Did you ever try NethServer ?

alefattorini

I'm sorry for that guys, where are you running NethServer? VPS?

@scottalanmiller said in Did you ever try NethServer ?:

What's the reason for the green interface requirement? This seems like an unnecessary complication, there should never be any interface except the green interface on a server. What assumption is being made here?

Here we tried to answer all the questions about samba container.
http://community.nethserver.org/t/i-still-dont-get-why-samba-has-to-be-run-in-a-container/4878
Suggestions are welcome!

scottalanmiller

@alefattorini said in Did you ever try NethServer ?:

I'm sorry for that guys, where are you running NethServer? VPS?

@scottalanmiller said in Did you ever try NethServer ?:

What's the reason for the green interface requirement? This seems like an unnecessary complication, there should never be any interface except the green interface on a server. What assumption is being made here?

Here we tried to answer all the questions about samba container.
http://community.nethserver.org/t/i-still-dont-get-why-samba-has-to-be-run-in-a-container/4878
Suggestions are welcome!

Ah, I see, the bridge is to support the container? Then that makes sense, but my "you need to automate that" part still remains. Maybe notify the user in a "just so you know" way, but don't make them be involved. Your target audience is scared of Linux and doesn't know what a bridge is.

scottalanmiller

Quote from the above link:

The default file server in Samba 4.0 is our smbd file server from Samba
3.x, simply updated with the latest work from that line of
development.

No matter if you are running an AD DC, or a file server as a member
server, we use the same code for file server operations. However, some
support infrastructure varies between the operating modes, and some
options are forced on in the AD DC, so as to emulate NT ACLs in the way
we must for the SYSVOL share. We also use a different winbind
implementation.

For smaller sites, where there is just one server, using the AD DC as
the file server is perfectly fine and supported. It will work well.

For other (generally larger) sites, the knowledge that the file server
and DC can be configured, upgraded and replicated independently will be
far more important, and so follow our advise to separate these roles.
Andrew Bartlett

alefattorini

@scottalanmiller said in Did you ever try NethServer ?:

Your target audience is scared of Linux and doesn't know what a bridge is.

Good point, thanks for that. We're working on getting rid of it and adding a free IP checker for container

scottalanmiller

@triple9 said in Did you ever try NethServer ?:

@alefattorini what's more funny, I could update system, and perform other tasks. But AD DC installation was stuck at nearly 50% and would not move from that point

Is this where you got stuck?

scottalanmiller

@alefattorini said in Did you ever try NethServer ?:

@scottalanmiller said in Did you ever try NethServer ?:

Your target audience is scared of Linux and doesn't know what a bridge is.

Good point, thanks for that. We're working on getting rid of it and adding a free IP checker for container

Knowing that this is a container, I now believe that I know why two of us have gotten stuck and where the GUI is wrong. Look at this...

Nowhere am I told about the container or get any explanation. So as a well versed IT pro, I'm not given the info needed to figure out what is wrong. That's fine. This isn't meant for me. BUT, let's look at it from the directions point of view...

1. IP must be in the range of the green network. Check, it is.
2. Green Network must be a bridge. You force me there, so that's definitely done correctly. Check.
3. The IP address must not be used by any OTHER machine. Check. Followed the directions perfectly. I supplied the IP address of THIS machine, definitely not used by any OTHER machine. 192.168.88.228 is the IP address of the machine I am working on, the only IP address that I have for this machine. But wait, had I known that this was a container and was getting its own IP address, I instantly knew that this was wrong. But without being told that we were virtualizing this workload, and with the instructions telling me to obviously pick this IP address (otherwise it would say ANY machine not OTHER machine) and since the IP Address field is populated only with an asterisk.... this is where we end up.

That wording needs to be fixed. I think that those instructions are leading directly to a problem as they are incorrect.

alefattorini

@scottalanmiller said in Did you ever try NethServer ?:

That wording needs to be fixed.

I guess you're right, so you have filled out this field with the IP address of the machine you're working on.
Sorry for that, sometimes a different perspective is very useful

alefattorini

Recently we came to the same conclusion, we need to improve and automatize that panel. Thanks for pointing it out

alefattorini

@scottalanmiller What would you write on that page? And which choices should be avoided for you?

scottalanmiller

@alefattorini said in Did you ever try NethServer ?:

@scottalanmiller said in Did you ever try NethServer ?:

That wording needs to be fixed.

I guess you're right, so you have filled out this field with the IP address of the machine you're working on.
Sorry for that, sometimes a different perspective is very useful

Yeah, I followed the instructions to the tee. My machine had one IP assigned to it, no other machine used it, it was green. Seemed like the obvious choice. But knowing that there is a container involved makes it obvious why that's a problem. Without knowing that there is a container being created, it's not even suggestive that a second IP would be even possible.

scottalanmiller

Using a different IP address now for the container, it does run but I get this...

scottalanmiller

@alefattorini said in Did you ever try NethServer ?:

@scottalanmiller What would you write on that page? And which choices should be avoided for you?

So what we have now...

Domain Controller configuration

Set a new IP address for the Domain Controller function.

The chosen IP address must satisfy all of the below conditions:

• The IP address must be in the same subnet range of the green network. (Show this range.)
• The IP address must be unused currently.

IP address - before doing unused detection, start by blocking the IP addresses of known things like the green interface itself and the gateway.

---

Then in a sidebar have a note: "To provide full Samba Active Directory Domain Controller (AD DC) functionality, this feature is implemented in a container and requires its own IP address. The green interface will be added to a bridge to accommodate this function automatically.

scottalanmiller

I just realized, forcing a second IP address for the AD DC means that NethServer is very hard to use in a hosted environment where traditionally only a single IP address would be available. Of course, you don't normally use AD there and, if you do, you make a "behind the scenes LAN", so adding a ZeroTier type product there and making that the green network would work fine.

triple9

@scottalanmiller exactly. However, if I remember correctly, I did use other IP address. It was clear to me that I need NEW IP address for DC.

travisdh1

@alefattorini said in Did you ever try NethServer ?:

@travisdh1 I can't get your point, you're able to setup a Samba4 DC on CentOS, managed by webinterface with one click?

NethServer does NOT do Samba4 with 1 click. I think we've established that much here at least. When adding a Samba DC in a greenfield (no existing Domain Controllers), it's a quick and simple configuration change. Even taking into account needing to provide DHCP, DNS and NTP from the same box. Of course I'm an old time Linux/UNIX admin, so this stuff should be simple for me to setup.

alefattorini

@scottalanmiller Thanks man, I'll suggest it to my community so we can discuss the improvement

scottalanmiller

@alefattorini said in Did you ever try NethServer ?:

@scottalanmiller Thanks man, I'll suggest it to my community so we can discuss the improvement

Thanks!

dafyre

I have set it up to use as a simple DNS server for my lab network, and I gotta say, it was easy to do, and the web interface is nice to use and is more along the lines of simplistic in nature, which is nice to see!

stacksofplates

@dafyre said in Did you ever try NethServer ?:

I have set it up to use as a simple DNS server for my lab network, and I gotta say, it was easy to do, and the web interface is nice to use and is more along the lines of simplistic in nature, which is nice to see!

Does it only do A records? That's all I saw in the demo.

dafyre

@stacksofplates said in Did you ever try NethServer ?:

@dafyre said in Did you ever try NethServer ?:

I have set it up to use as a simple DNS server for my lab network, and I gotta say, it was easy to do, and the web interface is nice to use and is more along the lines of simplistic in nature, which is nice to see!

Does it only do A records? That's all I saw in the demo.

I only use the A and CNAME at the moment, but I think it can do all of them. I'll spin it back up and check.