Nextcloud login with sssd cache_credentials

NethServer Version: 7.7.1908
Module: openldap, nextcloud
Relevant files: /etc/sssd/sssd.conf
Additional test tools: sssctl (from sssd-tools), ldbsearch (from ldb-tools), authconfig --test

Test environment:

  • Main server with openLDAP provider
  • Secondary server with Nextcloud. Secondary server bound to main server (remote ldap).

Is it possible to make Nextcloud accept logins (I guess from sssd cache) when main server is down?
If possible without having to setup an LDAP Backup Replica.

Currently NC is using the LDAP authentication, so it doesn’t use SSSD and PAM.
You try to use this extra app: https://apps.nextcloud.com/apps/user_pwauth

Thanks. It does accept logins from cached credentials by installing and adjusting pwauth path and disabling user_ldap app, but it creates a new user directory (does not match LDAP user directory).

1 Like

If you can’t have redundant login server (and currently NethServer do not support that) you cannot rely on LDAP for login on NextCloud…

@dnutan

Hi

Your best bet in using NethServer is HA virtualization. With Proxmox underneath, as I believe you’re using, you can use Proxmox HA, and live backups say every 6 (or 3) hours.

You may still may have downtime, but it’ll be quite low!

My 2 cents

Andy

Thanks both for the answers. Andy, sadly no real experience with proxmox …at the moment.

@dnutan

Try an hour with proxmox - i’ll bet you’ll never regret it!
It’s up and running on any PC (enough RAM to play around, working well with 8192 GB RAM, the more the better…).
Downloading the free ISO and installing it takes about 30 mins…
It’s completly free, like NethServer, they do have a “certified” REPO, the license costs are minimal, I use “Community”, at less than 100€ / CPU-Socket / Year…

It’s NEVER let me down in 5 years!

Besides which, a LOT of the good guys here are already Proxmox users, @robb, @mrmarkuz and many, many others… We’d like to say: Welcome to the club!

Example: Installed at a hotel. They use a Windows Hotel Software, running on a Win2016 Member Server of the NethServer AD. The Proxmox hardware is a HP Proliant ML110 G7 (6 years old!) with 32 GB RAM.

We restored the Live Backup we created on a Mac Mini with i7 and 16 GB RAM and Proxmox installed. Windows Server booted up, no bitching about Hardware changing (I always use the KVM virtualized CPU, that will run on any real CPU - and from a Windows OS point of view, the CPU never changed…

The whole demo took about an hour, just to show our client - and my business partner - how powerful Proxmox is!

Live Backup of Windows Server - included in Proxmox. (It can use Shadow copy, in case you’re wondering…)
That would cost at least a thousand for commercial software for Windows (inkl. SLQ-Server). But NONE of those software could restore that on a Mac Mini with that different hardware - without ANY issues whatsoever!

Proxmox has a LOT of updates, but may only need one or two reboots in a year! All updates I do LIVE, while people are working! No one’s ever noticed!

(Map made as a screenshot from Zabbix Monitoring, running on NethServer. On the Map at ca 18:00 o’clock…)

Proxmox comes with Cluster capabilities (I use cluster almost at all sites) AND full HA High Availibilities. All free and stable and fast!

Note: High Availability requires 3 working nodes - even when one’s down. That means you need a minimum of 4 nodes. 3 could be servers, one a PC running Proxmox, but just for testing environments - and for that famous number 4 often forgotten!

These are 6 - 7 year old servers. But:
Live Migration (moving a VM from one host to another) takes about 90 seconds!

My 2 cents
Andy