Nethserver questions

activedirectory
firewall

(karl wheeler) #1

Hi All,

I’m new to nethserver but not linux or sysadmin, but have a few q’s that perhaps the community can answer.

I’m looking at nethserver to replace my current server infrastructure which is currently based on various linux distributions of varying age and a lot of manual config.

I have physical hardware for firewall, fileserver and database server and I prefer it this way in case of fall over.

The firewall is ipfire which is pretty good, and my file server is samba in workgroup configuration, but I want to change to A/D.

So my questions are can I use nethserver in the same configuration ( 3 seperate machines ) and how does that work with the firewall being seperate and using a A/D which i understand samba4 uses it’s own DNS.

Oh and i also want to bring email back in house so I woudl pobably pu that on a seperate machine, but is it best policy to put that in a DMZ ?

Thanks in advance for any help or advice

cheers


(Michael Träumner) #2

Hi @uncle_numpty,
welcome to nethserver. At the following i try to explain how I would configure it.

Yes of course you can use nethserver on 3 separate machines.

The samba AD Server should be DHCP and DNS for your clients. The gateway should be the firewall. For DNS at the server you should use your Firewall (I think it’s also your Router) and/or an external DNS.

@support_team, could somebody else help at this point and have a lokk if my idea of configuration is correct?


(karl wheeler) #3

Hi Michael,

Thanks for the reply.

That makes sense, and It just so happens I have a whole heap of decomissioned pc’s lying around at the moment so i will set up a real network as you have suggested and see what happens :slight_smile:

Cheers


(Michael Träumner) #4

Please tell us how it works, and of course we try help if you have some problems.


(Gabriel GHEORGHIU) #5

Hi guys!

A fast suggestion.

BR
Gabriel


(Dan) #6

Is there a reason these functions need to be on three separate servers? Neth is entirely capable of handling all these in a single installation.


(karl wheeler) #7

Primarily it’s hardware redundancy.

Plus it looks more impressive to the casual observer ( the boss ) to see lots of flashing lights in the server rack :slight_smile:


(Jeroen Visser) #8

I want to shamelessly plug this:

If you follow this installation, and then do the exact same thing again, but join that server to your new domain, and again, you have 3 servers in your new Samba 4 domain. Note that the other 2 servers NEED to use your Samba container’s IP for DNS.

On either of the other servers you install one of the Nethserver mail server packages, depending on your needs, on the other you install the fileserver role.

I would 1-up this … get a proper NAS, put RAID10 on it, and virtualize all these servers on a HA Proxmox cluster (easy to set up) and store the diskfiles on that.

Depending on network topology, you either let a switch or the FW be the default gateway.
Your first Nethserver uses any public DNS server during it’s install, and uses that to reolve any names that the Samba4 container doesnt know about.

You should NOT!!! use the DNS page on the Nethserver adminpage (unless things changed ?) as the Samba4 container doesnt know about these, and thus your domain doesnt either.

I use above in-company, with a bunch more Nethservers for various web-apps and -sites. This works like a charm.

@danb35 …picture this … 1 Nethserver, 3 webapps. I go to update 1 of them, this FUBAR’s … I now need to restore some stuff … and am forced to reload service httpd … multiple times …

popquiz: what happens to my phone ?

Now picture this: I have 3 Nethservers, 3 webapps, one on each. I update 1 of them … yada yada

My phone rings 1/3 of the times of the previous scenario, and I can blame the (scheduled) update and use the planned downtime window for what it’s for … without 2 other apps being down as well.

Yes I update 3 servers instead of 1 at times, but that time 1 of them gives issues that take longer then expected, you suddenly dont mind any longer :wink: