Trying to install NethServer as mail server for existing (and working) samba4 domain (not on NethServer, separate VM), but encountered someā¦ emā¦ misinformation in documentation(?).
āproceed in Windows network page, by selecting the Active Directory member roleā
Where is that page? I have installed only āFile serverā as suggested on top of this page, and still didnāt found it.
Okay, nevermind, I came to āDomain accountsā, click on āConfigureā and bind server to samba4 domain using account with sufficient right. I can see users and groups on āUsers and groupsā page, but again when I click on āDomain accountsā it says that it is unable to join domain. And yes, when I login with ssh and trying net ads testjoin - system asks for SHORTHOSTNAME@DOMAIN password, and thatās it.
Okok, lets try to login into various web interfaces. SOGo, WebTop with domain account - failed. Only roundcube accepts it. So, I have two questions now:
Where is this āWindows Networkā thing?
How to login with domain accounts in SOGo, for example?
I am sorry if I missed something, especially in documentation. Please, point me to right direction.
Oh, ālatestā thing usually always about latest available version, so itās a misunderstanding. Thanks for link, @dnutan, Iāll try using it and report back.
Okay, managed to get samba4 domain users listed in NethServerās server manager, but still canāt connect webtop to domain, even when I follow http://docs.nethserver.org/en/v7b/webtop4.html#active-directory-authentication - users and groups tabs are empty. I am sure Iām entering valid samba4 admin user, because I bind to AD with this user.
Well, okay, looks like I managed to get it solved.
By default samba4 requires starttls which, apparently, not working correctly in SOGo (tried to manually specify encryption = starttls and adding ?STARTTLS to connect string), webtop4 have no ability to use starttls at all (no option in admin panel). So I just added in /etc/samba/smb.conf in section global:
ldap server require strong auth = no
After that SOGo and WebTop4 successfully connected to my Samba4-powered domain.
Iām not sure that changing smb.conf can fix your issue.
/etc/samba/smb.conf would be overwritten by the template system on the next run
ldap server require strong auth should not be effective on the host system because the AD LDAP service actually runs inside the nsdc container, where that parameter has already been set to ānoā - see #5067
@gabriele_bulfon, it would be great if WebTop supports STARTTLS!
This is an interesting scenario! Could you provide additional informations about your Samba4 deployment? Which version is? What distro? Is it self-compiled?
I am sorry, right now there is nothing I can help with Iām not using NethServerās file sharing thing, for this I have separate Gentoo VM with configured Samba4. Maybe, one day it will migrate to NethServer.