ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Alternatives for Microsoft server products: Active Directory & Domain Controller

    Scheduled Pinned Locked Moved IT Discussion
    microsoft replacementactive directoryfossopen source
    25 Posts 8 Posters 7.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • thwrT
      thwr @tonyshowoff
      last edited by thwr

      @tonyshowoff Microsoft is quite powerful in client management, something I'm missing in the *NIX world. Puppet or Ansible for example could be a starting point, but not a replacement as far as I can tell.

      Edit: Sorry, mixed Samba and OpenLDAP. Fixed that in my initial post.

      tonyshowoffT 1 Reply Last reply Reply Quote 1
      • tonyshowoffT
        tonyshowoff @thwr
        last edited by

        @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

        @tonyshowoff Microsoft is quite powerful in client management, something I'm missing in the *NIX world. Puppet or Ansible for example could be a starting point, but not a replacement as far as I can tell.

        Edit: Sorry, mixed Samba and OpenLDAP. Fixed that in my initial post.

        Definitely lacking in client side, though you can use LDAP with KDE's login system if you have X running on boot. That's pretty close, though your GPOs are often meaningless. I always used to hold out hope for ReactOS, it was promising, but the project is too mismanaged and team unmotivated. I've always wanted an NT-POSIX kernel, but I'm afraid maybe that train has sailed.

        thwrT 1 Reply Last reply Reply Quote 1
        • thwrT
          thwr @tonyshowoff
          last edited by thwr

          @tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

          @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

          @tonyshowoff Microsoft is quite powerful in client management, something I'm missing in the *NIX world. Puppet or Ansible for example could be a starting point, but not a replacement as far as I can tell.

          Edit: Sorry, mixed Samba and OpenLDAP. Fixed that in my initial post.

          Definitely lacking in client side, though you can use LDAP with KDE's login system if you have X running on boot. That's pretty close, though your GPOs are often meaningless. I always used to hold out hope for ReactOS, it was promising, but the project is too mismanaged and team unmotivated. I've always wanted an NT-POSIX kernel, but I'm afraid maybe that train has sailed.

          ReactOS is definitely interesting, I'm following it for years. But it seems to like the HURD kernel somehow 😉

          Authentication on the *NIX side shouldn't be much of a problem at all, there are PAM LDAP modules available and widely in use.

          tonyshowoffT 1 Reply Last reply Reply Quote 0
          • Deleted74295D
            Deleted74295 Banned
            last edited by

            How do the big boys do it for client machines I wonder? I've heard the argument that a Linux admin can manage more servers than a Windows admin but what about client machines?

            thwrT 1 Reply Last reply Reply Quote 1
            • thwrT
              thwr @Deleted74295
              last edited by

              @Breffni-Potter That's the point...

              1 Reply Last reply Reply Quote 0
              • coliverC
                coliver
                last edited by

                What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                thwrT 1 Reply Last reply Reply Quote 2
                • thwrT
                  thwr @coliver
                  last edited by

                  @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                  What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                  Using Microsofts RSAT tools or something like that?

                  Well, let's assume we want a full featured domain with two sites connected via VPN with like 100 windows clients. We need things like machine accounts, managed service accounts and so on.

                  coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • coliverC
                    coliver @thwr
                    last edited by

                    @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                    @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                    What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                    Using Microsofts RSAT tools or something like that?

                    Well, let's assume we want a full featured domain with two sites connected via VPN with like 100 windows clients. We need things like machine accounts, managed service accounts and so on.

                    Yes, you can manage a Samba4 domain with RSAT tools. It will also work across a VPN. Not sure about service accounts but those would also probably work.

                    thwrT 1 Reply Last reply Reply Quote 3
                    • thwrT
                      thwr @coliver
                      last edited by

                      @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                      @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                      @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                      What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                      Using Microsofts RSAT tools or something like that?

                      Well, let's assume we want a full featured domain with two sites connected via VPN with like 100 windows clients. We need things like machine accounts, managed service accounts and so on.

                      Yes, you can manage a Samba4 domain with RSAT tools. It will also work across a VPN. Not sure about service accounts but those would also probably work.

                      Will setup a test VM tomorrow 😉 Thank you

                      1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1
                        last edited by

                        SAMBA is currently limited to 2008R2 level functionality. So if you've already made the move to 2012, I don't know that SAMBA will work very well.

                        I have it running as the only AD/LDAP service on the network, so it's not an issue.

                        1 Reply Last reply Reply Quote 2
                        • brianlittlejohnB
                          brianlittlejohn
                          last edited by

                          If you just have linux clients, FreeIPA works well.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @thwr
                            last edited by

                            @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                            Samba is quite capable of running AD, but what about management options or multi-site environments?
                            What is the issue with management (the Windows tools should work with it) and what happens with multi-site?

                            thwrT 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @thwr
                              last edited by

                              @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                              @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                              What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                              Using Microsofts RSAT tools or something like that?

                              Yes, that's how it is expected to be managed because no one would run Samba as an AD unless you had Windows somewhere, right? So if you do, you have RSAT. So the RSAT make the most sense. If you lack RSAT, you don't need Samba.

