NS8 as File Server with external LDAP

LoTex · February 16, 2024, 5:15pm

Dear,

is this correct that it is not possible to use Nethserver 8 as file server who doesnt handle the domain by itself?

I have joined ns8 with my domain but i wasnt able to creat share folders. Only after i create an internal new domain i was able to do it. But the problem was i cant use the users or groups out of the external LDAP.

I do it wrong or is this feature are not implemented?

many thanks

regards

thomas

fausp · February 17, 2024, 8:14am

I can confirm your steps and I would also need this feature - NS8-Fileserver with external AD / LDAP.

oneitonitram · February 17, 2024, 11:14am

and how does the file server work geenrally on local AD at the moment?

LoTex · February 18, 2024, 8:30pm

havnt tested the internal fs further yet. Because in my environment with an already existing DC it makes not real sense to implement it.

This is an feature which i already use with NS7 and it works fine.

Is this on the roadmap of NS8?

davidep · February 18, 2024, 8:43pm

The same question about a standalone Samba File server module was already answered here, and as you can read in the last release announcement it is not planned for the next round.

See:

LoTex · February 18, 2024, 8:47pm

thank you for response.
So i will wait until it is finish.

best regards and thank you again

fausp · April 1, 2024, 9:58am

Are there any news on implementing the Fileserver-Service on NS8 with external LDAP?

I would need this feature for a few customers… They have to use a Windows Domain Controller and I dont want do setup an additional (Windows)-Server as a Fileserver…

Any news or time horizon abt that?

LoTex · July 15, 2025, 9:09am

dear,

the external ldap is now available in NS 8.5.
I tried it already. I joined it to zentyal 8 and it works well.
my only issue where i am stucking right now is to change the fileserver path from default to my own needed path? any idea

mrmarkuz · July 15, 2025, 9:39am

What exactly do you want to achieve? There are some options.

You could mount the shares volume to another location, see for example NS8 Add storage path setting like in minio to other apps - #10 by davidep

You could put the complete samba app to a new disk, see Disk usage — NS8 documentation

LoTex · July 15, 2025, 12:01pm

Dear,

thank you for response. i did not want to install the complete module on different device. i try to follow the first suggestion with success.

My only difference was that i had already create an share. so i was not able to step between like suggested. i had to delete the actual samba-dc container. and i need to see if the shares is defined in in podman with volume ls. if there is no share anymore i was able to create a new one. after that i created a new bind mount with podman to my referred and mounted device. This device should belongs to samba1:samba1 with permission 700. than i checked afterwards if the new location is written in podman under section shares. than i enabled enable-linger samba1 and restart the agent of samba1. after all this it behaves like i wish to. a new created share folder is written directly into my mounted storage. here are the steps:

mkdir -p /srv/files
chown samba1:samba1 /srv/files
chmod 700 /srv/files

list containers
runuser -l samba1 -c ‘podman ps -a --format “{{.ID}} {{.Names}}”’

samba-dc stop
runuser -l samba1 -c ‘podman stop samba-dc’

delete samba-dc
runuser -l samba1 -c ‘podman rm -f samba-dc’

check if samba share is with old settings remaining
runuser -l samba1 -c ‘podman volume ls --format “{{.Name}}”’

if shares is present then delete it
runuser -l samba1 -c ‘podman volume rm shares’
rm -rf /home/samba1/.local/share/containers/storage/volumes/shares

then connect the new volume with bind
runuser -l samba1 -c ‘podman volume create --opt device=/srv/files --opt type=bind shares’

check if it does so
runuser -l samba1 -c ‘podman volume inspect shares’

do it persistant
loginctl enable-linger samba1

then i had the sate that samba-dc is not active. i restarted it and it works fine at me
runagent -m samba1 systemctl --user restart samba-dc

This was my steps that i did with success. Please lets discuss if there is anything which is maybe not good solved or if it could bring new problems afterwards which i do not expected. thank you ver much

regards

mrmarkuz · July 15, 2025, 12:13pm

The steps look ok to me.
If /srv/files is on another disk, you may need to adapt /etc/fstab to mount the disk at boot.
If it’s not on another disk, what’s the advantage of mounting the shares to another location?

LoTex · July 15, 2025, 12:45pm

yes you are right. i forgot to write that i add it to fstab to do it persistant with boot.
this i did before.

short question about permissions.the nethserver 8 has limited possibility to handle with permission. i can only set owner permission with rwx settings. but not any additional groups or users like in ns 7. is this on roadmap or it is remaining like this?

mrmarkuz · July 15, 2025, 1:05pm

Yes, it’s on the roadmap, see Shared folder fine-grained ACL reset · Issue #7437 · NethServer/dev · GitHub

Permissions could be set manually from a Windows client or using smbcacls in the samba-dc container.

Enter container:

runagent -m samba1 podman exec -ti samba-dc bash

Check ACLs:

smbcacls //dc1/testshare / -U administrator