8000 Samba File Server as AD domain member · Issue #7384 · NethServer/dev · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Samba File Server as AD domain member #7384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
DavidePrincipi opened this issue Apr 7, 2025 · 5 comments
Closed

Samba File Server as AD domain member #7384

DavidePrincipi opened this issue Apr 7, 2025 · 5 comments
Labels
milestone goal 👑 This describes an announced milestone goal verified All test cases were verified successfully
Milestone
NethServer 8.5

Comments

@DavidePrincipi
Copy link
Member
DavidePrincipi commented Apr 7, 2025
edited
Loading

File server functionality is currently possible in a NS8 cluster only for a node with a samba-dc domain provider.

Proposed solution

  • Implement a File Server only (no DC services) mode with RODC or Domain Member role.

Alternative solutions

  • Create another Samba application specific for standalone File Server use case and join it as a server to the domain.

See also
@DavidePrincipi DavidePrincipi added the milestone goal 👑 This describes an announced milestone goal label Apr 7, 2025
@DavidePrincipi DavidePrincipi added this to the NethServer 8.5 milestone Apr 7, 2025
@DavidePrincipi DavidePrincipi self-assigned this Apr 29, 2025
@DavidePrincipi DavidePrincipi moved this from ToDo to In Progress in NethServer Apr 29, 2025
@DavidePrincipi DavidePrincipi changed the title Samba standalone File Server mode Samba File Server as AD domain member May 6, 2025
@DavidePrincipi DavidePrincipi mentioned this issue May 15, 2025
Merged
@DavidePrincipi DavidePrincipi mentioned this issue May 27, 2025
Merged
DavidePrincipi added a commit to NethServer/ns8-core that referenced this issue May 28, 2025
@DavidePrincipi
fix(ui): disable Replace existing app checkbox
cc8690c 
The Samba app cannot be restored if the node hosts another Samba instance.

Refs NethServer/dev#7384
@DavidePrincipi DavidePrincipi mentioned this issue May 28, 2025
Merged
DavidePrincipi added a commit to NethServer/ns8-core that referenced this issue May 28, 2025
@DavidePrincipi
fix(ui): disable Replace existing app checkbox (#893)
6dc7d0d 
The Samba app cannot be restored if the node hosts another Samba instance.

See also #862

Refs NethServer/dev#7384
DavidePrincipi added a commit to NethServer/ns8-core that referenced this issue May 29, 2025
@DavidePrincipi
Merge pull request #890 from NethServer/feat-7384
9763e79 
feat: core flags management for Samba 3+

Refs NethServer/dev#7384
@DavidePrincipi DavidePrincipi mentioned this issue May 29, 2025
Merged
DavidePrincipi added a commit to NethServer/ns8-core that referenced this issue May 29, 2025
@DavidePrincipi
feat(transfer-state): support Samba ACLs cloning (#895)
900150d 
Enable transfer of extended-attributes, which is not included by Rsync
"-a" flag.

Refs NethServer/dev#7384
DavidePrincipi pushed a commit to NethServer/ns8-core that referenced this issue May 29, 2025
@weblate
Translated with Weblate (#891)
16fe608 
Translate-URL: https://hosted.weblate.org/projects/ns8/core/de/
Translate-URL: https://hosted.weblate.org/projects/ns8/core/it/
Translation: NS8/core

Co-authored-by: Davide Principi <davide.principi@nethesis.it>
Co-authored-by: roswitina <roswitina@hotmail.com>

Refs NethServer/dev#7384
@DavidePrincipi DavidePrincipi added the testing Packages are available from testing repositories label May 30, 2025
@nethbot nethbot moved this from In Progress to Testing in NethServer May 30, 2025
@mrmarkuz
Copy link
Member
mrmarkuz commented Jun 2, 2025
edited
Loading

Test case 1 verified

  • Folders are accessible

  • NTLMSSP Sign/Seal supported

  • A connection to the alias name is not working from Windows clients immediately after migration.

  • After changing the alias name on NS8 to something else it worked, maybe some cache issue.

  • Also after rebooting NS8 and the Windows client the alias name is working.

  • Accessing the alias name from Windows in samba:3.0.0-dev.2 is verified

  • User portal: Login and user creation is working

Test case 2 verified

  • After resetting permissions for a share, it's still accessible and Windows ACLs are used instead of Posix ones

  • After restore the DC name is nsdc-nethr1 instead of original nsdc-neth and the alias name isn't set anymore.

Test case 2.bis verified

  • Set LAN IP address worked from CLI and UI

  • After restore the DC name is nsdc-nethr1 instead of original nsdc-neth and the alias name isn't set anymore.

Test case 3 verified

  • Clients can connect as given in the connection path examples.

Test case 4 verified

  • Clients can connect as given in the connection path examples.

Test case 5

After restore of the samba file server instance, the domain controller isn't found anymore. I tested using NS8 samba and a Windows Server as DC.
Also there's no config wizard asking for fileserver name and alias.
After setting "DNS1ADDRESS" to the DC IP it works.

