Active Directory in VM?


NLS

Recommended Posts

I have installed NethServer as a VM in my unRAID newly-RE-configured home server.

I have enabled SAMBA AD on NethServer.

I read an old (2015) guide that I cannot have my unRAID join a domain in a VM, because the array (and VMs) need to be stopped to join.

Is there any workaround this in 2019?

 

If there is no REAL workaround, can someone with better expertise than me in unRAID tell me if the following spaghetti scenario can work?

  • Run the array and VM.
  • Make another VM on another computer, also installing NethServer.
  • Make that NethServer a domain controller on same domain as my ACTUAL NethServer (inside unRAID).
  • Stop array and VM.
  • Use the second domain controller (VM on client machine) for unRAID to join domain.
  • Turn on array and VM.
  • Second domain controller, supposedly syncs with first domain controller (right?). I am asking because this would happen with Windows Servers, but not sure what happens with SAMBA machines.
  • Remove second domain controller from domain (after I somehow make sure it replicated the AD).
  • UNRAID will work fine, even after a reboot, starting array and VMs. (Question here is what happens with AD security in unRAID when no DC is available - briefly until it boots).

 

Ideas? Comments? Help?

 

Link to comment

I've got no experience with Nethserver but I do have my unRAID server joined to a Windows AD domain.  My Windows DC is a VM but it is hosted on a separate ESXi server.

 

Assuming AD replication with Nethserver works like Windows AD replication, I think your plan would work....at least initially.

 

I've found that when my unRAID server is shutdown improperly (power outage or something similar), my unRAID server falls off the domain and has to be rejoined.  This would obviously be problematic in your proposed setup.  You could, of course, just be super careful to prevent improper shutdowns with a UPS (you probably want to do this anyways)...but it might be a pain if it did somehow happen.   

Link to comment

Thanks.

 

Of course I need to take care of not letting the server just power-off, but indeed if it simply pops out of AD this way is problematic (I will need to keep the other VM stored for "when is needed"... which would be bad if it is offline for days or months, because it will have a much older replica of the AD)...

 

Could LimeTech shed some light?

 

Link to comment

The long and short is that we have no short-term plans to manage the starting and stopping of services (such as VMs, containers, etc.) outside of the array itself.  Those two events are cojoined at the hip, as we rely on the array being started for certain processes to take place.  This isn't to say that this will be the case always and forever, but it is the situation now.  The same issue exists for folks that use pfSense (to some extent).

Link to comment
  • 9 months later...

Hi Guy´s,

 

after build my new Unraid System migrate all my VM´s i have exact the same issue...

If i try to join AD Unraid is shutting down all my VM´s also my domain-controller so join is impossible for me... 

Is now in 2020 maybe a "better" workaround except a second dc?

Thank you in advance guy´s

Link to comment
  • 1 month later...

I'd be quite keen to see this too, I run a Windows domain to manage the various users in my house. Everyone has a VM or two, some private shares and some "whole house" shares. Would be great to use AD groups for UnRAID share permissions. 

 

My current workaround was to install Hyper-V (ugh) on my work laptop, spin up a third DC on it, join UnRAID to my domain, then decommission the DC. 
Hyper-V is free in Win10 Pro and upwards, it's the world's worst hypervisor but as a workaround to get UnRAID on a domain it does the trick. 

Alternatively, if you don’t have a spare computer you can install Hyper-V on, you could sign up for a free Azure or AWS trial and build a domain controller in the cloud. Once UnRAID is joined you just delete the account. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.