I would want to know what is your choice related to the account provider when your server is not in your company/home but online with a proxmox instance by example.
this topic interests me because I hesitated for openldap first, it is easier to install, but I went to samba4, even if it is a bit harder to set up due to the samba container
what is your account provider when your server is online
The question is not clear to me. If you are asking preference; AD. Reason being it is a lot easier to integrate it with just about anything else and I already know it.
Not yet.
I am not generally against ACLs and at home/company AD would be the better choice. But on a cloud server youâll just need a directory service for the apps but no samba IMO.
I would probably agree after trying openldap. But since I was trained in m$, and then worked for over 10 years as mcp/mcse, I know what to do where by head ⊠not so much with openldap.
I found it easier to emulate ad on Linux then adapt fully to openldap ⊠habits me thinks âŠ
To answer the question again @stephdl ; if you anticipate integrating a couple of web services then I would probably opt for ad. If everything you need is on nethserver and integrated into openldap, kis.
I would like to offer some flowers, you seems to be a great sysadmin with a lot of knowledgeâŠIâm sincere
I donât know if I have the same knowledge, Iâm sure not, and to be true, I needed to think 5 minutes to find how to install in proxmox (based in a datacenter) a NS7 with a samba4AD. For my point of view, there is something not easy to understand, or badly documented.
And if something seems to be not easy , for me, it is a barrier for others. Hence my question to know what is your account provider when the server is in a datacenter.
I am by no means worthy of that praise, Iâm sure.
I have the data center local, I do not fully understand what issues you run into. In my case, after creating the virtual machine in Proxmox and connecting the nethserver ISO, it is as much as clicking âconsoleâ in the top left and doing my thing as if it is mounted under the desk.
Providers enabling your access to Proxmox might have made things harder âŠ
not difficult, but you need to put your samba container in a green interface, so I need to create a dummy0 interface bridged on my green NIC. It is only networking thought. the server is a soyoustart in a remote datacenter.
I donât have a datacenter at home, even if my friends think it when they come to eat here
What are you trying to do, and is there no firewall between that vmbr0 and the web?
Internet servers get a service per server, a green link and good firewall rules over here. But if you do not have that firewall at your disposal, this makes sense if there is something really sensitive on dummy0, given that Nethserver has its own firewall.
This drawing makes it look like the Nethserver will be directly connected to internet, and then this makes a lot of sense.
NO firewall, probably another charged option at ovh, proxmox can do the firewall for your VM, but you must open it, one by one. Hence the idea to use the firewall of NS.
I think we should start a topic in the wiki on the networking with NS, with concrete use cases, at home, at company, with different virtualisation solution (proxmox, kvm, vmware) and of course with some screenshots
Just for comparison, SME Server is much simpler to install, during the console setting, you can bridge the green interface to the dummy NIC
Looking at the votes, I have to say again, that I would recommend LDAP here if you donât need samba/windows shares with their ACLs for client devices.
I came from the M$ world and I also like samba AD because I am used to it but in this case I prefer openldap because:
You shouldnât install services not needed because of ressource and security reasons.
Good idea. I also use NS firewall instead of provider one on my VPS just because I donât want to do firewall settings twice. It would destroy the advantage of the easy smooth NS firewall configuration where services open their ports automatically. But I just use one interface because I do not need an internal network and with just LDAP I do not need a bridge. I have nextcloud, ntop, omd/nagios, roundcube, sogo, webtop and for sure your repo with delegation, fail2ban and yum-cron running. In the end it depends on what you want to do/provide with your VPS but I donât see an advantage of samba here.
Fully agree. There are some howtos available (all virt environment installations, even Hyper-V) already but lacking networking scenarios.
I think we have many scenarios in this forum, so maybe just do some research and put content from forum to wiki.
In NS you can do it in web UI on âNetworkâ page. And a bridge is autocreated when installing samba dc⊠Donât have SME running anymore and honestly I donât remember SME bridging config so I canât check.
This. So much this. Next thing is not combining services you do need on one machine.
(Iâm creating a Howto for smb to s/me, for using all open-source products to get ISO 27001 and 9001 compliant. It will be a wip, as our ISO readiness is not there yet, but I feel confident in putting my eggs in this basket and delivering better quality then I would have been able with twice the cash and commercial proprietary stuff.
In the end it all depends what services you intend to run and for whom.
If you have a local Samba4AD and you want an SSO for a mailserver in a datacenter it still makes sense to use Samba4AD in the datacenter.
If it is just for general use and an independent service, it makes sense to use OpenLDAP as accountprovider in a DC.
Here it really would make sense. But if your local internet connection gets down, your datacenter server will be lost without user database, so I recommend a local WAN backup in this case.
But thinking over it again: Isnât it a bad idea to put a server in a datacenter and then needing a local WAN backup for the datacenter server to work? Sorry, just thinking loudly.
I can imagine having samba AD in datacenter and clients all over the world can use it to authenticate and have their shares via openvpn/ipsec but itâs hard to rely on internet for login to a client. Would be nice to have local replicating samba DC servers and the main DC in datacenter, but I am just dreaming.