I would probably agree after trying openldap. But since I was trained in m$, and then worked for over 10 years as mcp/mcse, I know what to do where by head … not so much with openldap.
I found it easier to emulate ad on Linux then adapt fully to openldap … habits me thinks …
To answer the question again @stephdl ; if you anticipate integrating a couple of web services then I would probably opt for ad. If everything you need is on nethserver and integrated into openldap, kis.
I would like to offer some flowers, you seems to be a great sysadmin with a lot of knowledge…I’m sincere
I don’t know if I have the same knowledge, I’m sure not, and to be true, I needed to think 5 minutes to find how to install in proxmox (based in a datacenter) a NS7 with a samba4AD. For my point of view, there is something not easy to understand, or badly documented.
And if something seems to be not easy , for me, it is a barrier for others. Hence my question to know what is your account provider when the server is in a datacenter.
I have the data center local, I do not fully understand what issues you run into. In my case, after creating the virtual machine in Proxmox and connecting the nethserver ISO, it is as much as clicking ‘console’ in the top left and doing my thing as if it is mounted under the desk.
Providers enabling your access to Proxmox might have made things harder …
not difficult, but you need to put your samba container in a green interface, so I need to create a dummy0 interface bridged on my green NIC. It is only networking thought. the server is a soyoustart in a remote datacenter.
I don’t have a datacenter at home, even if my friends think it when they come to eat here
What are you trying to do, and is there no firewall between that vmbr0 and the web?
Internet servers get a service per server, a green link and good firewall rules over here. But if you do not have that firewall at your disposal, this makes sense if there is something really sensitive on dummy0, given that Nethserver has its own firewall.
This drawing makes it look like the Nethserver will be directly connected to internet, and then this makes a lot of sense.
NO firewall, probably another charged option at ovh, proxmox can do the firewall for your VM, but you must open it, one by one. Hence the idea to use the firewall of NS.
I think we should start a topic in the wiki on the networking with NS, with concrete use cases, at home, at company, with different virtualisation solution (proxmox, kvm, vmware) and of course with some screenshots
Just for comparison, SME Server is much simpler to install, during the console setting, you can bridge the green interface to the dummy NIC
Looking at the votes, I have to say again, that I would recommend LDAP here if you don’t need samba/windows shares with their ACLs for client devices.
I came from the M$ world and I also like samba AD because I am used to it but in this case I prefer openldap because:
You shouldn’t install services not needed because of ressource and security reasons.
Good idea. I also use NS firewall instead of provider one on my VPS just because I don’t want to do firewall settings twice. It would destroy the advantage of the easy smooth NS firewall configuration where services open their ports automatically. But I just use one interface because I do not need an internal network and with just LDAP I do not need a bridge. I have nextcloud, ntop, omd/nagios, roundcube, sogo, webtop and for sure your repo with delegation, fail2ban and yum-cron running. In the end it depends on what you want to do/provide with your VPS but I don’t see an advantage of samba here.
Fully agree. There are some howtos available (all virt environment installations, even Hyper-V) already but lacking networking scenarios.
I think we have many scenarios in this forum, so maybe just do some research and put content from forum to wiki.
In NS you can do it in web UI on “Network” page. And a bridge is autocreated when installing samba dc… Don’t have SME running anymore and honestly I don’t remember SME bridging config so I can’t check.
This. So much this. Next thing is not combining services you do need on one machine.
(I’m creating a Howto for smb to s/me, for using all open-source products to get ISO 27001 and 9001 compliant. It will be a wip, as our ISO readiness is not there yet, but I feel confident in putting my eggs in this basket and delivering better quality then I would have been able with twice the cash and commercial proprietary stuff.
In the end it all depends what services you intend to run and for whom.
If you have a local Samba4AD and you want an SSO for a mailserver in a datacenter it still makes sense to use Samba4AD in the datacenter.
If it is just for general use and an independent service, it makes sense to use OpenLDAP as accountprovider in a DC.
Here it really would make sense. But if your local internet connection gets down, your datacenter server will be lost without user database, so I recommend a local WAN backup in this case.
But thinking over it again: Isn’t it a bad idea to put a server in a datacenter and then needing a local WAN backup for the datacenter server to work? Sorry, just thinking loudly.
I can imagine having samba AD in datacenter and clients all over the world can use it to authenticate and have their shares via openvpn/ipsec but it’s hard to rely on internet for login to a client. Would be nice to have local replicating samba DC servers and the main DC in datacenter, but I am just dreaming.