NethServer Samba Domain Controller

v7

(Davide Principi) #1

I’ve just uploaded the first brick of the house to nethserver-testing. Some notes about how to install it on NethServer 7:

http://wiki.nethserver.org/doku.php?id=samba_dc

I’ve succeeded on connecting it with RSAT tools from a Win10 workstation.

Where do we go from here? There’s a lot of work to do! Some sparse thoughts:

  • Any service relying on system accounts must be reconfigured. Whenever possible, any service must use getent system calls to gather account informations and on PAM for user authentication. I want avoid direct connections to the AD LDAP. By configuring the services in this way, we can easily support the deployment of the DC node on remote machines and also on different systems (MS-Windows).
  • I’d like to drop the current implementation of Accounts DB. I’d like an esmith::DB package capable of reading values directly from getent() system calls and from DBus objects.

The first service on my list is the mail server.


Missing Samba domain policies
NethServer::Database implementation
Try out NethServer 7 alpha2 ISO!
Community help for SOGo.conf
Who is talking about NethServer?
Community Digest 8 - March 2016
(Rob Bosch) #2

Why would you want to restrict direct AD LDAP queries? Maybe you can add something like Radius in between? So AD LDAP only responds to Radius queries? Another option is to only authorize authenticated queries.


(Davide Principi) #3

I’m not aiming to access restrictions. I want to take the advantages of the existing abstraction layers over the identity management: glibc/nss, sssd, pam…

Our goal is the support of different scenarios:

  • Local Samba AD DC on NethServer
  • Samba AD DC on another, remote NethServer
  • Remote MS AD

If our services depends on the above standard system libraries (and dont connect directly to AD services) most of the integration work is already done.


@robb, what about a free AD replacement for schools? If you follow the wiki page you can deploy a prototype in minutes :wink: give it a try!


(Rob Bosch) #4

There is already such an option with another project that especially aims at educational environments. It has Samba4 fully implemented and all modules have Samba auth integrated.
Ultimately it would be a HUGE option if NS has the same options. Including Samba4 and educational modules like Chamilo/Moodle/Xibo/Schooltool/Xerte etc…

Maybe the NS project can learn from the LinuxSchools project on how the several tools and applications are implemented. (why invent the wheel another time) The major differences between the 2 projects:
NS: template based, CentOS based
Karoshi server: bash scripting based, Ubuntu LTS based.

link to the project: www.linuxschools.com


(Uwe) #5

Hi Rob,

is this project only for schools or can i use it for me as alternative for SBS from MS?

Regards

Uwe


(Rob Bosch) #6

Hi Uwe,

I mentioned this because I would like to see NS get ahead as fast as possible.
I don’t think it is appropriate to discuss another distribution on these forums. If you want more info, message me privately or have a look at the project page.
My goal will be to get more functionality in NS. Ultimately projects benefit from eachother and use eachothers strong points. As I said: why invent the whel over again.


(Alessio Fattorini) #7

I’m very interesting in these tests, it’s going to be the core :heart: feature of NethServer 7 so we need much help as possible, especially from our testing team @vcc, @mabeleira, @medworthy, @dz00te, @fasttech, @GG_jr, @Adam


(Davide Principi) #8

I’m developing the samba file server and mail server configurations. I’ll send testing updates ASAP! :wink:

BTW I’m proud of the future configuration for samba, dovecot and postfix: about 4K lines of code removed and still we’ve the (almost) the same funtionalities :smiley:

https://github.com/NethServer/nethserver-samba/compare/v7...DavidePrincipi:v7
https://github.com/NethServer/nethserver-mail-server/compare/v7...DavidePrincipi:v7

Thanks to the great work of upstream developers on sssd and samba4 domain controller :slight_smile: This is the BEST NethServer ever

Now I think we’ve to make our part, by improving the esmith::DB and let it talk with other daemons on dbus.


(Alessio Fattorini) #9

Wow, you’re as strong as a horse :racehorse:


#10

When? :smile:

… is it ready yet, huh, huh?


(Alessio Fattorini) #11

Nope it’s not ready, it still needs many tests :wink: take @davidep notes and let us know how it works