Trying to install NethServer as mail server for existing (and working) samba4 domain (not on NethServer, separate VM), but encountered some… em… misinformation in documentation(?).
“proceed in Windows network page, by selecting the Active Directory member role”
Where is that page? I have installed only “File server” as suggested on top of this page, and still didn’t found it.
Okay, nevermind, I came to “Domain accounts”, click on “Configure” and bind server to samba4 domain using account with sufficient right. I can see users and groups on “Users and groups” page, but again when I click on “Domain accounts” it says that it is unable to join domain. And yes, when I login with ssh and trying net ads testjoin - system asks for SHORTHOSTNAME@DOMAIN password, and that’s it.
Okok, lets try to login into various web interfaces. SOGo, WebTop with domain account - failed. Only roundcube accepts it. So, I have two questions now:
Where is this “Windows Network” thing?
How to login with domain accounts in SOGo, for example?
I am sorry if I missed something, especially in documentation. Please, point me to right direction.
Oh, “latest” thing usually always about latest available version, so it’s a misunderstanding. Thanks for link, @dnutan, I’ll try using it and report back.
Okay, managed to get samba4 domain users listed in NethServer’s server manager, but still can’t connect webtop to domain, even when I follow http://docs.nethserver.org/en/v7b/webtop4.html#active-directory-authentication - users and groups tabs are empty. I am sure I’m entering valid samba4 admin user, because I bind to AD with this user.
Well, okay, looks like I managed to get it solved.
By default samba4 requires starttls which, apparently, not working correctly in SOGo (tried to manually specify encryption = starttls and adding ?STARTTLS to connect string), webtop4 have no ability to use starttls at all (no option in admin panel). So I just added in /etc/samba/smb.conf in section global:
ldap server require strong auth = no
After that SOGo and WebTop4 successfully connected to my Samba4-powered domain.
I’m not sure that changing smb.conf can fix your issue.
/etc/samba/smb.conf would be overwritten by the template system on the next run
ldap server require strong auth should not be effective on the host system because the AD LDAP service actually runs inside the nsdc container, where that parameter has already been set to “no” - see #5067
@gabriele_bulfon, it would be great if WebTop supports STARTTLS!
This is an interesting scenario! Could you provide additional informations about your Samba4 deployment? Which version is? What distro? Is it self-compiled?
I am sorry, right now there is nothing I can help with I’m not using NethServer’s file sharing thing, for this I have separate Gentoo VM with configured Samba4. Maybe, one day it will migrate to NethServer.
I’m not using NethServer’s file sharing thing, for this I have separate Gentoo VM with configured Samba4. Maybe, one day it will migrate to NethServer.