file sharing in the 21st century
-
I want to start with a big thanks to @JaredBusch for his guides on NC and Nginx. Now that the basic NC instance is setup, I want to see what I can do with it to improve its functionality or make it's integration with our workflows a more seamless one. Hopefully you guys have some experience with some of these tweaks, or have questions yourself about going beyond the base install.
The first question I have is about authentication. I think I want to setup LDAP authentication to talk with my AD, but I would also like to setup 2fa, at least for web access. I am really worried that my users have terribly insecure passwords in AD and I don't want to put my files at risk because of this. This is our first "cloud accessible" service if you discount email, and I want to start out on the right foot. Does this plan sound like a good idea, or what would any of you change? Who is using 2fa now with NC, and what do you use for it?
The second questions is about automating folder creation with NC. I would like to be able to have NC automatically create certain folders for projects, based on sql triggers coming from a external sql database. Is this possible?
The third question is similar to the second. I would like NC to create a consistent folder structure when a new user is created or when some similar event is triggered. I plan on seeing if I can treat NC like a folder redirection of sorts.
I am going to take my time and plan out how we would utilize NC, because there is a lot of opportunity to improve things for us.
-
@Donahue said in file sharing in the 21st century:
The third question is similar to the second. I would like NC to create a consistent folder structure when a new user is created or when some similar event is triggered. I plan on seeing if I can treat NC like a folder redirection of sorts.
This is interesting. Why do you want this, what's the use case? Since this would be purely for the user's personal files, not shared ones, what's the end goal?
-
@scottalanmiller said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
The third question is similar to the second. I would like NC to create a consistent folder structure when a new user is created or when some similar event is triggered. I plan on seeing if I can treat NC like a folder redirection of sorts.
This is interesting. Why do you want this, what's the use case? Since this would be purely for the user's personal files, not shared ones, what's the end goal?
I want to sync the desktop and documents folders with NC, and I want to have a place to store personal scans that come off our network scanners. This would save me the hassle of manually creating all these. My goal is to get everything worth keeping onto a central place so it can be backed up at the VM level, and I dont ever have to worry about end points. Right now we tell employees to never keep anything valuable on their own hard drives, but they still do, and I refuse to backup endpoints.
-
Also, what are people's must have NC apps?
-
@Donahue said in file sharing in the 21st century:
Also, what are people's must have NC apps?
I use Notes and Talk constantly.
-
Is there a way to point devices on the LAN to the LAN address instead of the external address?
-
@Donahue Internal DNS records are your friend
-
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
That's where overloading DNS comes in, or configuring the router to hairpin.
-
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
-
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
Sorry, I see this as a slightly different thing. I do have external access now, and I would like users who may be out of the office to prefer internal when available. This is probably not a big deal though, no need to get your panties in a bunch
-
well, I managed to lock my self out of NC, playing around with 2fa. I am unsure how to proceed, and may resort to just starting over.
-
@Donahue said in file sharing in the 21st century:
well, I managed to lock my self out of NC, playing around with 2fa. I am unsure how to proceed, and may resort to just starting over.
Already tried disabling 2fa plugin via CLI?
-
@black3dynamite said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
well, I managed to lock my self out of NC, playing around with 2fa. I am unsure how to proceed, and may resort to just starting over.
Already tried disabling 2fa plugin via CLI?
yes. Apparently I did a backup code, and I cannot disable that.
-
I can't generate a new one because the app to do that from CLI wont enable because of DB issues.
-
@Donahue said in file sharing in the 21st century:
I can't generate a new one because the app to do that from CLI wont enable because of DB issues.
You've got the worst of luck with Nextcloud. Since its not in production, I'll start all over with just the basic setup and then go from there.
-
JB has a post about redirecting or linking the home folders under user profiles to the NC folder . This would then sync to the NC server.
The hassle- you have to do it on the PC after the user logs in.
-
I think so. I think one of my biggest problems is that I can generally intuitively understand stuff and can glean a lot. This usually allows me to understand things really quickly, but there are times when I jump the gun and it bites me. This is one of those times.
-
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
Sorry, I see this as a slightly different thing. I do have external access now, and I would like users who may be out of the office to prefer internal when available. This is probably not a big deal though, no need to get your panties in a bunch
The only way to get internal clients to use different DNS than public clients is to have an internal DNS Zone that is the same name as your external public DNS name. But doing it that way means you need to copy over all public DNS records to your internal DNS zone now except now you will point hosts names to internal IP addresses for those you want
-
ok, I blew it away and created it again. It only took like 20-30 minutes this time.
-
@Obsolesce said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
@JaredBusch said in file sharing in the 21st century:
@Donahue said in file sharing in the 21st century:
Is there a way to point devices on the LAN to the LAN address instead of the external address?
FFS, we just had this conversation in your other thread.
You use an internal based DNS name. for clients that are only ever in the office.
This prevernt you from having to add your public domain to your internal DNS.
Sorry, I see this as a slightly different thing. I do have external access now, and I would like users who may be out of the office to prefer internal when available. This is probably not a big deal though, no need to get your panties in a bunch
The only way to get internal clients to use different DNS than public clients is to have an internal DNS Zone that is the same name as your external public DNS name. But doing it that way means you need to copy over all public DNS records to your internal DNS zone now except now you will point hosts names to internal IP addresses for those you want
yeah, if that is the case, I will keep it simple and just run external full time.