Salut Stéphane
See this:
This is a client of mine in Switzerland, running NethServer on Proxmox - like you plan to…
In ZH (Zurich) There are 35 Users, in GE (Genève) 10 Users and in (LU) Lugano another 3 users…
All sites are interconnected with VPNs, all Backups are at all three sites. (Offste Backups always at two other sites).
The interesting part:
There is only one site with a Proxmox and NethServer: ZH. GE and LU only have a local NAS, but the Users and their PCs are registered in NethServers AD.
Even if the VPN to Zurich is down, all users at the other sites can still login - even if the AD is temporarily not available… (Using cached Authentification, a standard part of MS).
Note: We do not use roving profiles in Windows… (Too slow over WAN…)
If we’re not talking about 50 users, place the AD where you want. If you have a lot of users, place the AD where the most users are!
I think this should answer your basic questions - and shows that NethServer CAN support 50-60 Users partly over WAN!
Note: To make use of the AD as LDAP authentification, you will need to make sure your AD uses valid LE SSL certs.
Copy procedure needed with renew “hook”, as per here:
Search for this: “The next step will make sure that java and other more strict apps can connect to the AD and use it”…
This is especially valid for Java, and some PHP Apps…
My 2 cents
Andy
PS: AD should NOT be open to the full Internet! You can, if needed, open it up to another server with static IP (Use firewall / Trusted networks!), but best is only internal and VPN access…