Better AD implementation

Well maybe this is a newbie thing and is clear for people with some expertise in NS…
It is very confusing how the “internal” domain is set (by enabling Active Directory and defining the “internal” domain… you just don’t actually know you define the internal domain there. Or when defining the actual hostname (actually FQDN!) in NS server, you actually define the EXTERNAL domain! If I am wrong, then this proves even more my point that it is confusing.
NS really needs to clean this part more.

Also why when enabling Active Directory the server needs an extra IP?
This is not a requirement in Zentyal, nor was ever a requirement for actual Windows Domain Controllers).

The most important thing about AD. You cannot have an editable active directory tree and organize it as needed. Only a simple single level of “users” and “groups” is implemented (not computers joined, not folders, not anything).
Samba 4 DOES implement that, so it is a matter of actually displaying this functionality in the GUI.

No roaming profiles. Zentyal does that (and Windows servers…).

Disclaimer part:
I actually evaluated several solutions (in VMs) and I found the strongest competitor to be Zentyal.
I hope this is not taken wrong, but here are my feelings about how NS could be improved. I.e. my list of things missing (and needed) that ARE available in Zentyal. Not a complete list, just what I believe is vital.
NOTE! My comparison between the two systems, also includes MANY positive things for NS. Thing is, positive things are not helping to improve a product. :smile: So I may list those in some other thread (or in my blog), not here. I am not bashing NS in any way. Actually I am heavily leaning towards NS for my home server (within an unRAID VM), this is why I post here what I think should be in. As it is “closer” than other “finalist” Zentyal, to what I need already.
Really hope some of these things do get implemented eventually.

1 Like

It’s documented here:

http://docs.nethserver.org/en/v7/accounts.html#dns-and-ad-domain

The DC runs in a container because of port 53 being in use by dnsmasq and kerberos incompatibility.

Nethserver wants to keep it simple.
It seems RSAT from a Windows client is widely used to manage AD.

There’s an ldap editor too:

https://wiki.nethserver.org/doku.php?id=phpldapadmin

I didn’t test but roaming profiles seem to work:

6 Likes

Thanks for the detailed reply.

You’re welcome.

There are some threads about migrations from Zentyal to Nethserver:

https://community.nethserver.org/search?q=zentyal

Please share your comparison in this thread:

There are some community modules too (may extend your feature list) :

https://wiki.nethserver.org/doku.php?id=modules

2 Likes

Well LDAP editor project seems dead. Nothing on it’s repository.

The Zentual to NethServer threads are ancient talking about very old versions of both.

Two other modules I tried to install also didn’t install (like SambaStatus).

I tried it now and it worked. Did you install stephdl repo first, see https://wiki.nethserver.org/doku.php?id=stephdl_repository

Which other module?

Yeah sorry, I misspelled something in Stephdl repo.

The other module is SambaStatus. Cannot install the rpm.
That repo needs activation? Please guide me.