NethServer 8: wishlist for the conference

danb35 · June 15, 2018, 8:35pm

A page for users to change their passwords, that isn’t part of the server manager. Most of my users are remote, I don’t want to make them VPN in just to change a password, and I certainly don’t want to expose the server manager to the Internet.

transocean · June 15, 2018, 8:45pm

My wish is to integrate Horde Groupware into the Software Center.

Regards

Uwe

mrmarkuz · June 15, 2018, 9:18pm

It’s on the way but needs some improvement and testing:

robb · June 16, 2018, 8:03am

I almost posted something ‘smart’ that you can change pw from servermanager, Then I realized I had to read on a bit further and saw the “…that isn’t part of the server manager…” part of your suggestion…
So, yeah it would be nice to have such a feature, but if it isn’t part of server manager, how should it be implemented then? Having a web facing option to change passwords is not my idea of having a safe solution. What would be the problem with VPN into the LAN to reach the server manager?

danb35 · June 16, 2018, 12:32pm

With a separate page that only allows users (probably excluding admin users) to manage their own accounts. That would be the natural place to put the “download mobileconfig” page for my nethserver-automx module, too. Maybe allow users to change their directory details, if we want to be fancy.

Why not? It’s certainly safer than exposing the entire server manager, which is the only current way to do this. And the server manager is available on the red interface by default. Yes, there’s some exposure there–there’s exposure with every public service. Thus, the admin should be able to decide whether, and where, to make such a page available–as is the case for pretty much every other service.

This is something that pretty much every web service does, and I can’t be the only Neth admin who has primarily remote users.

It’s an unnecessary complication.
Most of my users aren’t very tech-savvy, amplifying the above.
My users have no other reason to be on my home LAN.
With nothing against my users, I don’t particularly want them on my home LAN.

robb · September 28, 2018, 3:09pm

I just was pointed to a new uploaded video by Zentyal about how to migrate FSMO roles to a Zentyal server.
Zentyal has created a small perl script that does all the magic and makes it fairly easy to migrate from MS DC to Zentyal DC.
Since NethServer also uses Samba4 as AD accountprovider, I thought it shouldn’t be that hard to make this possible for NethServer too.
The Zentyal script is called ad-migrate and you can find it on any Zentyal (5.1) server in /usr/share/zentyal-samba directory.
If you want to know the content of the perl script, have a look at https://ghostbin.com/paste/527cj

Bottomline: could we create such a script for NethServer too? Can we think of other useful admin actions that could use a script, instead of going through some risky, error-prone commands?
Are there already (hidden) scripts that could be used?

giacomo · September 28, 2018, 3:37pm

The script is small because everything is inside the libraries

Yes, I think we can work on it. @davidep already did it by hand a couple of time.
We could create some scripts but we need to describe very well the scenario usage.

No really.

Cadivette · September 2, 2019, 8:19pm

Well Zoneminder would be my choice.

syntaxerrormmm · September 3, 2019, 1:43pm

I usually couple NS with Self Service Password from LTB Project. Should work also on AD once configured.

danb35 · September 3, 2019, 1:45pm

Yeah, I’d found that since I posted:
https://wiki.nethserver.org/doku.php?id=userguide:self-service-password

syntaxerrormmm · September 3, 2019, 1:47pm

Missed that; thanks for the additional effort integrating that with e-smith.

pbasque · October 14, 2019, 2:53pm

Hello people,
I’m new to the community.
I liked the topics covered.
I read a bit about Kernel, and saw that from 3.x to 4.x kernel in CentOS 8 there are some interesting improvements about file system, which is my main use of the tool.
In addition to SAMBA integration with AD and its File Server log management.

One issue I have had a lot of trouble in is separating where the NetshServer cmdata installation is, and adding a new volume via the GUI. I believe this can improve.

Very good idea of elastic sarch and Docker with Kubernets.

BitStream · October 14, 2019, 5:45pm

I want an IPv6 integration. Here in Germany more and more connections are switched to IPv6 and therefore IPv6 is becoming more and more important for internal networks. I already run a NethServer installation with IPv6 (Dual Stack), so as far as possible. I have the possibilities and would also be willing to participate in the testing.

pike · October 14, 2019, 8:44pm

That’s the fourth year that IPv6 were answered “no thanks” by the project…

Unfortunately.

BitStream · October 15, 2019, 4:13pm

Perhaps no one dares to do so because the corresponding know-how is missing. Maybe you need an incentive or just a few people to help you reach this goal.

We could start by enumerating the things that work and then see how big the effort really is.

NLS · October 17, 2019, 10:17am

For NethServer 8, a complete DNS server implementation would be great.
Also change the method of implementing Samba. Not use a container, so same IP and hostname (and DNS) is used throughout NS experience?

robb · October 17, 2019, 4:44pm

@NLS I agree Samba4 AD provider installed directly in NS is preferable. Unfortunately CentOS 7 does not provide Samba4 packages and that is the reason why we need another solution.
This has been discussed extensively:

And recently it became clear CentOS 8 will not ship Samba4 packages either

NLS · October 17, 2019, 7:59pm

Still the case with CentOS 8?

robb · October 17, 2019, 9:22pm

From the topic on redhat website: (only visible when logged in)

Is Samba 4 AD DC supported with Red Hat Enterprise Linux 8
Solution Verified - Updated November 29 2018 at 10:14 AM -
English
.## Environment
.* Red Hat Enterprise Linux 8 Beta
.## Issue
.* Is Samba 4 AD DC supported with Red Hat Enterprise Linux 8?
.## Resolution
Samba 4 AD DC is not supported in any release of Red Hat Enterprise Linux.
Red Hat has evaluated the RFE and came to conclusion that including Samba AD DC into Red Hat Enterprise Linux would create a significant support challenge due to complexity and broad set of the use cases that are expected to be supported by the solution. To avoid undesirable customer experience, Red Hat will not include Samba AD DC into Red Hat Enterprise Linux in any foreseeable future. Based on this conclusion this RFE is now being closed.
Red Hat acknowledges the value of Samba AD DC to Red Hat customers and welcomes partners that have targeted expertise in this area to join forces to provide an integrated Identity Management solution for heterogeneous environments that would meet the variety of customer use cases. All interested parties are welcome to contact Red Hat via available communication channels.
Based on the feedback and desire of Red Hat customers to invest into development of this technology, or if market conditions or partner integration will not be sufficient to meet customer requirements, Red Hat might reconsider its position in future.

And the bugzilla tracker says: Status: CLOSED WONTFIX
Since CentOS is following RH, Samba4 AD DC will not be supported by CentOS 8 either.

pike · October 17, 2019, 10:31pm

Too many issues for replicate an “old” tech. They don’t want to compete against AD.