Why not Samba4/AD on NethServer?


(Sergi) #1

I am also looking for a replacement of my Zentyal deployment and unfortunately the ability to work with AD/GPO is something missing in NethServer, as a lot of people have windows computers in their networks. To upgrade to Samba4 would be great.
Apart from that, it looks very promising and it’s a great product. Keep up the good work! :smile:


Samba 4 on NethServer
Moving (?) from Zentyal to nethserver
Samba 4 on NethServer
Missing Samba domain policies
Experimental integration for Docker
(Alessio Fattorini) #2

Ehi, do you already know this feature?
http://docs.nethserver.org/en/v6.6/samba.html?highlight=active%20directory


(Sergi) #3

Yes, but what I am really looking for (and probably other members too) is a native replacement of an AD directory. As far as I understood in that article, you will need an AD server apart from Nethserver to do the authentication.
In Zentyal that is supported and you can also manage GPOs with RSAT; it would be amazing if we could do that with Nethserver too.


(Michele Bortolotto) #4

if you want an AD like domain controller you must have samba4 , if you have samba4 you can not have openldap and again if you don’t have openldap you can not have all the feature that nethserver now can provide to you…so the question is : want you an AD replacement only or a multi-featured server?


(Jesse) #5

forgive my ignorance, but what features currently depend on openldap, that wouldn’t be available in a samba4-based build?


(Michele Bortolotto) #6

samba4 have an internal ldap backend that is not compliant to openldap

https://wiki.samba.org/index.php/FAQ#LDAP_backend


(Michele Bortolotto) #7

p.s. and therefore with the rest of the world outside samba4


(Jesse) #8

yesir, I knew it has it’s own built-in ldap, which is why I was curious which of Nethserver’s feature’s are dependant on openldap, that would not work with samba4’s built-in ldap. Or in other words, what features/modules would no longer work or be available by using samba4’s ldap vs. openldap :relieved:


(Michele Bortolotto) #9

take a look by yourself

 ldapsearch -Y EXTERNAL

the short answer is " all "


(Davide Principi) #10

To run as AD, Samba4 wants to provide some network services in a way compatible with MS (ldap, kerberos, dns, ntp…). So it’s hard to deploy this bundle of services inside the “all-in-one” distro without breaking something else. When we started to see Samba4 one solution was rewriting almost everything!

I’d like decoupling the services from OpenLDAP in the future. I’m thinking about dovecot, postfix, ejabberd and whichever service can work on top of sssd. I don’t know if it is viable, but it could simplify the integration of NethServer with other solutions.


(Jesse) #11

Understood. Btw thanks for the swift replies @AbsyntH and @davidep ! If this were the zentyal forum, I may have gotten an answer by mid-July :blush:


(Vhinz Sanchez) #12

If this were the zentyal forum, I may have gotten an answer by mid-July blush

Actually, Zentyal forum “was” lively (But I must admit that I they have helped me more times than I can count. ) until their decision to focus mainly as SBS replacement became unpopular with a lot of users. Even one of their support guys parted ways with them citing that they have different views.

I have just visited the site just now and it seems that there are still a lot of people there, good for them…but I heard a lot have jumped ship (I was not active since I left my prev. job about 18 months ago but has, for minimal time, logged in to view what happened).


(Kristian Malvander) #13

Both :smile:

The reason behind this is that businesses usually already have invested in windows therefore it’s easier if you start the transition from the server side and can replace anything keeping the clients as they are. I would say as long the clients still are mostly windows based it makes sense otherwise no. What are you thoughts on that?


(Jose "Martin" Abeleira. AKA Marto) #14

You can have clients with windows, and your domain controller with samba,
same replacing your exchange for nethserver as your email server.


(Stefano) #15

you’re absolutely right

I use SME since 2004 in this role and if you’re using XP clients joined to samba domain you can also distribute policies (M$ changed things since Vista)

if you have 10/15 clients, NS is enough and you don’t need AD…

there are tools (OO.SS) to deploy applications on clients

if you (generally speaking) are a skilled sysadm, in such a small environment you can automate many things

All IMHO


(Yan Sivitskiy) #16

Of course. AD makes sense to expand at more than 25 members. Otherwise, just do not make sense.


(Thorsten) #17

Hi Jesse and Sergi - and everybody else,

same 4 me - I am leaving Zentyal, as I find Samba4 pretty cool, but I do not like to pay the price of loosing all the cool modules. Sometime I think Zentyal hired managers from Nokia: Nokia lost customers while focussing on essential core competences like providing perfect mobile phones - nothing else - not even smart phone features :smile: Zentyal is focussiong on beeing an MS-Exchange replacement - nothing else. By the way, I keep asking myselv why MS itself is a sponsor of Zentyal … this puts me to two conclusions

1.) Seems they are running into the same trap as Nokia.
2.) MS sponsers Zentyal to make them faster running into this trap - why should the sponser a competitive product???
3.) If I want MS-Exchange, I will by MS-Exchange

So I still hope, Nethserver will incorporate Samba4 while maintaining all the cool featured modules at the choice of the user. It will take me some to try out everything. Has anybode already made some experiences on Zentyal 2 Nethserver Migration?

Thank you in advance
Thorsten


(Alessio Fattorini) #18

Ehi @thorsten welcome, we have a lot refugees here, take a look to this loooong thread :smile:

or search zentyal:
http://community.nethserver.org/search?q=zentyal