Nethserver as primary domain controller and active directory member

hello Im trying to configure two nethservers, one a primary domain controller and the second one as a active directory member of the first one.

No matter which configuration i use, i keep getting this error:

Task completed with errors # (exit status )
Failed to join Active DirectoryServer role in Windows network

can someone help me with this? or at lest point me to any documentation beside the nethserver configuration that doesnt help too much

thanks

NS can be a DC in NT style (no AD) and can also join a AD domain as a member…

but you can’t join a NS to a NS

any way to have 2 nethservers on the same network and use one to manage users and the other use the same ldap users of the first one?

it depends on what you are aiming to do…
from the “slave” server you can (AFAIK) use ldap on the “master” one… but doing so having 2 NS is likely useless, since on the “slave” one you can’t use many features…

actually I’m searching for exactly the same feature.

I’d like to have 3 NS. One as ldap directory, the second as file server and the third as mail server.

Is there a way to realise that?
What do you mean with you can’t use many features?

I guess a solution would be to have another domain controller (not ns, AD and ldap) in the network to manage users and joining the ns Servers (mail, file sharing) to the AD, right?

Hi @Pascal_Michard and @vejitaku
happy to hear from you and thanks for posting :wink:
imho there is no way to achieve something like this, maybe @giacomo or @davidep could confirm my sentence…
as a matter of fact NethServer is often alone in the network (I remember you that we’re speaking about sme or smbs) so using another ldap directory it’s not doable.

Could I ask you why? Why not install everything on one NethServer? Why use a backup server or use three servers instead of a single one. Clarifying the goal we can discuss a new feature…

You’re right, we don’t have this feature.
Maybe it’s time to work on it, but it will take a long time!

In my case we are planning to use a cloud server for authentication and have the nethserver installation inside our private network, so we are investigating all the possible ways to archive our goal

:smiley:

Somebody, sometime, said: Don’t put all eggs in the same basket.
Personal, I’m agree with this. When is possible.

1 Like

Thank’s for the warm welcom.
I’d prefer to separate the services mail, file server and DC(ldap) mainly to have the possibility to backup them separately and to have the ability to quickly recover for example the DC, as I have other services wich authenticates against it. Used storage on the file and mail server will grow quickly and if I have to wait several hours or days for recovering the other services cannot be used during this time. Another thing is that it is more flexible. If running in VMs they can more easily be moved between servers if necessary.

Actually I’m searching for an alternative to zentyal and neth is very impressive. I like it very much. Very sad to hear that my use case is not feasible.

Any way keep up the good work, I’ll investigate further if I can find a solution. If someone has an Idea please let me know.

1 Like

Just a side-note, you can always quickly restore a server using the configuration backup!
See: http://docs.nethserver.org/en/latest/backup.html#backup

thx,

I’ll give it a try.

So best practice would be to first recover config and to have the AD running and then to recover files which takes longer right?

Don’t you have security concerns when running everything on a single machine?

In case the mailserver get hacked f.e. isn’t then the file server in danger too?

Just something ot: How long does neth exist?

Right.

I usually prefer a single server for my customers (which are really small and usually don’t want more than 1 system running). I understand the security implications of “all eggs in one basket”, but my experience so far has been good.

Nethesis, the company sponsoring NethServer is running since 2003.
We forked SME Server to create NethServer in 2010, the first publicly available release of NethServer was in December 2012.

2 Likes

Ok, so I need to know if this can be archived:

  1. One server on the cloud that have the users, maybe a nethserver, a zentyal or a pure ldap.
  2. One server located in office A, this server have installed nethserver and owncloud and connect to the server in the cloud so the users can be authenticated againts the server on the cloud.
  3. One server located in office B, with any other service that use users and like the server in office B have installed nethserver and want to connect or replicate the users from the ldap in the nethserver installed on the cloud.

Nethserver allow this or i have to do this manually configuring the ldap to make the consumer-producer work?

Hello @giacomo thanks for your answer!

Now, I still want to archive this configuration, be able of having server as a ldap producer and seveal servers as ldap consumers. After your aswer the only solutions that i see to archive this are:

  1. Having another system (windows server with active directory or zentyal) as the Primary Domain Controller, and the nethserver as an Active Directory Member,
  2. Modify the ldap config files to try to make the nethserver a ldap consumer of another ldap.
  3. Another solution that maybe you have and that I dont know xD

In conclusion, I’m trying to have a network where several services (owncloud, subsonic, samba, jabber, etc) use the same ldap, but having those services in 2 or 3 servers. Is important because in the future we could have more than one office and we are trying to delegate the manage of the users to one server that could be in the cloud.

Thanks for your help!

I’m completely new to the NS community but since I’ve been searching for this same topic I’ll add my few cents:

  • For a smaller company, an all-in-one system might be OK.
  • Separating de Gateway/Router/Firewall function into one machine and Domain Controller/DHCP/Radius etc., etc. into another would be ideal. For larger installations, DB, web and file servers should be different machines.

I’ve been playing with ClearOS, NS, Zentyal, etc. and so far NethServer seems very “clean”. I don’t care for colorful fancy interfaces but rather well organized and intuitive menus and placement of related items.

I’m in charge of IT in a school in northern Argentina with a potential of 300+ students accessing the network. Next school year (starting March of 2016) I would like to offer a central user authentication, Moodle, OwnCloud, etc.

As far as separating services in different machines… Take a look at what www.linuxschools.com also called “Karoshi” are doing. They have a lot of the same features/modules of NS, ClearOs and the likes but has the options of having a master domain controller and slave machines with other functions completely controlled from the main server´s GUI. The interface is not as polished and a bit confusing but it is still an interesting idea… if not a feature/option for a future NS release.

So what y’all think?

You can have NethServer on different machines as well, it’s a common use case.

Do you have already seen that?

Ehi @vejitaku have you achieved your goals? Keep us in touch please

A post was merged into an existing topic: Introducing new members on community - 12 Oct 15

@rothere @vejitaku @Pascal_Michard we have already this feature now, it’s present since our NethServer 7 alpha release. Can you please help us out testing the beta?
Please, I’d like to close this topic as “Implemented” :slight_smile:

1 Like