MeshCentral 1.1

App
, ,
41

Great that it’s working.
And thanks, you found a bug.

I replaced all occurences of meshcentral with meshcentral-light but there’s a case where this method wasn’t good: ns8-meshcentral-light/imageroot/systemd/user/meshcentral-light-app.service at main · mrmarkuz/ns8-meshcentral-light · GitHub

I’m going to release an update, so next time it should be possible to change the FQDN.

4 Likes
42

Happy i can contribute

2 Likes
43

MeshCentral Light Fix released: Release 1.0.2 · mrmarkuz/ns8-meshcentral-light · GitHub

3 Likes
44

Update of Meshcentral to 1.1.39, see also https://github.com/Ylianst/MeshCentral/releases/tag/1.1.39

Meshcentral: Release 1.0.6 · mrmarkuz/ns8-meshcentral · GitHub
Meshcentral-light: Release 1.0.4 · mrmarkuz/ns8-meshcentral-light · GitHub

2 Likes
45

Updated to Meshcentral 1.1.42.

Release notes: Release 1.1.42 · Ylianst/MeshCentral · GitHub

1 Like
46

Is it possible to restart the app to reload a customized config.json without getting the config.json beeing regenerated?
I´ve added some changes to the config.json but when trying to restart the service with runagent -m meshcentral-light1 systemctl restart --user meshcentral-light the config.json get´s regenerated with the default values. Any ways to prevent resetting the config.json?

1 Like
47

The config.json was removed at restart to be able to change the configuration. If the config.json exists it isn’t changed/updated anymore.

I updated meshcentral-light to not remove the config.json so it shouldn’t be recreated. Please test if works to customize it.

If you want the config.json to be recreated you’ll need to delete it manually and restart the service.

Fresh installation:

add-module ghcr.io/mrmarkuz/meshcentral-light:1.0.9-dev.1

Upgrade: (adapt meshcentral1 to the name of your onlyoffice instance)

api-cli run update-module --data '{"module_url":"ghcr.io/mrmarkuz/meshcentral-light:1.0.9-dev.1","instances":["meshcentral1"],"force":true}'

Step back if something went wrong:

api-cli run update-module --data '{"module_url":"ghcr.io/mrmarkuz/meshcentral-light:1.0.8","instances":["meshcentral1"],"force":true}'
48

Yes, with the update the config.json doesn´t get overwritten by an restart.

This is a win, but it seem´s i made some mistakes in the night and wrongly got to the assumtion, you could reach the LDAP server from the container for authentication…

With ldap server require strong auth = no configured, you can use the LDAP server from an another (not neth-)server for meshcentral auth. I just can´t get my head to understand the module-concept of nethserver…

1 Like
49

Thanks for testing.

Sorry, LDAP isn’t implemented but I’ll try to add that feature asap.

To reach the samba DC you could use the VPN IP or the node IP.

To test the ldap connection by using curl inside the meshcentral-app container:

Enter container:

runagent -m meshcentral-light1 podman exec -ti meshcentral-light-app bash

Install and run curl:

apt update && apt install curl -y
curl ldap://10.5.4.1
curl ldap://192.168.0.10
1 Like
50

Okay, seems ldap auth is working.
Just a quick sumup of what i did:

  1. disabe strong auth on the ldap server
  • runagent -m samba1 podman exec -i samba-dc bash -c "echo 'ldap server require strong auth = no' >> /etc/samba/include.conf"
  1. restarting the ldap server
  • runagent -m samba1 systemctl --user restart samba-dc
  1. installed the custom meshcentral-light version
  • add-module ghcr.io/mrmarkuz/meshcentral-light:1.0.9-dev.1
  1. configured the module in the nethserver webgui (FQDN, letsencrypt, https-redirect) and went to the meshcentral webgui, created the first (admin) account, logged in and logged out
  2. edited the config.json located at /home/meshcentral-light<instance-nr>/.local/share/containers/storage/volumes/meshcentral-data/_data/config.json to make the domain section look like this (values in <> and the “search filter” are to be customized):
  "domains": {
        "": {
        "_title": "MyServer",
    "_title2": "Servername",
    "_minify": true,
    "NewAccounts": "false",
        "_userNameIsEmail": true,
    "certUrl": "https://<your-fqdn-here>:443",
      "auth": "ldap",
      "ldapUserName": "sAMAccountName",
      "ldapUserBinaryKey": "objectSid",
      "ldapOptions": {
        "url": "ldap://<ip-of-ldap-server>:389",
        "bindDN": "CN=ldapservice,CN=<Users>,DC=<ad>,DC=<example>,DC=<com>",
        "bindCredentials": "<lddapservice-pw>",
        "searchBase": "CN=<Users>,DC=<ad>,DC=<example>,DC=<com>",
        "searchFilter": "(sAMAccountName={{username}})"
      }
        }
  },
  1. restarted the meshcentral container
  • runagent -m meshcentral-light<instance-nr> systemctl restart --user meshcentral-light
  1. logged into the meshcentral webgui with ldap account, logged out, removed the ldap part from the config.json, restarted the container, logged in with the first admin account, made the ldap-user admin, logged out, added the ldap-part again to the config.json and restarted the container again
  2. finally it worked

Since you guys are much more clever as i am, you may find a lot of improvements to be made to this “thing”, i would be very excited to see what i did wrong.

1 Like
51

Thanks for the great howto.
IIRC it’s also possible to switch to LDAP before creating the internal admin. As the first registered user gets admin permissions, the LDAP admin should work without needing to set permissions.
On the other hand it’s nice to have the internal admin as fallback in case LDAP doesn’t work.