Sign in with
Sign up | Sign in
Your question

Linux as primary domain controller

Last response: in Linux/Free BSD
Share
November 14, 2012 7:31:29 PM

Hi experts
I want to use Linux as a primary domain controller for some 25 windows7 laptops/desktops

Did anyone implement such system?
how stable/ reliable it is?

what was the process to set it up?

Thanks
November 14, 2012 9:41:25 PM

Thanks for quick reply.

You pointed to my real concern:

I want to replace windows server with a linux box that replaces it as:

-- Domain controller
-- User/Group manager with user profiles stored on linux box
-- single sign-on.

What does Active Directory do exactly ?


Thanks.
m
0
l
Related resources
a b $ Windows 7
a b 5 Linux
November 14, 2012 10:12:06 PM

samba4 can act as active directory server
m
0
l
November 14, 2012 10:19:22 PM

Thanks.

So theoretically by using a Linux distro with Samba4 I should be able to do all what a windows server can do (i.e PDC, AD)

In practice How good is it ? What distro does that the best?

Please give me some personal experience on the matter.

Thanks.
m
0
l
a b $ Windows 7
November 14, 2012 10:41:56 PM

skittle said:
samba4 can act as active directory server


Yes, but just how stable has it become? It seems to be in a perpetual beta for years now.

Edit: I see that it's gone RC1 but with a warning not to deploy into production environments as yet.
m
0
l
a b $ Windows 7
a b 5 Linux
November 15, 2012 5:21:31 AM

You don't mention it, but can it be presumed that your workstations are running Windows 7 Pro?
m
0
l
November 16, 2012 6:45:40 AM

Stop

Ask yourself a few questions.

Is this for a production environment or only a test / lab environment?

Is there a budget assigned to this project?

Does this system generate revenue or otherwise act as a critical component that's breaking would result in negative financial consequences?


Active Directory is a few things at once, primarily DNS and LDAP tightly integrated. SAMBA can only provide for the AD PDC emulator login tickets, it can not provide for the DNS resource queries to the LDAP nor the LDAP service itself. The authorization only services for shared resources not client to client authentication and security roles.

My personal suggestion is if your just learning then sure play with Samba and NT clients, it'll be fun. If this is for a business or production environment then just use a real NT server, it'll be more stable and a TON less headaches. The LDAP and DNS environment is tightly integrated and unless your an expert in ADC you won't be able to replicate those connections and objects inside an open source environment. You can use a Linux server to do lots of things, file services, backup services, web services, application hosting, network security device and so on. The one thing it's really not good for is acting as an AD authentication system for NT clients.

On a side note, you might not even need an AD server. Would RADIUS serve your needs?
m
0
l
November 16, 2012 2:06:02 PM

Thanks

would radius user login to their own laptop or other pc
m
0
l
November 18, 2012 10:25:06 PM

Honestly I've never used it for local authentication though I know it can work for shared resources.
m
0
l
!