I would like to discuss what options there are and what would be considered 'best practice" in setting up NethServer with Samba4 DC in a situation with multiple locations.
- Local LAN is at the office. Currently running Windows AD + Exchange on 2 Windows 2016 instances. Firewall/Gateway is done trhough pF-Sense. pF-Sense also provides OpenVPN access to the local LAN. The fileserver is FreeNAS. FreeNAS also hosts the 2 Windows 2016 VM’s
Both pF-Sense and FreeNAS use a local userdatabase (so there are 3 sets of users: MS Active Directory, FreeNAS and pf-Sense)
- Website is hosted in a DC.
- I have access to DNS settings so I can add and change DNS records for the registered domain.
Exhange is currently configured with a pop3 connector fetching mail from an externally hosted mailserver (with limited amount of mailboxes and emailaddresses)
My idea of changing the current situation:
Instead of Windows 2016, switch to NethServer for both Samba4 AD account provider aswell as mail (SOGo) I could replace the Exchange server at the local LAN, but I would prefer to move the mailserver to a VPS in a DC in order to eliminate the restricted amount of (contracted) mailboxes.
Ideally I would like to reduce the amount of user databases, with a minimum of impact on the ICT environment.
So there are a few options:
Leave pF-Sense and FreeNAS as they are (leaving the user databases as they are), Replace the Windows 2016 AD server for NethServer with Samba4 Account provider. Move the mailserver to a DC so it can act as a full blown mailserver, so there is no limitation of mailboxes anymore.
For the local domain name I would use ad.company.com so the NethServer would be named: ns7.ad.company.com
Now the part to add the mailserver: I could opt for 2 scenario’s:
- recreate the current situation and use a pop3 connector
- move the mailserver to a DC
Can the same (Samba4) userbase be used in both scenario’s? How should this be configured? Or would it be better/easier to configure the mailserver with a separate user database?
Lastly: would you let Pf-Sense and FreeNAS join the Samba4 domain? It would eliminate 2 user databases. This would reduce administration and possibly errors. On the other side, by changing the user databases for pF-Sense, would need to re-issue all OpenVPN certificates for all users.
BTW, we are talkin about 12 users and it is not likely this will explode in the near future, so it is a small network.
Looking forward to your comments and advices.