What is your Account provider when your server is in a datacenter


(Stéphane de Labrusse) #1

I would want to know what is your choice related to the account provider when your server is not in your company/home but online with a proxmox instance by example.

this topic interests me because I hesitated for openldap first, it is easier to install, but I went to samba4, even if it is a bit harder to set up due to the samba container

what is your account provider when your server is online

  • OpenLDAP
  • Samba4AD

0 voters


(Jeroen Visser) #2

The question is not clear to me. If you are asking preference; AD. Reason being it is a lot easier to integrate it with just about anything else and I already know it.


(Markus Neuberger) #3

I prefer LDAP for cloud hosted virtual private servers because there I don’t need the samba features like shares or ACLs.


(Jeroen Visser) #4

No kids yet? :stuck_out_tongue:


(Stéphane de Labrusse) #5

I tried to formulate again my issue


(Markus Neuberger) #6

Not yet. :slight_smile:
I am not generally against ACLs and at home/company AD would be the better choice. But on a cloud server you’ll just need a directory service for the apps but no samba IMO.


(Jeroen Visser) #7

I would probably agree after trying openldap. But since I was trained in m$, and then worked for over 10 years as mcp/mcse, I know what to do where by head … not so much with openldap.

I found it easier to emulate ad on Linux then adapt fully to openldap … habits me thinks …

To answer the question again @stephdl ; if you anticipate integrating a couple of web services then I would probably opt for ad. If everything you need is on nethserver and integrated into openldap, kis.


(Stéphane de Labrusse) #8

I know :), I even have my idea on the question, but I must wait the end of the poll.

Install a samba4 ad in a proxmox online is not so hard, but it needs some knowledge


(Jeroen Visser) #9

Maybe I still do not fully understand, as I can just use SPICE to get tty access if needed, and get vpn access otherwise and act as if it is local.


(Alex Ivashenkov) #10

I would agree with Mr. Markuz


(Stéphane de Labrusse) #11

I would like to offer some flowers, you seems to be a great sysadmin with a lot of knowledge…I’m sincere :slight_smile:
I don’t know if I have the same knowledge, I’m sure not, and to be true, I needed to think 5 minutes to find how to install in proxmox (based in a datacenter) a NS7 with a samba4AD. For my point of view, there is something not easy to understand, or badly documented.

And if something seems to be not easy , for me, it is a barrier for others. Hence my question to know what is your account provider when the server is in a datacenter.


(Jeroen Visser) #12

I am by no means worthy of that praise, I’m sure.

I have the data center local, I do not fully understand what issues you run into. In my case, after creating the virtual machine in Proxmox and connecting the nethserver ISO, it is as much as clicking ‘console’ in the top left and doing my thing as if it is mounted under the desk.

Providers enabling your access to Proxmox might have made things harder …


(Stéphane de Labrusse) #13

not difficult, but you need to put your samba container in a green interface, so I need to create a dummy0 interface bridged on my green NIC. It is only networking thought. the server is a soyoustart in a remote datacenter.

I don’t have a datacenter at home, even if my friends think it when they come to eat here :slight_smile:

this is a schema of my mind

I don’t know, maybe there is other much simpler ways :’(


(Jeroen Visser) #14

What are you trying to do, and is there no firewall between that vmbr0 and the web?

Internet servers get a service per server, a green link and good firewall rules over here. But if you do not have that firewall at your disposal, this makes sense if there is something really sensitive on dummy0, given that Nethserver has its own firewall.

This drawing makes it look like the Nethserver will be directly connected to internet, and then this makes a lot of sense.


(Stéphane de Labrusse) #15

NO firewall, probably another charged option at ovh, proxmox can do the firewall for your VM, but you must open it, one by one. Hence the idea to use the firewall of NS.

I think we should start a topic in the wiki on the networking with NS, with concrete use cases, at home, at company, with different virtualisation solution (proxmox, kvm, vmware) and of course with some screenshots

Just for comparison, SME Server is much simpler to install, during the console setting, you can bridge the green interface to the dummy NIC


(Stéphane de Labrusse) #16

yep 22€80 more per month :slight_smile:

https://www.soyoustart.com/fr/firewall-cisco-asa.xml


(Markus Neuberger) #17

Looking at the votes, I have to say again, that I would recommend LDAP here if you don’t need samba/windows shares with their ACLs for client devices.
I came from the M$ world and I also like samba AD because I am used to it but in this case I prefer openldap because:
You shouldn’t install services not needed because of ressource and security reasons.

Good idea. I also use NS firewall instead of provider one on my VPS just because I don’t want to do firewall settings twice. It would destroy the advantage of the easy smooth NS firewall configuration where services open their ports automatically. But I just use one interface because I do not need an internal network and with just LDAP I do not need a bridge. I have nextcloud, ntop, omd/nagios, roundcube, sogo, webtop and for sure your repo with delegation, fail2ban and yum-cron running. In the end it depends on what you want to do/provide with your VPS but I don’t see an advantage of samba here.

Fully agree. There are some howtos available (all virt environment installations, even Hyper-V) already but lacking networking scenarios.

https://wiki.nethserver.org/doku.php?id=user_guides

I think we have many scenarios in this forum, so maybe just do some research and put content from forum to wiki.

In NS you can do it in web UI on “Network” page. And a bridge is autocreated when installing samba dc… Don’t have SME running anymore and honestly I don’t remember SME bridging config so I can’t check.


(Jeroen Visser) #18

This. So much this. Next thing is not combining services you do need on one machine.

(I’m creating a Howto for smb to s/me, for using all open-source products to get ISO 27001 and 9001 compliant. It will be a wip, as our ISO readiness is not there yet, but I feel confident in putting my eggs in this basket and delivering better quality then I would have been able with twice the cash and commercial proprietary stuff.


(Rob Bosch) #19

In the end it all depends what services you intend to run and for whom.
If you have a local Samba4AD and you want an SSO for a mailserver in a datacenter it still makes sense to use Samba4AD in the datacenter.
If it is just for general use and an independent service, it makes sense to use OpenLDAP as accountprovider in a DC.


(Markus Neuberger) #20

Here it really would make sense. But if your local internet connection gets down, your datacenter server will be lost without user database, so I recommend a local WAN backup in this case.
But thinking over it again: Isn’t it a bad idea to put a server in a datacenter and then needing a local WAN backup for the datacenter server to work? Sorry, just thinking loudly.

I can imagine having samba AD in datacenter and clients all over the world can use it to authenticate and have their shares via openvpn/ipsec but it’s hard to rely on internet for login to a client. Would be nice to have local replicating samba DC servers and the main DC in datacenter, but I am just dreaming.