Active Directory on Linux
 

All,

Im intersting on Running a Active Directory Server on Fedora Core 3/4.
Im sure that there is some software that does this but just cant recollect the name.

Any clue'es any one.

PS i dont want to authenticate a linux client using Windows AD server i want the AD server to be on the linux machine itself.

You can't serve a true active directory on a linux server.
But you can come close using LDAP and SAMBA

Im sure there is one which is really good.

One of the IBM guys had it running on a conference i had been to. He was running it on SUSE

Active Directory is a propriertory microsoft technology which certainly wont run on Linux (unless your a highly skilled WINE guru with a huge amount of time on your hands & scant regard of copyright law).

Samba can function as a domain controller, providing native authentication services for a windows client but it's feature set is more akin to NT4 than AD - there's a lot missing compared to AD: group policy & the whole forest/domain thing, to name a couple off the top of my head, but there's a lot more.

If it wasn't Samba and the IBM guy was demonstrating some fancy management features, etc, then if may have been some novell software he was showing you: I know v. little about it, but my understanding is that it can authenticate windows clients and has some pretty nifty management functions to boot: probably more akin to AD than Samba. It aint free though and migrating your network to novell would be no trivial undertaking.

-ross

quiffhanger is right. Here is some more information. The current release version of Samba is 3. The Samba project is trying to get (some) AD support into Samba 4. The Samba documentation is located here.

http://samba.org/samba/docs/man/Samba-HOWTO-Collection/

Samba can act as a LanManager (NT4) domain controller if all of the other domain controllers are also Samba. Samba cannot act as a domain controller if any genuine Microsoft domain controllers exist.

In all other respects Samba emulates LanManager (NT4) networking. It provides the System Message Block (SMB) file sharing protocol. This protocol was invented by IBM; it is not a Microsoft product. SMB is much more robust than NFS. IMO you would do well to use Samba SMB protocol for file shares even in a pure Unix/Linux environment.

The last thing about Samba is that it not only allows you to set permissions on shares, like in LanManager, but you can also add Unix file permissions on the files in the shares. That is also true of Windows, but some people are impressed when you mention it. :)

Have you looked at OpenLDAP?

This was a very helpful thread, so thanks to all who have posted so far. I am looking to replace a Windows 2000 Active Directory server with a Linux solution. The clients that will need authentication include Windows XP and Mac OSX (nothing older than that). I also running a few servers based on Fedora Core 4.

From what I gather Samba 3 sounds like a way to go, maybe the way. Is Samba all I need or do I also need LDAP? I read somewhere that OpenLDAP does not authenticate Windows XP users. I don't know if this is true or not.

I also have found an LDAP server called Fedora Directory Server which caught my eye because my servers are using Fedora. I basically am looking for some confirmation on my logic (or correction) and a few links on where I should go from here.

I am down to just two Microsoft servers at this point, one for VPN and this one for user authentication. I'm getting close!

Thanks in advance.

There is no one stop solution to replacing AD with Linux, however, I have read many articles which use DHCP, DNS, LDAP, and Samba which emulates most of the AD features. Don't quote me on this, but I believe the policies, etc can be done with LDAP, the filesharing is with Samba, and the DHCP and DNS work like the forests.

Thanks scheidel21, My further research has indicated that going Samba 3-only is not what I am looking for. I need to include LDAP in the mix. I am not too interested in setting up the forests at the moment but running DNS and DHCP on the same machine seems logical for other reasons.

You mentioned that you have read some articles on setting this up. Would you please recommend one?

Thanks again!

For those who don't mind paying.... there IS Novell's eDirectory and Zenworks which is a VERY nice (IE. far superior) replacement for AD. And it all can run on SuSE (and to some extent Redhat).

Group policies, fileshares, DHCP/DNS, remote workstation control, single sign-on plus ALOT more..... there's also Groupwise for mail, clients and server for linux.

FYI

I have been playing with eDirectory on my home network. It is Very Nice. You can Down load a trial version of the Novell OES on novells website it includes eDirectory. Give it a try if you like Purchase the full version, Ithink it will be well worth the money

While the advantages of eDirectory over AD are vast, one point to mention is that you can run eDirectory on Linux,Netware,AIX,Solaris, and even Windows. AND you are NOT required to use a PC running Windows to take advantage of eDirectory (although you can).

I appreciate the alternative suggestion. My setup is required to scale from 20 users up to about 40. So I think I'm going to stick with an OSS solution for now.

Does anyone have any suggestions on where I can go to read a comprehensive tutorial for setting up a LDAP/Samba server?

http://www.samba.org/samba/docs/man/Samba3-ByExample/
Take a look at this link it might help.

Thanks ziox, I'll check that out. I haven't spent much time looking into this since my last post, but its something that I can only put off for so long.

eDirectory + ZenWorks 7 > Active Disaster.