Can two Nethservers be connected for Domain use (one had domain and the other doesn't?)

Hello Forum,

Not sure where to put this question so hopefully the community category is a good start.

My Title is a little complicated…let me explain what I’m hoping to accomplish.

I have Nethserver running as my Domain, Nextcloud, Mattermost, WebTop (mail) and backup server. All featured apps from Nethserver so they are supported though regular Nethserver updates.

But I see other community apps that I know would be very useful for us to use like Guacamole and Zabbix. But I don’t want to install these on my main Nethserver. So my idea is to spin up a second Nethserver and have it use the first Nethserver as my domain so when I install Guacamole or Zabbix on these second Nethserver it uses the same domain accounts from my Primary Nethserver.

Hopefully I’m making sense here on what I want to accomplish. Any advice on how I can achieve this? Perhaps @Andy_Wismer has some good advice for me from his many years of building great solutions! :slight_smile:

Thank you.

I would join your second NS install as a BDC and Join an existing Active Directory domain to your primary NS active directory.

2 Likes

@greavette

Hi

Any Nethserver can join an AD, even if it’s another NethServer hosting the AD.
In Windows lingo, it’s then a Member Server.
Users and Groups from AD are valid!

Splitting up duties isn’t a bad idea!
Load, Security, Continuitity, there are several valid reasons for doing this!

What Royce posted above is also a good idea, but not officially supported by NethServer (Although it works!). Then again, this would be your second NethServer…

My 2 cents
Andy

1 Like

I think @royceb points to the right information but gives another explanation. What he explains is joining NethServer as a 2nd domain controller (he calls it a BDC, a term from the NT4 era). The info is about joining as a memberserver.
Now this is the way to go for @greavette to add a 2nd NethServer to his network so the services on the 2nd NethServer will be available for the same user accounts as the existing NethServer.

If you want multi DC (what @royceb suggests) there is a proof of concept that IS BY NO MEANS SUPPORTED, IF YOU USE IT YOU ARE ON YOUR OWN (did I realy do all caps here?))
@davidep has created this page on our wiki: https://wiki.nethserver.org/doku.php?id=howto:add_ns7_samba_domain_controller_to_existing_active_directory

cheers, robb

Hello Team,

Yes I would like to use a second Nethserver but NOT as my second domain server. I’m planning on installing community supported modules on this second Nethserver for use in our office.

Will the joining of this second Nethserver (which I will call Nethserver2) to my Nethserver Domain Server allow the apps on Nethserver2 to be able to login users using my Nethserver Domain Server?

Thank you.

@greavette

Morning Charles

Yes, a member server has access to all groups and users in AD, so Apps on this member server CAN use AD auth!

My 2 cents
Andy

2 Likes

@greavette: during installation of the Samba4 AD accountprovider of your 2nd server you will have a choice to create a new domain or to join an existing domain. You should choose this 2nd option and you are good to go. The new server will join the Samba4 domain and you will see all users and devices.

3 Likes

@robb Thank you, my vocabulary/vernacular was more than likely incorrect for what I meant. There are multiple correct examples of what I intended.

@greavette Here is an example of what I think you wanted to accomplish. Here demoed are 2 NS servers with ns-demo1.nethsa.ga being the primary SAMBA4 account provider and ns-demo2 joined to the ns-demo1 SAMBA4 domain of ad.nethsa.ga.

3 Likes

Thank you all for your comments. I’ve successfully attached my Nethserver2 to my domain Nethserver and as mentioned I can now see all my domain servers in my Nethserver2.

With this setup I can now install community created/supported applications and keep my Primary Domain Nethserver used for only supported Nethserver apps. Not that I don’t trust the community apps but it’s a concern for me if an upgrade to Nethserver breaks one of those apps and possibly impacts the use of my Nethserver apps. I don’t need that risk.

Thanks again team!

2 Likes