I’ve succeeded on connecting it with RSAT tools from a Win10 workstation.
Where do we go from here? There’s a lot of work to do! Some sparse thoughts:
Any service relying on system accounts must be reconfigured. Whenever possible, any service must use getent system calls to gather account informations and on PAM for user authentication. I want avoid direct connections to the AD LDAP. By configuring the services in this way, we can easily support the deployment of the DC node on remote machines and also on different systems (MS-Windows).
I’d like to drop the current implementation of Accounts DB. I’d like an esmith::DB package capable of reading values directly from getent() system calls and from DBus objects.
Why would you want to restrict direct AD LDAP queries? Maybe you can add something like Radius in between? So AD LDAP only responds to Radius queries? Another option is to only authorize authenticated queries.
I’m not aiming to access restrictions. I want to take the advantages of the existing abstraction layers over the identity management: glibc/nss, sssd, pam…
Our goal is the support of different scenarios:
Local Samba AD DC on NethServer
Samba AD DC on another, remote NethServer
Remote MS AD
…
If our services depends on the above standard system libraries (and dont connect directly to AD services) most of the integration work is already done.
@robb, what about a free AD replacement for schools? If you follow the wiki page you can deploy a prototype in minutes give it a try!
There is already such an option with another project that especially aims at educational environments. It has Samba4 fully implemented and all modules have Samba auth integrated.
Ultimately it would be a HUGE option if NS has the same options. Including Samba4 and educational modules like Chamilo/Moodle/Xibo/Schooltool/Xerte etc…
Maybe the NS project can learn from the LinuxSchools project on how the several tools and applications are implemented. (why invent the wheel another time) The major differences between the 2 projects:
NS: template based, CentOS based
Karoshi server: bash scripting based, Ubuntu LTS based.
I mentioned this because I would like to see NS get ahead as fast as possible.
I don’t think it is appropriate to discuss another distribution on these forums. If you want more info, message me privately or have a look at the project page.
My goal will be to get more functionality in NS. Ultimately projects benefit from eachother and use eachothers strong points. As I said: why invent the whel over again.
I’m very interesting in these tests, it’s going to be the core feature of NethServer 7 so we need much help as possible, especially from our testing team @vcc, @mabeleira, @medworthy, @dz00te, @fasttech, @GG_jr, @Adam
I’m developing the samba file server and mail server configurations. I’ll send testing updates ASAP!
BTW I’m proud of the future configuration for samba, dovecot and postfix: about 4K lines of code removed and still we’ve the (almost) the same funtionalities