[kwlug-disc] Linux replacement for Windows Domain Server

john at netdirect.ca john at netdirect.ca
Wed Nov 25 16:29:34 EST 2009 

kwlug-disc-bounces at kwlug.org wrote on 11/25/2009 07:49:13 AM:
> From: Lori Paniak <ldpaniak at fourpisolutions.com>
> Samba 3.x can act as a Windows 2000 primary domain controller.  And it
> does a pretty good job of it, from what I have seen.  With that you get
> domain credentials and permissions which are centrally managed. You can
> use OpenLDAP for a password backend, but it is not necessary.  For a
> small office, the default tdbsam seems to be sufficient.

Lori is absolutely correct here. Samba has been doing NT4 style domain 
controlling for over a decade and Net Direct has been putting these in 
customer networks for about as long.

That means you your windows PCs can join the domain and authenticate in 
domain mode with logon scripts. Group membership works, but there is 
limitations regarding groups of groups. And you can synchronize Samba 
passwords with system passwords.

What you don't get is any Active Directory-based functionality Policies 
are out and anything needed AD will have to wait for Samba 4.

Older Windows (9x, NT4) didn't have a problem. Microsoft changed things 
with every release so there are registry edits that need to be made for 
clients before they connect. These are distributed with Samba as .reg 
files.

The tough problems that you need to look out for are:

1. It order for a PC to join the domain and logon the NETLOGON share needs 
to be publicly accessible. Make sure the "guest user" config in Samba is 
an actual user and the netlogon shared directory has read permissions for 
this user.

2. Alter the registry and reboot the client before joining.

3. Your new domain name should not have the same name as the existing 
workgroup. in other words when joining a domain the PC should belong to a 
workgroup of a different name than the domain. Reboot after any change to 
workgroup or domain.

4. If a join fails change the PC name, workgroup reboot and try again. 
It's stupid but it can help.



John Van Ostrand
Net Direct Inc.
 
CTO, co-CEO
564 Weber St. N. Unit 12
map
 
Waterloo, ON N2L 5C6
 
john at netdirect.ca
Ph: 866-883-1172
ext.5102
Linux Solutions / IBM Hardware
Fx: 519-883-8533

More information about the kwlug-disc mailing list