Koozali.org formerly Contribs.org

SME10 - the clock is ticking

Offline Stefano

  • *
  • 10,790
  • Skype account: maghissimo
    • Smeserver italian community
Re: SME10 - the clock is ticking
« Reply #15 on: February 04, 2020, 12:14:50 PM »
Don't put too much effort in Samba AD, RHEL has dropped the support for rhel8, openldap is obsoleted, so now it is Free IPA the next solution. Moreover if you read the Samba documentation, the implementation needs two servers, one for the file server, the other for the authentication (samba AD), for sure this can be used with a container, or with a remote account provider but no one is easy (of course hard should  never be a blocking point)

Obviously systemd is a good development goal from my point view and it worths really an implementation.

leaving lurking mode just to ask to you: how did you manage the AD stuff "on the other side" (if you know what I mean)?
TIA
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia

Offline stephdl

  • *
  • 1,507
    • Linux et Geekeries
Re: SME10 - the clock is ticking
« Reply #16 on: February 04, 2020, 12:55:43 PM »
Nethserver uses a systemd container to run the samba AD but the next version could see some changes

No samba AD at all, windows system administrator expects a full ad directory replacement and it is clearly not

Use a second vm  to authenticate the users, but it could complicate  the vps installation

The container solution is hard to maintain
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline ReetP

  • *
  • 2,576
Re: SME10 - the clock is ticking
« Reply #17 on: February 04, 2020, 01:42:13 PM »
I get the feeling there is the usual crazy dance for control going on here some place.

Somewhere between RH, M$, Samba and systemDisaster (ooooooohh whoopee I can now make my home directory portable. I wonder if it includes my Mounts as well??)

https://www.theregister.co.uk/2020/02/03/linux_home_directories_merged_into_systemd/

If you are a Windows admin how are you meant to manage linux servers/desktops? Just use Windows? If you can't use Samba for AD them what can you use (just curious)?

Might be fun with my desktops and their LDAP/SSSD logins :-(

Wish they'd stop screwing things around.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 1,490
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: SME10 - the clock is ticking
« Reply #18 on: February 04, 2020, 06:33:44 PM »
I feel the future will tends more toward cloud solutions for file storage and remote software.
Traditional cifs shares are behind us except for few cases.

You can see nextcloud with onlyoffice integration where the whole office can interact on the same document at the same time.
Nextcloud has some limitations in term of access performance, but if you check seafile you have something more robust, while less modular.

Of course there is stil’ the question for SSO, and administration of all windows client and security policy.

Re: SME10 - the clock is ticking
« Reply #19 on: February 05, 2020, 05:57:32 PM »
I feel the future will tends more toward cloud solutions for file storage and remote software.
Traditional cifs shares are behind us except for few cases.

You can see nextcloud with onlyoffice integration where the whole office can interact on the same document at the same time.
Nextcloud has some limitations in term of access performance, but if you check seafile you have something more robust, while less modular.

Of course there is stil’ the question for SSO, and administration of all windows client and security policy.
Maybe so for people dealing with CRM solutions, accounting, small documents.
My customers deal with heavy graphics, CAD or BIM with files sizing 50/100 Mb or BIM projects sizing a few Gbytes .... it's quite difficult for me to think those stuffs residing in cloud for technical (speed) and economical reasons.
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Offline ReetP

  • *
  • 2,576
Re: SME10 - the clock is ticking
« Reply #20 on: February 05, 2020, 06:20:07 PM »
Maybe so for people dealing with CRM solutions, accounting, small documents.
My customers deal with heavy graphics, CAD or BIM with files sizing 50/100 Mb or BIM projects sizing a few Gbytes .... it's quite difficult for me to think those stuffs residing in cloud for technical (speed) and economical reasons.

Yes we have exactly the same issue, and slow ADSL (not everyone has 10s of Mbs connections, not will have for some while yet, especially in developing countries.).

Try opening a cloud stored artwork file and editing it on your desktop...... ain't going to happen.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 1,490
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: SME10 - the clock is ticking
« Reply #21 on: February 05, 2020, 07:01:13 PM »
Cloud is not equal to someone else computer.
Cloud could be your SME exactly at the same spot. It is just shifting protocol. 
However, you point the situation i pointed also out with « few cases », where you have huge files to handle and where i feel CIFS is better in term of performance, except with a solution offering a local cache on the client machine.


The issue is that both us and Samba people think they have the only solution and protocol to access shared files.
With this situation they can just start to do whatever they want and everybody just follow.
« Last Edit: February 05, 2020, 07:03:48 PM by Jean-Philippe Pialasse »

Re: SME10 - the clock is ticking
« Reply #22 on: February 05, 2020, 08:11:03 PM »
Don't put too much effort in Samba AD, RHEL has dropped the support for rhel8, openldap is obsoleted, so now it is Free IPA the next solution. Moreover if you read the Samba documentation, the implementation needs two servers, one for the file server, the other for the authentication (samba AD), for sure this can be used with a container, or with a remote account provider but no one is easy (of course hard should  never be a blocking point)

Obviously systemd is a good development goal from my point view and it worths really an implementation.

I don't believe Free IPA replaces Samba 4, but runs along side it.  My understanding is that Free IPA is more or less a client for talking to Samba4/Windows Domains and provides a front end for LDAP, and also other types of auth.   If you don't give a rip about supporting windows clients, then you can just use Free IPA and not even install Samba 4.  Free IPA lets you play in a windows domain, but not visa versa.