And there's a validation bug:

It's possible to create an external samba user domain (DC) with netbios name (NS8DEBIANTEST) but in samba file server settings I get a validation error because dots are needed (ad.ns8debiantest.com)

"Validation errors: [realm: Does not match pattern '^[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+$']"

  • Selective restore of files and folders is working

Test case 6 verified

  • Cloning worked and the cloned file server access is working

Little cosmetic bug:

After restoring or cloning a file server instance the status page shows "0 shared folders", after browser refresh the right number is shown.

DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 3, 2025
@DavidePrincipi
fix(import-module): NBALIAS not applied
1458a4b 
Forcibly restart samba-dc to refresh the NBALIAS setting.

Refs NethServer/dev#7384
DavidePrincipi pushed a commit to NethServer/ns8-samba that referenced this issue Jun 3, 2025
@weblate
Translated with Weblate (#96)
1bde20e 
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/it/
Translation: NS8/samba

Co-authored-by: Davide Principi <davide.principi@nethesis.it>

Refs NethServer/dev#7384
@DavidePrincipi
Copy link
Member Author
  • Possible solution: After a restart of the samba-dc service on NS8, Windows could connect to the shares via the alias name.

@mrmarkuz, the automatic restart has been added. Please check Samba 3.0.0-dev.2

ℹ️ Please have a look also at the User Portal to ensure it is displayed and login works because its frontend dependencies were bumped for security updates.

DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 3, 2025
@DavidePrincipi
fix(import-module): NBALIAS not applied
8d0c7e1 
Forcibly restart samba-dc to refresh the NBALIAS setting.

Refs NethServer/dev#7384
DavidePrincipi pushed a commit to NethServer/ns8-samba that referenced this issue Jun 3, 2025
@weblate @DavidePrincipi
Translated with Weblate (#96)
351401d 
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/it/
Translation: NS8/samba

Co-authored-by: Davide Principi <davide.principi@nethesis.it>

Refs NethServer/dev#7384
This was referenced Jun 4, 2025
Merged
Merged
Merged
DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 5, 2025
@DavidePrincipi
fix(ui): prevent button label wrap (#102)
9fe83e8 
When translated to Italian the button label becomes too long and makes
the button size too high for the text wrap.

Refs NethServer/dev#7384 NethServer/dev#7439
@DavidePrincipi DavidePrincipi mentioned this issue Jun 5, 2025
Merged
@mrmarkuz
Copy link
Member
mrmarkuz commented Jun 5, 2025

Test case 5 verified

  • ghcr.io/nethserver/samba:feat-7384-3 works, it's possible to create an external samba domain using the netbios name and use it in the samba file server instance.

DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 5, 2025
@DavidePrincipi
Merge pull request #100 from NethServer/feat-7384-3
7cb165a 
fix: member role restoration

Refs NethServer/dev#7384
DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 5, 2025
@weblate @DavidePrincipi
Translated with Weblate (#101)
a9fce11 
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/de/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/es/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/eu/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/fr/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/it/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/nl/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/pt/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/pt_BR/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/ta/
Translate-URL: https://hosted.weblate.org/projects/ns8/samba/uk/
Translation: NS8/samba

Refs
NethServer/dev#7384
NethServer/dev#7386
NethServer/dev#7390

Co-authored-by: Davide Principi <davide.principi@nethesis.it>
Co-authored-by: LibreTranslate <noreply-mt-libretranslate@weblate.org>
Co-authored-by: Prefill add-on <noreply-addon-prefill@weblate.org>
Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
@mrmarkuz mrmarkuz added the verified All test cases were verified successfully label 8000 Jun 5, 2025
@github-actions github-actions bot removed the testing Packages are available from testing repositories label Jun 5, 2025
@nethbot nethbot moved this from Testing to Verified in NethServer Jun 5, 2025
@mrmarkuz mrmarkuz removed their assignment Jun 5, 2025
DavidePrincipi added a commit to NethServer/ns8-samba that referenced this issue Jun 5, 2025
@DavidePrincipi
feat: get-facts action (#103)
f708a2d 
Return facts for:
- role and provision types
- shared folders feature usage counters

Refs NethServer/dev#7384
@DavidePrincipi DavidePrincipi mentioned this issue Jun 10, 2025
Merged
DavidePrincipi added a commit to NethServer/ns8-docs that referenced this issue Jun 10, 2025
@DavidePrincipi
Samba Domain Member role docs (#171)
ba366a7 
- fix: clarify Samba AD DNS configuration
- feat: member/controller roles
  With the new Domain Member role addition configuration, clone, restore
  procedures were integrated of new functions and instructions.
  Document also the new Advenced section of Shared folders.

Refs NethServer/dev#7384
@DavidePrincipi
Copy link
Member Author

Released https://github.com/NethServer/ns8-samba/releases/tag/3.0.0

@github-project-automation github-project-automation bot moved this from Verified to Done in NethServer Jun 10, 2025
DavidePrincipi added a commit to NethServer/ns8-repomd that referenced this issue Jun 11, 2025
@DavidePrincipi
Delete samba/metadata.json
7340dda 
Use metadata from Samba repo, as for other apps.

Refs NethServer/dev#7384
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
milestone goal 👑 This describes an announced milestone goal verified All test cases were verified successfully
Projects
NethServer
Status: Done
Milestone
NethServer 8.5
Development

No branches or pull requests
2 participants
@DavidePrincipi @mrmarkuz
0