs over multiple baskets.
But yeah, in the end, it is up to the administrator to set up a strategy that works for their specific scenario, hence why I made a remark about your scope 
Please dont take it as a lecture in what you should … just my personal experience, shared for you to considder, nothing more
