Nethserver 7b2 as mail server for existing samba4 domain

NethServer Version: 7b2

Trying to install NethServer as mail server for existing (and working) samba4 domain (not on NethServer, separate VM), but encountered some… em… misinformation in documentation(?).

First of all, on page http://docs.nethserver.org/en/latest/samba.html I read:

“proceed in Windows network page, by selecting the Active Directory member role”

Where is that page? I have installed only “File server” as suggested on top of this page, and still didn’t found it.

Okay, nevermind, I came to “Domain accounts”, click on “Configure” and bind server to samba4 domain using account with sufficient right. I can see users and groups on “Users and groups” page, but again when I click on “Domain accounts” it says that it is unable to join domain. And yes, when I login with ssh and trying net ads testjoin - system asks for SHORTHOSTNAME@DOMAIN password, and that’s it.

Okok, lets try to login into various web interfaces. SOGo, WebTop with domain account - failed. Only roundcube accepts it. So, I have two questions now:

  1. Where is this “Windows Network” thing?
  2. How to login with domain accounts in SOGo, for example?

I am sorry if I missed something, especially in documentation. Please, point me to right direction.

Hi @pztrn, that is the documentation for NethServer v6.8.
For NethServer 7 take a look at http://docs.nethserver.org/en/v7b/accounts.html

Oh, “latest” thing usually always about latest available version, so it’s a misunderstanding. Thanks for link, @dnutan, I’ll try using it and report back.

You would be right if the latest is stable, but NethServer 7 is still in Beta2 stage :slight_smile:
Anyway, welcome here!

Okay, managed to get samba4 domain users listed in NethServer’s server manager, but still can’t connect webtop to domain, even when I follow http://docs.nethserver.org/en/v7b/webtop4.html#active-directory-authentication - users and groups tabs are empty. I am sure I’m entering valid samba4 admin user, because I bind to AD with this user.

@GG_jr @lucag and @gabriele_bulfon could help you here

Well, okay, looks like I managed to get it solved.

By default samba4 requires starttls which, apparently, not working correctly in SOGo (tried to manually specify encryption = starttls and adding ?STARTTLS to connect string), webtop4 have no ability to use starttls at all (no option in admin panel). So I just added in /etc/samba/smb.conf in section global:

ldap server require strong auth = no

After that SOGo and WebTop4 successfully connected to my Samba4-powered domain.

I think it worth to add this in documentation.

2 Likes

Great, I think we have to investigate the option to support starttls on ldap connection.

1 Like

I’m not sure that changing smb.conf can fix your issue.

  • /etc/samba/smb.conf would be overwritten by the template system on the next run
  • ldap server require strong auth should not be effective on the host system because the AD LDAP service actually runs inside the nsdc container, where that parameter has already been set to “no” - see #5067

@gabriele_bulfon, it would be great if WebTop supports STARTTLS!

I should clarify my first post :slight_smile:

I already have Samba4-powered domain up and running, and not on NethServer.

1 Like

Thank you @pztrn!

This is an interesting scenario! Could you provide additional informations about your Samba4 deployment? Which version is? What distro? Is it self-compiled?

Of course, it’s on Gentoo, samba’s version is 4.2.14, with following use flags enabled:

acl addc addns ads aio client cups fam gnutls ldap pam winbind

Provisioned using samba-tool.

1 Like

Amazing! :heart_eyes:

Would you like to help us? Please have a look at this topic,

I am sorry, right now there is nothing I can help with :frowning: I’m not using NethServer’s file sharing thing, for this I have separate Gentoo VM with configured Samba4. Maybe, one day it will migrate to NethServer.

2 Likes