enterprise-ubuntu team mailing list archive

[Bolesław Tokarski <boleslaw.tokarski@xxxxxxxxx>]

Hello,

On 02/13/2013 11:39 AM, Attila Sukosd wrote:
> Ye, I was about to ask if anyone has looked into Samba 4 or 389 
> Directory Server, as a free, open source replacement to AD.

I tried CentOS/RedHat Directory Server (basically 389, a little older, 
though) and I did not like it. The part I was most interested in, namely 
account synchronization between AD and the directory server, was not 
working for me so I gave up on it. Perhaps I was supposed to install the 
password sync tool on the Windows DC side but I have no power over the 
DCs and it did not state in the docs that this is required to work.

However, FreeIPA project, which RedHat invests in as its alternative to 
AD bases on 389, so I guess going with it is a good bet.

Also I saw a number of solutions that integrated OpenLDAP, MIT Kerberos 
and some web-based tools for an Active Directory replacement (i.e. Zivios).

All of those solutions would be well applicable to a Linux only 
environment. However, I do not believe that the native Windows client 
would be able to connect to such a "domain". You would need to use some 
additional Kerberos service. I would love to hear from somebody using 
Windows clients in a non-AD Kerberos environment.

The only non-Microsoft tool at this time that serves as AD to Windows 
clients is Samba4. I will eventually need to test it, it already has a 
final release. Samba4 is supposed to work with Microsoft tools (like the 
Group Policy Editor and AD Users and Computers) and it seems to me naive 
to think Microsoft allows to use that without paying a dime for a domain 
controller.

Cheers,
Ballock