AD and VirtualBox

virtualization
activedirectory
v7

(Markus Neuberger) #7

Do you use this module or did you install virtualbox manually?


(Stéphane de Labrusse) #8

Good question, I was asking myself


(Thomas M. Ball) #9

I am new to Nethserver, so I installed it manually.
should I remove it and use the module?


(Markus Neuberger) #10

Welcome to Nethserver Community!

Yes, please remove it and help testing the module. It provides a web interface too.


(Stéphane de Labrusse) #11

yum install nethserver-virtualbox-5.2-phpvirtualbox --enablerepo=nethforge-testing


(Thomas M. Ball) #12

OK, I removed Virtualbox and installed the nethserver version. I did a “/sbin/vboxconfig”.
The rest of the documation is confusing.
Problem persists…
I think it is a firewall, routing, something problem
I have absolutly NO knowledge of firewall…


(Markus Neuberger) #13

I am trying to reproduce your issue, actually installing Win 10 in a virtualbox VM in a VMWare VM running NethServer.

You may try to fully disable the firewall with

shorewall clear

To enable it again: signal-event firewall-adjust

Does pinging the samba container from Windows 10 work?


(Markus Neuberger) #14

I could reproduce the issue. A virtualbox guest can’t reach the samba container by default.

After changing the virtualbox network adapter bridging from ens33 (my local network interface) to br0 I was able to ping the container but no port was reachable.

Then I found a working solution:

Create a new tap interface:

ip tuntap add mode tap tap0

Add it to the bridge br0:

brctl addif br0 tap0

Bring up the interface:

ip link set tap0 up

Connect the VM network bridge interface to tap0.

Now it should be possible to reach the samba container from the Win 10 guest and join the AD. These changes are lost after a reboot.


(Stéphane de Labrusse) #15

Fun, does it is specific to nethserver, I use myself virtualbox on a fedora, I do not remember if a windows guest can even ping the samba container. I need to try.

Can we imagine to script this ?


(Thomas M. Ball) #16

I am migrating from a Ubuntu installation and had no problem with the Windows guest to access the domain…
Markus: how did you even find that solution? I am in awe…
The academical question would be why this effect is happening.
The pragmatic question is: how to make it persistent? Should I create a bash script and run it with crontab?
Thomas


(Markus Neuberger) #17

Whereas in Ubuntu the samba dc is local, Nethserver runs the samba domain controller in a systemd-nspawn container, see I still don't get why Samba has to be run in a container
There seem to be problems to reach the container from a virtualbox guest.

It should be possible with network scripts, I’ll post if I have something working…


(Roland Engelsma) #18

Probably a stupid question, but might adding an interface neth side and then appointing that interface through the vm solve things? Or, would the virtual netadapter show up somewhere to be able to assign it a role or something?

I ask this because I had to appoint an ip address through dhcp each time I created a vmware vm on my main system before it could reach the network. I eventually might try to get a vm going on the server, hardware should be fine, but there are a few uncertainties I’d need to clear out before I try.


(Markus Neuberger) #19

In the case of virtualbox it seems to be a solution.

Create /etc/sysconfig/network-scripts/ifcfg-tap0 with this content:

DEVICE=tap0
TYPE=Tap
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0

Reboot and set the virtualbox VM bridge network to tap0.

There may be problems with openvpn or ipsec because they probably want to use tap0 too, I have to check…

AFAIK VMWare sets the IP on NATed devices via DHCP, you may try to bridge instead of NAT.


(Roland Engelsma) #20

I always bridge, but have dhcp set to only allow connections from reserved ip’s, some times leading to disconnections if for some reason, the mac address of the vnet adapter changed.

What I’m also wondering is, if the virtual box, somehow would expose an interface to nethgui or so. If yes, wouldn’t be enough to just bridge the interface from vbox to green? I’m just trying to understand / learn some does and don’ts … :slight_smile:


(Markus Neuberger) #21

Did you try to set the MAC?


(Markus Neuberger) #22

Thanks, I’ll have to test but this may work:

https://loune.net/2015/03/bridging-virtualbox-and-lxc/

I like this approach more because virtualbox uses it’s own vbox0 interface instead of a tap interface (that may be used by VPN too).


(Marc) #23

Just a small correction, AD is implemented in a systemd-nspawn container.


(Markus Neuberger) #24

Thanks, corrected it in my posts.


(Thomas M. Ball) #25

OK, what I did:
I included the startup commands for the vbox interface into the script of my virtualbox launch. now the interface is startet, when i start the machine. Problem solved.
Thanks alot guys!

VBoxTunctl -u root -g vboxusers -t vbox0
ifconfig vbox0 up
brctl addif br0 vbox0
sudo -H -u vmuser VBoxManage startvm 10 --type headless


AD & VMware workstation
(Stéphane de Labrusse) #26

Does virtualbox can accept some command to start a vm or you use an external script to do it?

How to implement this in the rpm, br0 could not exist if we do not use nethserver-dc (samba4)