[kwlug-disc] Linux replacement for Windows Domain Server
ldpaniak at fourpisolutions.com
Wed Nov 25 07:49:13 EST 2009
Samba 3.x can act as a Windows 2000 primary domain controller. And it
does a pretty good job of it, from what I have seen. With that you get
domain credentials and permissions which are centrally managed. You can
use OpenLDAP for a password backend, but it is not necessary. For a
small office, the default tdbsam seems to be sufficient.
If Samba 4 can act as an Active Directory (2003) controller, that would
be a major step forward(?).
On Wed, 2009-11-25 at 01:32 -0500, Bob Jonkman wrote:
> It's like you read my mind.
> There's already one Linux server in the office, doing Web and mail (so
> no Exchange). Some Windows workstations running XP, a couple with
> Vista. Some with shared printers attached. No central file server,
> people are either e-mailing each other files or using sneakernet (and
> that's fine with them).
> The problem I'm trying to solve is authentication/authorization to use
> the shared printers, without using shared passwords, and without needing
> to whack-a-mole every workstation when someone forgets or changes a
> I'm hoping to make the Linux server do the authentication in a
> Windows-like way. For each workstation I can change the login from
> Workgroup to Domain, then perform user and printer administration from
> the server.
> I'm also considering network printer ports for the printers, but those
> need Domain authentication too.
> unsolicited wrote:
> > Bob Jonkman wrote, On 11/24/2009 10:50 PM:
> >> What would be the Linux replacement for a Windows Domain Controller?
> >> Is there a Debian package for this?
> > Sorry, Bob, your question is too vague.
> > What part of a Windows Domain Controller are you looking to replace?
> > (And, in this thread, I'd wait for John to chip in before considering
> > anything authoritative.)
> > Apologies if stuff below is too basic or already well known to you -
> > don't mean to insult your keen technical intellect here. (-:
> > Active Directory is an MS proprietary form of LDAP. So, in one sense,
> > the answer to your question is OpenLDAP.
> > Another take on your question, as answered elsewhere in this thread,
> > is file sharing. In which case an answer might be Samba. Samba will do
> > printer sharing too. But printer sharing begs the question, why not
> > leave the printers on windows with the ability to use native windows
> > print drivers, and share the printers from there.
> > - for that matter, if you have less than 10 XP or better workstations,
> > you don't need an MS server at all. You could share each attach point
> > directly. (XP has a limit of 10 connections for shared things.)
> > The single most important detail to communicate is: Are you using MS
> > Exchange? If Exchange is not in the picture at all, you're gold.
> > Solutions are out there. If Exchange is in the picture but you have no
> > other use for Active Directory, there's quite a bit of info. out there
> > about Linux / Exchange interaction and cooperation. (Again, John could
> > give you some direction and magic search terms.)
> > Another take on your question could be "I'm moving all my users to
> > Linux, what do I use for central authentication?", the answer to which
> > is, I believe, PAM.
> > I'm going to guess you have some number of Windows workstations out
> > there, no Linux, and are trying to avoid having to implement a windows
> > server by implementing a Linux equivalent. Knowing your situation,
> > especially the presence or lack of Exchange, and what functionality
> > your Windows workstations are currently getting and you would like to
> > add to, would let the list give you better answers.
> > There's a drinking from a fire hose level of information out there on
> > Windows / Linux interaction. So I can appreciate why you ask the list
> > so you can winnow down the material you have to chew through.
> > _______________________________________________
> > kwlug-disc_kwlug.org mailing list
> > kwlug-disc_kwlug.org at kwlug.org
> > http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the kwlug-disc_kwlug.org