Search This Blog

Wednesday, 27 February 2013

SAMBA 4: Active Directory Domain Controller? Absolutely!

1991 was an extremely productive year....

On one hand Linus Torvalds introduced the Linux Kernel that would turn the Computing world on it's head and challenge commercial Operating Systems for the next two decades.

On the other hand, and in a completely unrelated event, Andrew Tridgell would develop "netbios for unix" soon to be known as Samba. It wasn't until a couple years later that you would commonly find Samba on a typical Linux Distribution.

From the official Samba site: What is Samba?
Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server.

Samba is used commercially in some small NAS filer appliances, and as stand alone file and print servers.  It has been packaged and supported for every Commercial UNIX version on the market. It is included in every Linux Distribution.  It allows Mainframes to share files "natively" with a Windows environment.

Samba has been able to provide Windows Domain Controller functionality for some time now, albeit under limited scope. Samba 3.x was able to provide for a very decent Windows NT4 Primary Domain Controller (PDC), but was not able to fill all of the roles of a true Active Directory PDC.  It could however, substitute as a Backup Domain Controller (BDC).

Enter Samba V4!

As of Version 4, introduced in December 2012, you are able to create a fully functional Active Directory Primary Domain Controller and then use Microsoft's Administration tools to manage it from your Windows 7 workstation!

Note: In the first release of v4, there were issues with directory and file replication that prohibited standing up a redundant pair of  Linux or Unix based Samba Domain Controllers.  These issues have been corrected as of v4.0.3 in January 2013.

It is now possible to build an entirely redundant Active Directory Domain on  Linux / Samba 4 Domain Controllers.

Although there are still a few issues with "Cross Forest Trusts", most small and medium size businesses in the free world are able to function within a single Active Directory domain anyway.
Samba 4 now supports all typical Active Directory features, including Group Policy and Roaming Profiles. They can also integrate with Microsoft Exchange servers (or better yet OpenChange ).

According to the official Samba site, Samba 4 was build with documentation and some assistance from Microsoft themselves:

The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable.
"Active Directory is a mainstay of enterprise IT environments, and Microsoft is committed to support for interoperability across platforms," said Thomas Pfenning, director of development, Windows Server. "We are pleased that the documentation and interoperability labs that Microsoft has provided have been key in the development of the Samba 4.0 Active Directory functionality."

There are several good articles already on just how to build a functional Active Directory Domain Controller using SAMBA 4 on Linux. I'm not going to go into the details here, but you can read:

I was able to create two Virtual AD Domain controllers (One PCD, One BDC), set up the domain, join a couple workstations, a print queue, and file server in the space of an afternoon.

I'll definitely admit it's not an "out-of-the-box" exercise, but when I got to use Microsoft's tools for managing Users,  Groups, OUs, Group Policy.... the reality set in that this is now ready for prime time...

Now.... Somebody please script this build!!! 

Further Reading:

Samba Team Releases Samba 4.0
HOWTO to set up Samba as an Active Directory compatible Domain Controller
Samba4 joining a domain as a DC
Samba4 as AD domain controller on Centos 6
Samba 4 AD Domain with Ubuntu 12.04

Producing a documented and tested automated procedure for configuring Ubuntu Linux 12.04
Ask Slashdot: Is Samba4 a Viable Altrnative To Active Directory?

A Tale of Two Standards
Samba 4 review: No substitute for Active Directory -- yet

1 comment:

  1. I started a fully automated setup with web GUI here:

    It's still in alphas but I am actively developing tis daily with bi-weekly updates.