Alternatives for Microsoft server products: Active Directory & Domain Controller
-
@scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.
I don't deny that, to clarify, I was referring to GPOs not being served by Linux, but rather the other way around, Linux obeying them, or even knowing what they are, e.g. the GPO to hide cmd from the start menu won't hide the xterm icon. That seems obvious, I'm just saying it'd be great to have that sort of full coverage, perhaps at least a fork of KDE or something which implemented this.
-
@tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.
I don't deny that, to clarify, I was referring to GPOs not being served by Linux, but rather the other way around, Linux obeying them, or even knowing what they are, e.g. the GPO to hide cmd from the start menu won't hide the xterm icon.
Is that expected? I think I missed part of the conversation.
-
@coliver said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@tonyshowoff said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
GPOs are handled completely through SMB shares, not Active Directory itself. So Linux has handled GPOs since the beginning. It was only the AD functionality that had to come recently. Even in the Windows 2000 you could use Linux for the GPO handling.
I don't deny that, to clarify, I was referring to GPOs not being served by Linux, but rather the other way around, Linux obeying them, or even knowing what they are, e.g. the GPO to hide cmd from the start menu won't hide the xterm icon.
Is that expected? I think I missed part of the conversation.
Not exactly, but I thought maybe it was unclear since SAM responded about serving GPO which perhaps what I wrote earlier may seem like I was suggesting there was no GPO capabilities anywhere. I had edited my post to reflect this too.
-
@thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
Samba is quite capable of running AD, but what about management options or multi-site environments?
What is the issue with management (the Windows tools should work with it) and what happens with multi-site?
Sorry, didn't see your question because of the formatting. FTFY.
Like I said, the whole topic is just about discussing valid alternatives for the typical SMB / EDU environment. I was aware that Samba 4 got full DC capabilities, at least when it comes to authentication. I did not know about its GPO support and other things like replication between "DC"s or the possibility to use Microsoft's RSAT tools for management.
@coliver (and you) mentioned one can use RSAT for management. That's good and would mean that the Samba4-team is trying hard to get to a high level of compatibility. How to say... looks like a perfect replacement for a real DC.
Back to your question, multi-site (and/or subdomain) is a quite important feature in case you got a branch office, for example.
I've run many branch offices with no local DC. AD authentication is extremely light traffic wise. installing software via GPO could give you problems, or needing a local server for file access might be needed, but and AD in most branch offices isn't. Unless your branch is like 100+ people.
-
@Dashrender said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@scottalanmiller said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
@thwr said in Alternatives for Microsoft server products: Active Directory & Domain Controller:
Samba is quite capable of running AD, but what about management options or multi-site environments?
What is the issue with management (the Windows tools should work with it) and what happens with multi-site?
Sorry, didn't see your question because of the formatting. FTFY.
Like I said, the whole topic is just about discussing valid alternatives for the typical SMB / EDU environment. I was aware that Samba 4 got full DC capabilities, at least when it comes to authentication. I did not know about its GPO support and other things like replication between "DC"s or the possibility to use Microsoft's RSAT tools for management.
@coliver (and you) mentioned one can use RSAT for management. That's good and would mean that the Samba4-team is trying hard to get to a high level of compatibility. How to say... looks like a perfect replacement for a real DC.
Back to your question, multi-site (and/or subdomain) is a quite important feature in case you got a branch office, for example.
I've run many branch offices with no local DC. AD authentication is extremely light traffic wise. installing software via GPO could give you problems, or needing a local server for file access might be needed, but and AD in most branch offices isn't. Unless your branch is like 100+ people.
you can put Linux fileservers in branch offices to handle the load locally.
