NS8: Random musings

Clean minimal Rocky install.

So I add a user. Not sure what I can do with him as he can’t log on at a terminal. He can’t log on to the web page, even after I promote him to a Domain Admin.

Going back to a terminal, root can no longer log on to administer the OS. *** Update *** Ignore this, stupid operator error.

Create a Samba share. Go over to my Windows, and yes, it can be seen:


Try and connect to it. Ooops:


Finished playing around, so let’s shut down the VM. Oh dear, there’s no shutdown to be found on the Admin web pages and I can’t log in via a terminal any more.

Cheers, (with my tongue firmly in my cheek),

1 Like

Users are available only for NS8 modules, they do not have access to the underlying system: so no SSH access.

That’s strange, it should not be related: NS8 does not change PAM nor SSH configuration.

I will try to reproduce.
How did you enter the credentials? If the Windows machine is not joined to the AD, I think you should enter the full credentials with the domain.
Maybe @davidep has already did some tests on this.

NS8 is not meant to manage the distro. You could install Cockpit to access such operations from a web UI.

1 Like

Understood. But what’s the Domain Admins group. It doesn’t control who has access to the web UI, that’s via Cluster Settings.

Nope, that was my bad.

I tried again today, but this time with the domain qualified name, still no go.



Hi @EddieA

A “Domain Admins” Group is a requirement of MS Active Directory, in NS7 required if you need authenticated shares…

My 2 cents

The users are available only to applications like:

  • file server
  • nextcloud
  • mail server
  • etc.

I will need to check it again: card added

After rebuilding the Cluster (and breaking the Mail install again), I tried the FileShare again.

This time it worked, but only with the unqualified user name. The qualified one kept reporting an incorrect password.

And only with the IP address, even though the FQDN is resolvable correctly on the Windows machine.


Sorry but I do not get.
I will try with an example, correct me if wrong.

Machine hostname: server.nethserver.org
AD domain/Realm: ad.nethserver.org
User for shares: giacomo@ad.nethserver.org

This one should work.

Does the Windows machine uses the AD as DNS? It also need to resolve some extra DNS records.

Using your examples:
Throws this without asking for password:
In a Windows command window (obviously using “my” hostname)"

C:\Users\Eddie>ping server.nethserver.org

Pinging server.nethserver.org [] with 32 bytes of data:
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64

Next, using this:
I get the correct password prompt.
At that prompt, if I use:
I get a message saying the password is wrong. But using:
Worked correctly and presented the shared folder.


Noted, thank you for the great details!

Except now using Markus’s new Rocky image I’m getting slightly different results. :worried:

I can now connect to the share by both name and IP.