Since someone already asked, I would like to share how the NS 7 development is going on.
We are focusing on one main aspect: replace the current user management layer with SSSD.
What does it mean? It means that we are trying to create a flexible system which can support authentication and authorization on both OpenLDAP and AD (as Samba 4 or even a real Windows machine).
As you can imagine, this is a huge change at many levels, from e-smith layer to web interface.
At the moment this work is not tracked using issues, since we are experimenting and trying many paths.
But you can follow the progress by looking to the v7 branch of all core packages.
We have a working prototype which can handle authentication and authorization both on OpenLDAP and Samba 4 (or Windows AD) with custom password policies.
What is working with SSSD/OpenLDAP/AD authentication:
backup for Samba 4
password policies
ejabberd
webtop
hylafax
libvirt
openvpn
squid (LDAP and NTLM)
squidguard
vstftpd
openssh (of course!)
What will (probably) work with some efforts:
sogo
samba
GSSAPI on squid
ocsinventory
roundcube
Caveats
L2TP will be temporary discontinued since we can’t authenticate users: actual implementation uses NT password hashes which are now discontinued.
Probably we will have a new implementation where L2TP users will be separated from system accounts.
The mail server has been completely rewritten with some new features like:
new interfaces for IMAP shared folder creation
custom distribution lists
root user as master users
Also the admin user is dead, long life to root user!
If NS is running as Samba AD primary domain controller, you will not be able to change the server domain name after the first configuration.
What we are focusing on starting from today:
everything listed in “what will (probably) work”
under the hood API to manager users, groups and password on both backends
That will be very important for me. I don’t like to install additional Software for VPN, so I was happy that Nethserver can handle this. This was one of several reasons why I use Nethserver. So please don’t discontinue the L2TP-Support. If it is a System user or sperate L2TP-users doesn’t matter to me.
Is there a formal target release date for a Beta version of NS7? I’m stuck right now with 6.7 and based on its features, I can’t deploy it. Compared to what I have, 6.7 is worthless. With over 800 users, I need full Ad integration (importing, email, etc.) 7 sounds like the answer.
Hi Chris,
I think that you are expecting NS 7 to be something like the old NT style Backup DC ?
Integration with AD, as stated by M$, is: A member of the domain, can use any resource in the AD tree… Not replicate the AD tree…
Also Importing the LDAP will mean that you will need to have them in sync. Meaning that more that one DC active in your organisation (I’m guessing correct here?)
Integration is possible. Domain takeover not yet, unless you completely remove the AD server and let NS control the domain
I suggest to plan and think about what exactly you want to achieve before making any modifications to your setup.
I think that maybe, is better to write here what exactly you intend to do so we can all chip in with suggestions.
Thanks for the quick reply. I have three AD Windows servers. I don’t want NS to do anything with AD except be a member machine.
I just want to use NS for email and owncloud. That’s it. Nothing else. Pretty easy implementation but it is proving very difficult to get it working. I will manage all my users in Windows AD.
If you will use AD, the right tools to manage users will be the M$ consoles. There is not yet a substitute for that in NS.
NS beeing a domain member can be used with success as Mail server for the AD users (IT will not keep the AD replicated but it will query the main server for each user).
