Domain Server

[varcal]

I want to know haw to setup truenes as a domain server to authincate users for windows workstation and nextcloud

I would like so I can setup users in truenes and permissions in truenes

and a user can log in to any windows pc
also have those user also have access to nextcloud

can any one help please

 

[blanchet]

TrueNAS cannot play the role of domain controler (this feature has been dropped in Freenas 11.3) but it can still host virtual machines with bhyve.
These virtual machines can run Windows Server or Samba4 or Univention Corporate Server or Zentyal or any other alternative to Active Directory.

 

[questor765]

TrueNAS cannot play the role of domain controler (this feature has been dropped in Freenas 11.3) but it can still host virtual machines with bhyve.
These virtual machines can run Windows Server or Samba4 or Univention Corporate Server or Zentyal or any other alternative to Active Directory.

This may be a stupid question, but is there sufficient separation between my Truenas File Server and my Virtualized Domain Controllers if they are Jails on the truenas server?

IE
I want to host a jail within my file server and host my DC inside of it

 

[blanchet]

The last time I have tried (in 2020), Samba4 AD (as an Active Directory Domain Controller) did not run in a jail on TrueNAS because

• iocage jails have only ZFS filesystems
• Samba4 AD needs special ACLs that are not supported on ZFS

Therefore, if you really need to run Samba4 AD on TrueNAS, you need a virtual machine

• It may work with UFS (FreeBSD)
• I should work with ext4 and xfs (Linux)

 

[anodos]

Generally speaking, hosting your domain controllers on a filer joined to said domain is not a great idea. It creates a sort of nasty reversal of dependencies. The host depends on guest / jail for DNS, users / groups, etc. This can be particularly nasty during reboot / recovery scenarios. We tend to close bug tickets related to races caused by this sort of setup pretty quickly as user configuration errors.

 

[questor765]

So, not a great idea...
But I'm still tempted to try it if it causes headaches as opposed to outright failures.

I'm running a home network with two TrueNas systems. Only a handful of users, and not much rush if things need some TLC during bootup.

Server A is used for normal file operations will be an domain member
Server B is explicitly used as an SSH replication destination with only a local administrative account, no need for it to be a member

So, from your comments...
I think I can run my Primary DC on Server B inside a virtual machine, without fear of breaking everything