this post was submitted on 13 Feb 2024
71 points (91.8% liked)

Selfhosted

40663 readers
253 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I'm curious as to why someone would need to do that short of having a bunch of users and a small office at home. Or maybe managing the family's computers is easier that way?

I was considering a domain controller (biased towards linux since most servers/VMs are linux) but right now, for the homelab, it just seems like a shiny new toy to play with rather than something that can make life easier/more secure. There's also the problem of HA and being locked out of your computer if the DC is down.

Tell me why you're running it and the setup you've got that makes having a DC worth it.

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] huskypenguin 1 points 10 months ago (1 children)

Not the original commenter, but I don't understand how that would increase your attack surface. The AD is inside the network, and if an attacker is already in, you're compromised. There might be way to refrence a DNS server with a windows server, but then you're running windows and your life is now much more difficult.

As per DNS, the AD server must be the DNS provider. If you run something like nethserver in a VM you can use it as a dns & ad server.

The domain thing, the AD server is the authorative for its domain. So if you set it as top level, like myhouse.c()m, it will refrence all dns requests to itself, and any subdomains will not appear. The reccomended way to get around this is to use a subdomain, like ad.myhouse.c()m. Or, maybe you have a domain name to burn and you just want to use that?

[–] [email protected] 1 points 10 months ago (1 children)

Thanks, you're the second person who spoke about Neth server to me. I'll take a look.

I was planning to create a subdomain for it anyway, it's just that I was misled that if I didn't give it control over DNS for the network it wouldn't function properly. That doesn't seem to be case (which I'm glad for).

I do not quite understand how the attack surface is increased other than running Windows on my network. I will have to look deeper into it myself.

Thanks

[–] huskypenguin 2 points 10 months ago (1 children)

It may have been me both times. I went down a deep AD hole recently, and was trying to find an easy open source way to do it.

My advice is to put whatever you choose into a vm and snapshot it right before you configure the AD. I think I reconfigured mine 8 times before I was happy.

[–] [email protected] 1 points 10 months ago