Photo by Zachary Nelson on Unsplash
Samba domain controller in a heterogeneous environment
Shake a Leg
An Active Directory (AD) domain controller (DC) serves as a central logon server in heterogeneous networks with Windows, Linux, and macOS clients. This task does not necessarily have to be handled by a Windows server. The open source Samba service can also act as a DC.
Heterogeneous networks with servers and clients running both Linux and Windows need a centralized management server for the user directory and a standardized protocol for network shares. Windows systems naturally prefer Active Directory for this purpose, but technologies such as Kerberos and Lightweight Directory Access Protocol (LDAP) for securing user and access rights are open source. The obvious choice would seem to be the open source FreeIPA directory server. However, FreeIPA mainly targets Linux systems and user and group management.
FreeIPA lacks some features needed to act as a DC that a Windows system provides over the Server Message Block (SMB) and Common Internet File System (CIFS) protocols. Version 4 of the well-known open source Samba file service, on the other hand, provides a complete DC implementation.
The Samba project has been around for some 30 years now. It started life as a free Unix client for DEC Pathworks, which was partly based on the technology of the IBM OS/2 LAN Server and Microsoft LAN Manager. In the 1990s and early 2000s, the open source project initially fell foul of Microsoft, with repeated disputes. When Microsoft revamped its "Linux is cancer" (Steve Balmer) stance to "Microsoft loves Linux" (Satya Nadella), the software giant's relationship to the open source project changed. Microsoft employees have been part of the Samba development team since 2011. Additionally, Microsoft has now openly documented the SMB protocol, which helps Samba developers.
Since Windows Server 2003, a Samba server can become a member of an existing AD forest. However, this setup always required a Windows server as the domain controller. In
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
What's new in Samba 4
In December 2012, the open source world received the first, and very long awaited, release of the Samba 4.x series. -
Samba 4 appliances by SerNet and Univention
Shortly after the Samba team finalized Samba 4 in December 2012, SerNet and Univention integrated the new Samba into their appliances that give administrators an easy way to set up and test a Samba 4-based Active Directory domain controller. -
Save money with Samba as the domain controller on a legacy Windows NT-style domain
Samba can act as a PDC or BDC on a Windows NT4-style domain. Compared with a Windows-only solution, Samba saves money on licensing, and users can log in from Linux or OS X. -
Improved logging in Samba Winbind
In Winbind v4.17, the Samba team has addressed the complexity of and difficulty in troubleshooting the logging service that allows Linux systems to join an Active Directory domain. -
Protecting Samba file servers in heterogeneous environments
Because Samba can be integrated easily into heterogeneous environments, a kind of heterogeneous administration is often necessary, and security falls by the wayside. We show you how to use a Samba file server securely in heterogeneous environments.