"IPA's proposed solution calls for using Samba 4 together with IPA, working from one LDAP back-end and sharing a kerberos server. Samba 4 will present IPA to the AD world as a separate domain forest and will be responsible for establishing a cross-forest domain trust between the IPA/Samba domain and the Windows part of the enterprise."

Also, there is no need to run 2 instances of Samba with one being in a container.  Both the AD part of Samba and the file server part of Samba can run side by side.

« Last Edit: February 05, 2020, 09:02:32 PM by gzartman »
----
Greg J. Zartman
LEI Engineering & Surveying

SME user and community member since 2000.

Re: SME10 - the clock is ticking
« Reply #23 on: February 05, 2020, 08:14:15 PM »
Nethserver uses a systemd container to run the samba AD but the next version could see some changes

No samba AD at all, windows system administrator expects a full ad directory replacement and it is clearly not

Use a second vm  to authenticate the users, but it could complicate  the vps installation

The container solution is hard to maintain

They only did this because they didn't want to figure out the proper way to run Samba4 on RHEL/COS.  At the time they did that, it was very difficult to find Samba 4 packages with the AD bits included for RHEL/COS.  Sernet was the only source.  I believe Netserver used a compiled from sources version of Samba, or something like this, in their container.
« Last Edit: February 05, 2020, 08:15:48 PM by gzartman »
----
Greg J. Zartman
LEI Engineering & Surveying

SME user and community member since 2000.

Offline Jean-Philippe Pialasse

  • *
  • 1,490
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: SME10 - the clock is ticking
« Reply #24 on: February 05, 2020, 10:26:04 PM »
Greg,
Thank you for your input. It is really appreciated as you are the far mor knowledgeable here about samba.

Re: SME10 - the clock is ticking
« Reply #25 on: February 07, 2020, 10:34:07 PM »
I'll always favor a private cloud type of environment provided by (local) network file sharing.
Samba 3.6 still works great in NT4 Style PDC, but SMB1 days are numbered (and unsafe).
With the EOS of W7 I fear that the day is near when W10 finally breaks down support for it.

I know Koozali builds its own samba 4 packages, but I just came across Tranquil IT's repos
of latest AD enabled samba 4 packages for EL7 (and even EL8) and great documentation.
http://samba.tranquil.it/centos7/       https://dev.tranquil.it/samba/en/index.html

Re: SME10 - the clock is ticking
« Reply #26 on: March 01, 2020, 12:59:47 AM »
There are sites out there that provide financial support for Open Source projects. I have just nominated this project for a grant at: Mozilla Open Source Support (MOSS) "Secure Open Source" Nomination.
I am not sure if it helps if more than one person nominates, but it can't heart to try more of you to nominate (Choose Track III): https://www.mozilla.org/en-US/moss/

I am sure there are other organizations out there that give out funding, lets see if anyone else can find some other donation sites and nominate this project.
If other organizations are found, share here so more people can nominate this project.

Plus,
There are also developers out there that are willing to donate their coding skills for free to worthy project.
How about promoting this project on:
https://www.codetriage.com/

It is unfair to few developers here to shoulder all this work by themselves. That is why we need to spread the word and get more people involved by advertising project on codetriage.com and many other similar sites.
« Last Edit: March 01, 2020, 08:11:19 AM by calisun »
SME user and community member since 2005.
Want to install Wordpress in iBay of SME Server?
See my step-by-step How-To wiki here:
http://wiki.contribs.org/Wordpress_Multisite

Offline csn

Re: SME10 - the clock is ticking
« Reply #27 on: March 01, 2020, 08:43:02 PM »
Slightly late to the party, but keen to help however I can.

I can write passable PHP and Python, I'm great at SQL and database architecture, and I've been adminning SME Servers on small networks since it was branded Mitel, so feel free to throw some testing at me.


Offline TerryF

  • grumpy old man
  • *
  • 1,192
Re: SME10 - the clock is ticking
« Reply #28 on: March 01, 2020, 09:06:42 PM »
More than enough room in this house :-) to start, have a look in bugzilla currently efforts by a couple of hard workers on a new server manager framework - https://bugs.contribs.org/show_bug.cgi?id=7819

More than welcome to join those doing what they can, see Rocket Chat hosted by user ReetP, contact him with name and email, his details are here he can then setup a login.

The knowledgeable there will be able to  point you in the right direction
--
qui scribit bis legit

Offline ReetP

  • *
  • 2,576
Re: SME10 - the clock is ticking
« Reply #29 on: March 01, 2020, 10:02:05 PM »
I'll always favor a private cloud type of environment provided by (local) network file sharing.
Samba 3.6 still works great in NT4 Style PDC, but SMB1 days are numbered (and unsafe).
With the EOS of W7 I fear that the day is near when W10 finally breaks down support for it.

It isn't clever but depends on how exposed SMB is to the wider world. YMMV.

But yes support will be forcibly removed  at some stage for sure.

Quote
I know Koozali builds its own samba 4 packages, but I just came across Tranquil IT's repos
of latest AD enabled samba 4 packages for EL7 (and even EL8) and great documentation.
http://samba.tranquil.it/centos7/       https://dev.tranquil.it/samba/en/index.html

No, we built it for testing but nothing for production as yet.

The whole field is shifting and we need to have a think about what to do with this.

We try to align with RH/Centos as much as possible to save ourselves work.

If they have dropped S4 + AD we need to decide which route to pursue and whether ro rely on a 3rd party.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation