Advice setting up virtual domain controller

Discussion in 'IT & Internet' started by Gareth ACA Accountant, Jul 23, 2021.

  1. Gareth ACA Accountant

    Gareth ACA Accountant UKBF Newcomer

    42 3
    So I would like to set up my own network inside my home wifi. I'm a bit new to this so I may have some of this wrong

    The set up should be really simple but let me explain:

    The broadband router is virgin media wifi and any device should be able to connect to this without anything changing. Basically the new network should not change anything for any of the existing users of the broadband connection.

    Then I will set up a PC with Windows 10 pro that will connect to the wifi.
    Within that PC I will set up a virtual linux box which will be the domain controller - running Nethserver (a version of Linux Centos) & Samba for active directory. The virtual machine will be running on Virtual box.

    This is where I think things will get a bit tricky.

    I want all computers that join this domain to go through the domain controller for internet access - the domain controller to act as a gateway/firewall.

    All workstations will need to connect wirelessly to the domain controller so the enventual outcome will be

    Workstation-[wirelessly connect to] ->Domain controller (virtual box within another PC) -[wirelessly connects to]->Virgin media router->Internet

    All workstations will be running Windows 10 Pro

    What do I need to achieve this. I feel like some sort of wireless router or network switch that sits between the workstations and the domain controller with that router connected by ethernet cable to the PC and then somehow that connections piped in to the virtual machine that is hosting the domain controller.

    Is this correct? Any recommendations on which hardware to use?
    Posted: Jul 23, 2021 By: Gareth ACA Accountant Member since: Jul 21, 2016
  2. Frank the Insurance guy

    Frank the Insurance guy Full Member

    488 146
    I'm sure our IT Expert members will have a way to do it, but this is what I would try:
    1. Virgin router set so that only the domain controller can access it.
    2. Set up another router/wifi hotspot for all devices to connect to the domain controller.

    That way the only way to get through the virgin router is through the domain controller, i think!

    By the way - I used to have a virgin media hub a few years back and it was awful - If things haven't changed I would suggest using the virgin router in "Modem only mode" and buy a decent router to connect it to.
    Posted: Jul 23, 2021 By: Frank the Insurance guy Member since: Oct 28, 2020
    • Thanks Thanks x 1
  3. KM-Tiger

    KM-Tiger Verified Business ✔️

    10,129 2,770
    The Hitron routers that Virgin are now issuing are a lot better than the old Superhubs.

    In essence what you propose can be done. I'd want to make a wired connection between the 'domain controller' and Virgin router in order to have more bandwidth to share to the wirelessly connected devices on the other side.

    Have you set up Samba4 for AD before? It's quite tricky, though works very well, Day to day admin can be done with the Windows remote admin tools.

    A note of caution though. You will have a single point of failure in that 'domain controller' virtual machine. If this is business critical you might do better to have a second domain controller and set up replication.

    Note that there are some oddities in Samba4 AD replication due to a bug in the glibc resolver. If you get stuck on this ask me.

    Wish you luck.
    Posted: Jul 23, 2021 By: KM-Tiger Member since: Aug 10, 2003
  4. Gareth ACA Accountant

    Gareth ACA Accountant UKBF Newcomer

    42 3
    So this will be just a test network or lab so I'm not worried about single point failure, or bandwidth. I'm basically just practicing at home before setting up a "proper" network for an office in the future.
    To get from workstation to VM Nethserver to internet, am I going to need some additional hardware? It seems some sort of wireless router/switch would be needed?
    Posted: Jul 23, 2021 By: Gareth ACA Accountant Member since: Jul 21, 2016
  5. Nico Albrecht

    Nico Albrecht Verified Business ✔️
    Full Member

    1,089 259
    What is the end goal here to create? It looks to me you creating unnecessary complexity for a purpose not mentioned.

    Please explain what problem you try to actually solve ? e.g proxy server for caching and security solutions, file server, dhcp server and so on?
    Posted: Jul 24, 2021 By: Nico Albrecht Member since: May 2, 2017
  6. Gareth ACA Accountant

    Gareth ACA Accountant UKBF Newcomer

    42 3
    The short version is that I am looking to create a test office network for 5-10 users. As it is a test I don't want to go down the route of paying for an expensive server and software
    This will involve a LAN on my home network, and will include a domain controller with a DHCP and possibly a DNS server on the linux virtual box. Also a gateway/firewall/webfilter. as well as that a sql server on windows for some software being developed plus some sort of apache/lamp server for running a test intranet with Wordpress. Shared folders/drives and group policy deployment.
    Then using my existing machine to log on to this network set up and check that it works as I would anticipate.
    Obviously as it's a LAN on home network, it should not interfere with other family members using the internet (i.e. I don't want to route all users of the wifi box through the LAN).

    Rather than using cables I would like to try to do the whole thing wirelessly but I appreciate that may involve something like a wireless access point going into a switch before the PC that's running the DC.

    It may be that I've gone down a route that is far more complex than it needs to be. Maybe I should ask the question - I would like to create a wireless LAN using Nethserver on Virtual Box on my home network. What should I do?
    Posted: Jul 25, 2021 By: Gareth ACA Accountant Member since: Jul 21, 2016
  7. Nico Albrecht

    Nico Albrecht Verified Business ✔️
    Full Member

    1,089 259
    you start with putting that awful virgin router into modem mode and buy yourself a decent entry level router with some control settings on there, Draytek 27xx series will do.

    Now you will have the ability to create isolated vlan's and control the routing for 2 vlan's e.g vlan 1 family, vlan 2 test lab Than you can take it from there what you wanna do behind that.

    I have a rough idea what you try to do here but without spending some decent money even on refurb hardware this project will take you nowhere near a production environment.

    For pure testing Microsoft Azure VM's comes to my mind, running Azure server in the cloud add your software and point the pc's to the cloud azure VM. They have a free trial. Plenty of other companies out there too.

    All what you want to do is possible and already tested and anyway. All you need to do is buy the actual hardware, create networks , setup software and so on.

    Also most what you are after can be done by a Synology NAS, e.g DNS/ DHCP/ VM's and much more so why even going down the route with custom builds when you can buy a ready to go tested solution from Synology and maybe qnap.
    Posted: Jul 25, 2021 By: Nico Albrecht Member since: May 2, 2017
    • Thanks Thanks x 2
  8. Gareth ACA Accountant

    Gareth ACA Accountant UKBF Newcomer

    42 3
    Interesting thoughts on the Synology. I thought they were just for storage, but I will check it out.
    Thanks for your input
    Posted: Jul 25, 2021 By: Gareth ACA Accountant Member since: Jul 21, 2016
  9. Hooble

    Hooble Full Member

    22 1
    Sometimes keeping it simpler is easier, do you have an old PC or somewhat well spec'd desktop your not longer using, if you connect this up with a NAS such as Synology or other brands using Samba, you can then run the VM's via the NAS. This means worst case scenario your computer-come-server has a problem you can install a new one and bring the VM's back online.

    I would recommend as mentioned having two AD Controllers maybe have one one double up as a file server too.

    As far as Intenet goes, with Virgin get a good router and put this in front of your Virgin media router and set that into Modem mode and you should be good to go. Let the router do its job in terms of handling traffic would be the best approach as if you use a good brand firewall/router you can then vlan traffic between Guest/Personal/Corp in future.
    Posted: Aug 4, 2021 By: Hooble Member since: Apr 29, 2021
  10. stugster

    stugster Contributor

    9,157 2,080
    Don't bother. Use Microsoft Business Premium licences and deploy using Azure AD.
    Posted: Aug 16, 2021 By: stugster Member since: Feb 1, 2007
  11. AW-UK

    AW-UK UKBF Newcomer

    114 8
    A Linux DC is a cheap (free) way of running an AD server, it works very well but does require a bit more set up than a Windows Server DC.

    As you have identified you will need all machines running Pro of 10 so it can connect to the domain, you will need to join each machine to the domain, and you will need to have the DC, DNS, DHCP etc all on the same network, your wireless router can set the gateway to the DC if needed.

    I am currently running a Linux DC inside VMWare and have it running through a VLAN to a small office network using Cisco managed switches and VLAN tagging the VMWare adaptor, this keeps traffic separate from the "development" side of the network, the wireless is plugged into one of the Cisco switches, everything is managed by a pfSense box.
    Posted: Aug 27, 2021 By: AW-UK Member since: Aug 23, 2021