[kwlug-disc] Linux replacement for Windows Domain Server

Lori Paniak ldpaniak at fourpisolutions.com
Wed Nov 25 07:49:13 EST 2009


Samba 3.x can act as a Windows 2000 primary domain controller.  And it
does a pretty good job of it, from what I have seen.  With that you get
domain credentials and permissions which are centrally managed. You can
use OpenLDAP for a password backend, but it is not necessary.  For a
small office, the default tdbsam seems to be sufficient.

An example:
http://www.steve-lacey.com/blogarchives/2006/11/linux_as_a_wind.shtml

If Samba 4 can act as an Active Directory (2003) controller, that would
be a major step forward(?).

On Wed, 2009-11-25 at 01:32 -0500, Bob Jonkman wrote:
> It's like you read my mind.
> 
> There's already one Linux server in the office, doing Web and mail (so 
> no Exchange).  Some Windows workstations running XP, a couple with 
> Vista.  Some with shared printers attached.  No central file server, 
> people are either e-mailing each other files or using sneakernet (and 
> that's fine with them).
> 
> The problem I'm trying to solve is authentication/authorization to use 
> the shared printers, without using shared passwords, and without needing 
> to whack-a-mole every workstation when someone forgets or changes a 
> password.
> 
> I'm hoping to make the Linux server do the authentication in a 
> Windows-like way.  For each workstation I can change the login from 
> Workgroup to Domain, then perform user and printer administration from 
> the server.
> 
> I'm also considering network printer ports for the printers, but those 
> need Domain authentication too.
> 
> --Bob.
> 
> 
> 
> 
> unsolicited wrote:
> > Bob Jonkman wrote, On 11/24/2009 10:50 PM:
> >> What would be the Linux replacement for a Windows Domain Controller?
> >>
> >> Is there a Debian package for this?
> >
> > Sorry, Bob, your question is too vague.
> >
> > What part of a Windows Domain Controller are you looking to replace?
> >
> > (And, in this thread, I'd wait for John to chip in before considering 
> > anything authoritative.)
> >
> > Apologies if stuff below is too basic or already well known to you - 
> > don't mean to insult your keen technical intellect here. (-:
> >
> > Active Directory is an MS proprietary form of LDAP. So, in one sense, 
> > the answer to your question is OpenLDAP.
> >
> > Another take on your question, as answered elsewhere in this thread, 
> > is file sharing. In which case an answer might be Samba. Samba will do 
> > printer sharing too. But printer sharing begs the question, why not 
> > leave the printers on windows with the ability to use native windows 
> > print drivers, and share the printers from there.
> >
> > - for that matter, if you have less than 10 XP or better workstations, 
> > you don't need an MS server at all. You could share each attach point 
> > directly. (XP has a limit of 10 connections for shared things.)
> >
> > The single most important detail to communicate is: Are you using MS 
> > Exchange? If Exchange is not in the picture at all, you're gold. 
> > Solutions are out there. If Exchange is in the picture but you have no 
> > other use for Active Directory, there's quite a bit of info. out there 
> > about Linux / Exchange interaction and cooperation. (Again, John could 
> > give you some direction and magic search terms.)
> >
> > Another take on your question could be "I'm moving all my users to 
> > Linux, what do I use for central authentication?", the answer to which 
> > is, I believe, PAM.
> >
> > I'm going to guess you have some number of Windows workstations out 
> > there, no Linux, and are trying to avoid having to implement a windows 
> > server by implementing a Linux equivalent. Knowing your situation, 
> > especially the presence or lack of Exchange, and what functionality 
> > your Windows workstations are currently getting and you would like to 
> > add to, would let the list give you better answers.
> >
> > There's a drinking from a fire hose level of information out there on 
> > Windows / Linux interaction. So I can appreciate why you ask the list 
> > so you can winnow down the material you have to chew through.
> >
> > _______________________________________________
> > kwlug-disc_kwlug.org mailing list
> > kwlug-disc_kwlug.org at kwlug.org
> > http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20091125/11a4cee0/attachment-0001.bin>


More information about the kwlug-disc_kwlug.org mailing list