Windows network¶

Workstation¶

When acting as a workstation, NethServer Enterprise registers itself as member of the Windows workgroup specified by the Workgroup name field. The default value is WORKGROUP.

From the other hosts of the Windows network, NethServer Enterprise will be listed in Network resources, under the node named after the Workgroup name field value.

As stated before, to access the server resources, clients must provide the authentication credentials of a valid local account.

Primary domain controller¶

The Primary Domain Controller (PDC) is a centralized place where users and hosts accounts are stored. To setup a Windows network where NethServer Enterprise acts in PDC role follow these steps.

1. From the Server Manager, Windows Network page, select Primary Domain Controller, then SUBMIT the change.

   The Domain name by default is assumed to be the second domain part of the host name in capital letters (e.g. if the FQDN server host name is server.example.com the default domain name will be EXAMPLE. If the default does not fit your needs, choose a simple name respecting the rules:

   • length between 1 and 15 characters;
   • begin with a letter, then only letters, numbers, or the minus - char;
   • only capital letters.

   For more information refer to Microsoft Naming conventions [2].

2. For each workstation of the Windows network, join the new domain. This step requires privileged credentials. In NethServer Enterprise, members of the domadmins group can join workstations to the domain. Moreover, domadmins members are granted administrative privileges on domain workstations. By default, only the admin user is member of the domadmins group.

   Some versions of Windows may require applying a system registry patch to join the domain. From the Server Manager, follow Client registry settings link to download the appropriate .reg file. Refer to the official Samba documentation [3] for more information.

Active Directory member¶

The Active Directory member role (ADS) configures NethServer Enterprise as an Active Directory domain member, delegating authentication to domain controllers. When operating in ADS mode, Samba is configured to map domain accounts into NethServer Enterprise, thus files and directories access can be shared across the whole domain.

Joining an Active Directory domain has some pre-requisites:

1. In DNS and DHCP page, set the domain controller as DNS. If a second DC exists, it can be set as secondary DNS.
2. In Date and time page, set the DC as NTP time source; the Kerberos protocol requires the difference between systems clocks is less than 5 minutes.

After pre-requisites are set, proceed in Windows network page, by selecting the Active Directory member role:

• Fill Realm and Domain fields with proper values. Defaults come from FQDN host name: maybe they do not fit your environment so make sure Realm and Domain fields are set correctly.
• LDAP accounts branch must be set to the LDAP branch containing your domain accounts if you plan to install the Email module. It is not actually required by Samba.
• SUBMIT changes. You will be prompted for an user name and password: provide AD administrator or any other account credentials with permissions to join the machine to the domain.

Footnotes