                              thwrT 1 Reply Last reply Reply Quote 2
                              • tonyshowoffT
                                tonyshowoff @thwr
                                last edited by tonyshowoff

                                @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                @tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                @tonyshowoff Microsoft is quite powerful in client management, something I'm missing in the *NIX world. Puppet or Ansible for example could be a starting point, but not a replacement as far as I can tell.

                                Edit: Sorry, mixed Samba and OpenLDAP. Fixed that in my initial post.

                                Definitely lacking in client side, though you can use LDAP with KDE's login system if you have X running on boot. That's pretty close, though your GPOs are often meaningless. I always used to hold out hope for ReactOS, it was promising, but the project is too mismanaged and team unmotivated. I've always wanted an NT-POSIX kernel, but I'm afraid maybe that train has sailed.

                                ReactOS is definitely interesting, I'm following it for years. But it seems to like the HURD kernel somehow 😉

                                Unlike HURD, ReactOS is actually contributing something and has, primarily back into Wine and other projects, but something. HURD is basically the ghost of Stallman's dream which he now lives vicariously through Torvalds by taking credit for his work. I've said it before, and I'll say it again, if it truly is GNU/Linux, then it's also Zend/WordPress, Borland/YourCPrograms, NodeJS/MangoLassi, etc. Give me a break.

                                thwrT 1 Reply Last reply Reply Quote 1
                                • thwrT
                                  thwr @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                  @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                  Samba is quite capable of running AD, but what about management options or multi-site environments?

                                  What is the issue with management (the Windows tools should work with it) and what happens with multi-site?

                                  Sorry, didn't see your question because of the formatting. FTFY.

                                  Like I said, the whole topic is just about discussing valid alternatives for the typical SMB / EDU environment. I was aware that Samba 4 got full DC capabilities, at least when it comes to authentication. I did not know about its GPO support and other things like replication between "DC"s or the possibility to use Microsoft's RSAT tools for management.

                                  @coliver (and you) mentioned one can use RSAT for management. That's good and would mean that the Samba4-team is trying hard to get to a high level of compatibility. How to say... looks like a perfect replacement for a real DC.

                                  Back to your question, multi-site (and/or subdomain) is a quite important feature in case you got a branch office, for example.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • thwrT
                                    thwr @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                    @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                    @coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                    What abilities are you, theoretically, looking for? Samba4 is a full DC drop in. You can manage Group Policies with a Windows desktop on a Samba4 domain.

                                    Using Microsofts RSAT tools or something like that?

                                    Yes, that's how it is expected to be managed because no one would run Samba as an AD unless you had Windows somewhere, right? So if you do, you have RSAT. So the RSAT make the most sense. If you lack RSAT, you don't need Samba.

                                    Sure, just asked because I wanted to know if you can use RSAT or if you have to use some Samba-made tools. Using RSAT is perfectly fine.

                                    1 Reply Last reply Reply Quote 0
                                    • thwrT
                                      thwr @tonyshowoff
                                      last edited by

                                      @tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                      @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                      @tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                      @thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                      @tonyshowoff Microsoft is quite powerful in client management, something I'm missing in the *NIX world. Puppet or Ansible for example could be a starting point, but not a replacement as far as I can tell.

                                      Edit: Sorry, mixed Samba and OpenLDAP. Fixed that in my initial post.

                                      Definitely lacking in client side, though you can use LDAP with KDE's login system if you have X running on boot. That's pretty close, though your GPOs are often meaningless. I always used to hold out hope for ReactOS, it was promising, but the project is too mismanaged and team unmotivated. I've always wanted an NT-POSIX kernel, but I'm afraid maybe that train has sailed.

                                      ReactOS is definitely interesting, I'm following it for years. But it seems to like the HURD kernel somehow 😉

                                      Unlike HURD, ReactOS is actually contributing something and has, primarily back into Wine and other projects, but something. HURD is basically the ghost of Stallman's dream which he now lives vicariously through Torvalds by taking credit for his work. I've said it before, and I'll say it again, if it truly is GNU/Linux, then it's also Zend/WordPress, Borland/YourCPrograms, NodeJS/MangoLassi, etc. Give me a break.

                                      That was more or less a joke or an anecdote. But you are right, we have yet to see something from HURD. ReactOS is something to take serious, their problem is just the small contributor/dev base. But building a system which is binary compatible to Windows and even looking like that is just an awesome job.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.

                                        tonyshowoffT 1 Reply Last reply Reply Quote 1
                                        • tonyshowoffT
                                          tonyshowoff @scottalanmiller
                                          last edited by tonyshowoff

                                          @scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                          GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.

                                          I don't deny that, to clarify, I was referring to GPOs not being served by Linux, but rather the other way around, Linux obeying them, or even knowing what they are, e.g. the GPO to hide cmd from the start menu won't hide the xterm icon. That seems obvious, I'm just saying it'd be great to have that sort of full coverage, perhaps at least a fork of KDE or something which implemented this.

                                          coliverC 1 Reply Last reply Reply Quote 0
                                          • coliverC
                                            coliver @tonyshowoff
                                            last edited by

                                            @tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                            @scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:

                                            GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.

                                            I don't deny that, to clarify, I was referring to GPOs not being served by Linux, but rather the other way around, Linux obeying them, or even knowing what they are, e.g. the GPO to hide cmd from the start menu won't hide the xterm icon.

                                            Is that expected? I think I missed part of the conversation.

                                            tonyshowoffT 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post