Good catch! Because Samba 4 runs inside a container which is basically a virtual machine inside the real NS 
1 Like
Samba upstream package does not provide the DC role, by now.
@giacomo and @mark_nl already answered, I just want to add: Samba itself suggests keeping the file server / domain controller roles on separate servers.
Whilst the Domain Controller seems capable of running as a full file server, it is suggested that organisations run a distinct file server to allow upgrades of each without disrupting the other
Moreover, I must admit it simplified a lot the configuration both on the file server side (the āhostā machine) and the domain controller side (the āguestā machine/container).
So Iām sure an additional IP address is a small price to pay for having them both on NS7 
5 Likes
Thank you all for enlighten me! I really didnāt know!
Of course doesnāt matter. I just want to understand some things which are new for me.
1 Like
Your question was not stupid at all. I want to say thank you @GG_jr for sharing your experience: your feedback is very important for developers and Iām sure it will be very useful to those who endeavor NS7 testing 
4 Likes
AFAIK the first outside Pesaro 
You were asking about accounts from multiple domainsā¦ like john@dom1.com patricia@dom2.net
You know this is not supported on ns6 neither it is planned on ns7. However I hope it can be implemented easily with SSSD, with OpenLDAP backend. I tried it with AD, but realmd seems supporting the join to a single domain only.
1 Like
I probably would have tripped up on this too, so Iām glad you talked this out here for us to understand it too.
2 Likes
Ahhh, I thought you guys were going to get rid of that 90 sec shutdown hold timeout.
2 Likes
Yeahā¦ But power on is fast.
Hi Davide,
Any news about āsogo-frontendsā package?
I installed snort clean after updates to a fresh install rule policy Expert andā¦
May 23 11:34:26 server88 snort[2705]: FATAL ERROR: /etc/snort/rules/snort.rules(6698) Unknown rule option: 'ssl_version'. May 23 11:34:26 server88 snortd: Starting snort: [FAILED]
[root@server88 rules]# cat snort.rules |grep 6698 alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Compromised Website response - leads to Exploit Kit"; flow:to_client,established; file_data; content:"<!--ded509-->"; content:"<!--/ded509-->"; distance:0; metadata:policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.jsunpack.jeek.org/?report=c94ca7cda909cf93ae95db22a27bb5d711c2ae8f; classtype:trojan-activity; sid:26698; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SUSPICIOUS services.exe in URI"; flow:established,to_server; content:"GET"; http_method; urilen:<100; content:"/services.exe"; http_uri; nocase; fast_pattern:only; pcre:"/\/services\.exe$/Ui"; reference:md5,145c06300d61b3a0ce2c944fe7cdcb96; classtype:bad-unknown; sid:2016698; rev:12;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII"; flow:established,to_server; content:"/detail.asp?"; nocase; http_uri; content:"action="; nocase; http_uri; content:"ASCII"; nocase; http_uri; pcre:"/ASCII\(.+SELECT/Ui"; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006698; classtype:web-application-attack; sid:2006698; rev:7;)
Those run-time thingy thingies still are in the hart of nethserver, probably the heritage of SME.
systemctl reboot/poweroff should take care of that, why can it not be trusted?
Only the Expert policy has more than 10 rules enabled, it seems the rule policy still need some tweaking, I know weāve talked about this before when I was trying ips in v6.7.
I canāt test snort at all really until I can get snort running with Expert policy per my previous post.
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|connectivity
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|expert
May 23 11:34:23 server88 esmith::event[2669]: Rule Stats...
May 23 11:34:23 server88 esmith::event[2669]: #011New:-------27256
May 23 11:34:23 server88 esmith::event[2669]: #011Deleted:---0
May 23 11:34:23 server88 esmith::event[2669]: #011Enabled Rules:----20467
May 23 11:34:23 server88 esmith::event[2669]: #011Dropped Rules:----0
May 23 11:34:23 server88 esmith::event[2669]: #011Disabled Rules:---6789
May 23 11:34:23 server88 esmith::event[2669]: #011Total Rules:------27256
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|expert
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|security
May 23 11:56:59 server88 esmith::event[3249]: Rule Stats...
May 23 11:56:59 server88 esmith::event[3249]: #011New:-------0
May 23 11:56:59 server88 esmith::event[3249]: #011Deleted:---0
May 23 11:56:59 server88 esmith::event[3249]: #011Enabled Rules:----8
May 23 11:56:59 server88 esmith::event[3249]: #011Dropped Rules:----906
May 23 11:56:59 server88 esmith::event[3249]: #011Disabled Rules:---26342
May 23 11:56:59 server88 esmith::event[3249]: #011Total Rules:------27256
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|security
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|balanced
May 23 12:11:03 server88 esmith::event[3881]: Rule Stats...
May 23 12:11:03 server88 esmith::event[3881]: #011New:-------0
May 23 12:11:03 server88 esmith::event[3881]: #011Deleted:---0
May 23 12:11:03 server88 esmith::event[3881]: #011Enabled Rules:----10
May 23 12:11:03 server88 esmith::event[3881]: #011Dropped Rules:----785
May 23 12:11:03 server88 esmith::event[3881]: #011Disabled Rules:---26461
May 23 12:11:03 server88 esmith::event[3881]: #011Total Rules:------27256
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|balanced
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|connectivity
May 23 12:12:47 server88 esmith::event[4406]: Rule Stats...
May 23 12:12:47 server88 esmith::event[4406]: #011New:-------0
May 23 12:12:47 server88 esmith::event[4406]: #011Deleted:---0
May 23 12:12:47 server88 esmith::event[4406]: #011Enabled Rules:----2
May 23 12:12:47 server88 esmith::event[4406]: #011Dropped Rules:----8
May 23 12:12:47 server88 esmith::event[4406]: #011Disabled Rules:---27246
May 23 12:12:47 server88 esmith::event[4406]: #011Total Rules:------27256Trusted?
Not a big deal at all, just, what seems an unnecessary delay during reboot, I donāt think any of my v6.7 installs have a delay, Iāve only noticed this on v7, but now I canāt remember about v6.7.
Shoot, I just realized I forgot to snapshot this install before I installed ips, now Iāll have to reinstall to test anything else. Boo.
2 Likes
I think I did that for about 10 times. 
1 Like
Your in the testing mode, so try a systemctl reboot and time it 
No need for systemctl, simply shutdown at shell shuts the machine down in a couple seconds.
The 90 delay is triggered when using the gui shutdown options.
1 Like
I bet snort changed default configuration once again.
@filippo_carletti can you take a look on it?
I just removed the package from the yum group, you can install sogo from the UI as soon as mirrors are in sync.
I think the timeout on shutdown from interface is something more systemd related. We are investigating it!
Listed modes are from upstream project pulled pork.
2 Likes