NethServer Version: 7.9.2009
Module: AD / LDAP
I’m a newbie on NS7 (but an older SME user).
I’m aware NS7 has a conteiner to SAMBA4/AD but I’ll install on a very small company (5-8 Win10/11 machines) and have no experience on AD and RSAT.
So I’d like to ask if it worth to use AD and what I’ll loose keeping on LDAP (besides GPO!)
I’m not sure if GPO are so wonderful or if I’ll have no problems with SAMBA4/AD/GPO.
Any thoughts ?
Regards,
Jáder
Hi @jader
With LDAP you only have the option of public shares in Windows, not Group-based Shares like is possible with AD.
Not worth using LDAP…
My 2 cents
Andy
Currently the company already have AD?
No, it’s a fresh new install. Today they have no server and use Mega to store documents!
I’ll use PROXMOX to virtualize NS7, a CT withPBS and have backups on SATA disk (internal) and external disk/PBS provider .
I cannot have groups and users owner of shares like in SME ?
They just have 4 groups (directory, financial, operational, human resources) so not a big problem map them by netlogon script.
Consider this: unless specific procedures for migrating configuration and data, every windows client need to be reconfigured from scratch (profile) if migrated into a domain.
Biggest downside ever of using LDAP instead of AD: granularity of share permission is significantly lower.
https://docs.nethserver.org/en/v7/shared_folder.html
Hello Jader
mostly it is better to use AD with Windows 7 to 11 Clients. But you need Windows xx professional or more.
Things like singel sign on and ACL are working mutch better with a AD.
With non Windows Clients OpenLDAP is better.
I don’t agree with @Axel.
In my opinion key point is SAMBA/Shared folders.
If granular permissions for access shares is requested, AD is a must have. Full integration can be accomplished only with Professional versions of windows (GPO, centralized management, more AD tools) but a lot of viable options can be achieved on “non pro versions” with Credential Manager, still available in Windows 11.
However, IMVHO a key feature for prefer always and ever Professional version of Windows is the capability to become RDP Server for a single user. Combined with WOL and scripting can allow remote admin to connect easliy to the resident computer the “at home/vacation/isolation/abroad/whatever” user with almost any kind of computer OS (yet to try ChromeOS…)
Yes, I agree the PRO version of Windows is a MUST HAVE. I’ve using it for +10 years. RDP server and join to domain was the reasons.
About granular permission on shared folders, I’m used to SME9 so not a problem. Maybe now I lear more about the new permissions on Windows… but I never miss it.
(I allway used permissions, so user is a user, never a admin on his own computer)
About roaming profiles, I’m not sure I’m happy with them.
I used to install all program using SILENT installers (WPKG) and all user data is on server (never on desktop ou computer folders), so a complete reinstall would only requires restore of bookmark and e-mail contacts (if using client = mine is Thunderbird).
I hate SME9 LP printing system (Yes, I know CUPS is available!) and how difficult is to install printer drivers. I plan to study a completly new way to do it (maybe using PS printers and a generic PS driver).
I took some time till find out a way to update wallpaper , but now it’s working.
But I’ll try it on small scale on this client and see what are the benefits.
I’ll close the thread as SOLVED: AD is the way to go. CONGRATULATIONS to everyone who help me to decide!