10

In a small office setup (5-6 employees) we have seven Windows XP and Windows Vista clients, as well as a couple of linux servers.

Is it possible to set up a linux machine to act as the domain controller to provide single signon and AD-like capabilities for the network?

RainyRat
  • 3,700
  • 1
  • 23
  • 29
kdmurray
  • 549
  • 2
  • 8
  • 19

7 Answers7

16

With the versions of Samba found in current versions of common distributions you can certainly have a Linux machine act as an NT-style domain controller (this has been the case for some time).

I believe that taking part in an AD based domain is being actively worked on but not yet ready for production use, though it isn't something I've looked at recently so the support may have moved on.

David Spillett
  • 22,534
  • 42
  • 66
4

Samba4 is going to be able to do that, but it's still in alpha. If you're adventurous you can play with the latest releases.

TonyUser
  • 428
  • 2
  • 4
3

My answer is going to be "why would you want to?" You're probably far better off implementing a Windows DC; it won't cost you that much, and you'll be on a supported and more predictable environment. AD isn't difficult - there's a lot in it, but it's not difficult. So long as you don't do bizarre or wacky stuff with it, it's incredibly robust and has low maintenance overhead. If you want the Linux boxes to authenticate against it, you can set it up in Mixed Mode and it will present itself as an NT4-like DC where appropriate.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
  • You make a good point. We've been looking at both options, and I'd been asked to find the most economical solution... – kdmurray Jun 25 '09 at 01:22
1

Of course you can! Just read a bit some tutorials at samba.org Samba by example is great for a start

Gustavo Berman
  • 271
  • 1
  • 4
0

If you don't mind commercial linux software, Novell's Open Enterprise Server 2 (SP1 and later) has a component called Domain Services for Windows that'll do exactly that. Cost-wise, however, it'd probably be cheaper to purchase a Windows 2003 server and create your own AD tree. But if you really want a Microsoft-free solution OES2 will do it for you.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • It wasn't an MS-free solution so much as a cost-free solution that I was looking for. I'll have a look through the SMB stuff, but you and mh may be right about just biting the bullet and using the OOB MS solution. – kdmurray Jun 25 '09 at 01:23
0

If the "AD-like capabilities" you want are basically group policies, I recommend looking into Nitrobit Group Policy, which allow to simulate this function in a samba domain.

I have running this in my network and it's a great piece of software, although not free.

Sven
  • 97,248
  • 13
  • 177
  • 225
0

Until Samba 4 arrives, you can use Likewise Open. We have had a great experience with this on Ubuntu. Another option that provides a lot of the advantages of AD is Novell's eDirectory. I have zero direct experience with it so I can't personally vouch, but it's something more than one of my sysadmin friends have raved about -- one using with Linux servers and an all-WindowsXP client base.

nedm
  • 5,610
  • 5
  • 30
  • 52