Shared folders with external LDAP

Support
1

Hi,
just a short question: is it possible to create shared foldes while NS8 is using an external LDAP-provider?

2

No, shared folders are integrated with a samba domain controller. Remote AD provider cannot work for them.

3

Mhm the NS8 docu states, you can add interal-ad replicas on nodes… So if i place a replica on each node, each node is able to authenticate users even when the connection to the others nodes goes down, right?
This would solve my whole problem, which was created in NS7 with flingy internet between the nethserver instances. If the internet was down, server 2 couldn´t reach server 1 for AD authenticication. So with NS8 and the option to add AD replicas to each node, it should be solved, right?

4

Notably:

A problem you created (Not NS7 created!) by using such an unstable model (and unstable Internet) for connections to your AD.

Most of my Internet connections are extremly stable, running more than 99.9% / year (With Zabbix stats to prove that fact!

A 100 user AD at one site, and all in all, at 3 sites, 100 users!
Data replicated on three sites (Offsite backup three way!).
Only a single AD at the main site. No issues with AD for over 5 years!
→ But I did test the Internet at all sites (3 Months test period!) before putting this in place!

Put blame where blame is due!

My 2 cents
Andy

1 Like
5

Mhm, simple docker container with samba could still authenticate users while the internet was down while NS7 was completly helpless. Having a docker container with a samba-ad-dc on the nethserver host as an relay between two NS7 hosts, one serving the ad-dc and the other beeing a satellite file-server, solved the issue…

NS7 just not beeing able to cache replicate ad-users while not connected to the pdc isn´t something NS7 is to blame for? I don´t think i can agree on your point here…

But with the new design of NS8 and the option to add ad-dc-replicas to nodes, this flaw was eliminated…

6

NS7 was NEVER intended as an AD client for another NethServers AD. It can be a client, yes, but not an AD DC. A SME company usually does not require several AD DCs… :slight_smile:
And Multisite / Multitennant was never a criteria. Yes, it could be done, and worked usually well, if implemented correctly, but was never a criteria! Not quite the same as an advertised feature!

AFAIK, in any case. I may be wrong.

My 2 cents
Andy

1 Like