Add/Replace existing AD Domain Controller with ns7

Could someone point me in the right direction? I don’t see anything in the Netserver 7 RC1 on Domain controller setup.

I’m trying to get a new Nethserver 7 RC1 install to join an existing domain as a Domain controller so I can have it take all the rolls and decom my old Zentyal Domain Controller. However, I seem to only be able to setup a new domain controller. Since both Zentyal and Nethserver build there Domain Controller functionality on Samba 4, and Zentyal can join a server to a AD domain as a Domain controller. Nethserver should be able to do the same.

Can any one point me at it?

You’re right, by now we have the provisioning procedure for new domains only. NethServer can be a member of an existing domain, but can’t be “promoted” to DC itself.

However I think this can be accomplished with some commands.

In your case, as the old DC is a Samba 4 implementation too we can also evaluate a backup-restore strategy.

What do you think?

I can give it a try, sure. Can I take it that there will be an option in the future to join a Nethserver as a Domain controller to an existing domain in the future?

If Samba has that feature, we can say NethServer is going to have it too!

follow upstream

Fair enough, I look forward to it.

Did you have a command-line method to get this to work? I can test it for you.

This is the starting point:

• install nethserver-dc
• run this action manually nethserver-dc-install
• configure a bridge interface (say br0)
• config setprop nsdc IpAddress $SOMEIP bridge br0 status enabled, (i.e. SOMEIP=192.168.122.123)
• expand nethserver-dc-save templates manually
• disable provision unit: systemctl --root=/var/lib/machines/nsdc disable samba-provision.service
• systemctl start nsdc
• log on nsdc: systemd-run -t -M nsdc /bin/bash

Refer to Samba wiki to run samba-tool manually:

https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

I understand that the Samba DC runs in a container, or sandbox of some sort, correct? Do you have some info on getting in there in order to run these commands?

Just updated my comment above with some commands, please poke me if more are required!

For instance, to install additional packages in nsdc and make experiments run from the host machine:

yum -y --releasever=7 --installroot=/var/lib/machines/nsdc install iputils iproute ...and-so-on

I’m not following the template extraction process. I’m expecting that I am not running that script directly as it appears to be creating that bridge and other items to sandbox off the DC.

Could I get some clarification on the template process.

please, invest some time to search here and in documentation about templating…
almost all conf files are templatized… if you want to deal with NS, you’ve got to learn how templates work

You can start from this:
http://docs.nethserver.org/projects/nethserver-devel/en/latest/templates.html
and
http://docs.nethserver.org/projects/nethserver-devel/en/latest/databases.html

just run

expand-template <file>

Is Samba 4 joining an existing domain as a domain controller going to be supported in release 7 or will that be for another release?

Yesterday, I succeeded on joining nsdc to an existing AD domain with a manual procedure.

I’m going to write down a wiki page with the detailed steps.

I guess we’ll release an UI during the ns7 lifecycle, after ns7 Final release.

Edit: here we go!

http://wiki.nethserver.org/doku.php?id=howto:add_ns7_samba_domain_controller_to_existing_active_directory

Can we test this procedure in depth? I’m keen to see it in action
@Walter_Schoenly @Stefano_Zamboni

well, I’m not using NS nor windows

Sorry, since you often write and answer questions here I supposed you are a user and would like help us to improve the product. My fault!

I’m doing it already

I’m going to test this both with windows and pre-exisiting samba4 DCs… will report back on this thread with eventual findings.

Thanks @davidep for the wiki entry!

Wiki page contents were updated!