Hi again all, after a long time. I will repeat myself from previous visits:- my visits are seldom because Nethserver has been very stable for me for so long. I’ve been studying the docs but would appreciate any suggestions, advice or warnings based on my scenario please.
I have wanted to migrate to NS8 for quite a while but have been considering my overall setup. I was going to keep my windows domain (AD/DC) but I’ve now decided to try and replace it with NS8 samba AD. The windows AD server is used for RD gateway (I’ll use VPN’s instead), windows PC auth and user/group/share auth for a qnap NAS (read only connection to domain).
My current NS7 setup: Internal ldap accounts, 10 users, email with webtop5. The email/webtop domain is the same domain as the windows AD domain.
I have a new VM with a fresh NS8 cluster ready to go but I’m not sure of the best way to achieve my desired result.
If I use the migration tool method successfully, can I add the samba ad domain somehow and get my users email and webtop setting tied to the samba accounts?
Or, should I consider changing our live NS7 setup to use samba before using the migration tool? When I log in to Users & Groups in NS7, there is a button to “Upgrade to Active Directory”. I haven’t found what process that would trigger and am reluctant to try.
Or, with my relatively small setup, do I skip the migration tool and start fresh with NS8 samba ad and try and import each user’s email with imapsync or another method (eg. straight copy or user folders), then enable webtop5?
Maybe some other method I have missed. Any ideas are very much appreciated.
I think migrating to NS8 first and then switching from OpenLDAP to AD on NS8 is the safest approach as NS8 allows more user domains so you can export the users from OpenLDAP and import them to Samba and then change the used user domain for the mail app.
In any case please take care to have a backup of the NS7.
During migration it’s not possible to switch from OpenLDAP to Samba. It could be done after migration by exporting the LDAP users and import them to a newly created Samba AD, see User domains — NS8 documentation
I will concentrate and act on your first paragraph but thanks for answering my other speculative questions.
I think I will do this in 2 stages: First → Migrate with the migration tool to NS8 and make sure everything is OK for a week or so. Then → Add the internal Samba AD account provider.
When I get to stage 2: Do you think there will be any potential issue when the new Samba top level domain name is the same as the existing top level email domain name?
Maybe I should edit the email domain name to some temporary name prior to adding the Samba AD?
For the export LDAP users → import Samba AD users process: Will this allow the same username format? My LDAP users are currently firstname.surname format. Maybe I edit the file to add “@mydomainname” to firstname.surname prior to importing?
You should keep the same usernames (without appended domain) so they are correctly mapped to the mailboxes.
It’s no problem to have the same usernames in AD and OpenLDAP user domains.
“Error connecting to NS8: NS8 cannot connect to the NS7 LDAP service. Ensure that LDAP ports (e.g. 389, 636 of slapd service) are open and accessible from the green zone.”
Usually port 636 should be open to the LAN (green role)
My slapd service only had TCP port 389. I started with Nethserver a long time ago and upgraded along the way. Maybe early versions didn’t include TCP port 636 for slapd?
I looked at the link you provided but it’s not clear to me what I need to do but I’ll try a few things this morning. My slapd edit box looks like below:
It seems stage 1 has worked for me. We’ll see tomorrow when we return to work, but for now I can send and receive email from Webtop so it looks to be working correctly.
I’m going to make sure things are fine for a while before I look to changing the account provider.
