Domain controller on Linux?
Good day.
I would like to share with you one of my interesting experiences - Domain Controller on Linux. In this article, I will most likely write a small mini review of the systems with the help of which I tried to implement an alternative to ActiveDirectory.
A bit of history:
It was written by me in January 2009: In general, I am far from a pro in * nix systems, but still actively interested in and studying them. In the company where I work, about 3-4 of my servers are based on Debian and FreeBSD. Which perform various tasks to ensure the core business processes of the company.
Regarding the domain on linux, I heard a lot of reproaches and praises. And more than a year ago I wondered about raising a domain to Linux. Firstly it’s just interesting, and secondly it’s absolutely free, which is what the company where I worked demanded. For the year went through a bunch of options, a bunch of assemblies. Raised manually ... ldap + samba + krb on BSD and Linux systems. But it seemed to me that all this is not that. Either insanely inconvenient to manage, or a lot of excess. A bunch of excess was in the finished distributions (ala-domain in one minute.). It was scary to introduce them into my small and small company (more than 80-100 workstations in one office only). Firstly, it is not known what and how the developers did with the distribution kit, and secondly, electronic support in a foreign language))) And I don’t want to clean up the consequences myself.
')
Below I will write a mini review of some ready-made options for raising the domain. And at the very bottom read my results and conclusions regarding all this experience. Please note that the conclusions are my own and do not call anyone for anything ... just decided.
1.Mandriva Directory Server.
Perhaps the most successful option of all that is available. Nothing extra (you can safely turn off the extra). Mandriva Directory Server is not a stupid build or ready distribution that can be deployed in 5 minutes. MDS is probably the only option that combines the manual work of the system administrator in assembling and configuring the main components of the domain + ready solutions from Mandriva to manage all the main services of the domain controller. By the way, these solutions should also be set and configured manually.
Management is done through a convenient Web interface.
Mandriva Directory Server can manage the following services:
1. Advanced Postfix mail server, with Imap support and POP3 server (Dovecot), with virus scan and mail filtering (Amavis, Spamassassin, ClamAV), SMTP server, quota support, SSL and TSL. (you can not put)
2.Sam domain controller (Ldap + samba)
3. Corporate caching proxy server (SQUID). (You can not put)
4.DNS server (Bind).
5.CUPS print server
6.Manage shared network resources.
7. DHCP service
8. Relocatable Profile
* Plus, MDS does not limit you to server services. You can also equip a server for example with an NFS server, anti-virus protection, etc.
There is also a system of plug-ins ... which are written at the level of PHP and Phyton (there is off documentation).
Actually this option came up to me.
Site project: mds.mandriva.org
My MDS configuration project: linuxforum.ru/index.php?showtopic=84474
2.BSLOS
Quite an interesting solution ... created by Sergei Butakov, (the city of Lesnoy, Sverdlovsk region. Written on the site)
Distributed as a ready-made distribution based on GNU / Linux (which one is not clear).
This is a specialized distribution, sharpened only by the needs of the server. Regarding the fact that you can bet on it yet whether it be or not ... I can not say anything.
Management is performed at the console level and there is also a convenient web interface.
Main features
Centralized management of user credentials
Dynamic Network Host Configuration Server (DHCP)
Primary Samba domain controller (compatible with MS Windows NT4 PDC) with support for roaming user profiles and home directories
File server (SMB / CIFS protocol)
Site project: www.bslos.com
3.ClarkConnect Server
A bit not clear project. It is distributed as a ready-made distribution based on CentOS ... into which everything is crammed.
“ClarkConnect is a powerful server software solution designed for small and medium organizations. Nevertheless, ClarkConnect comes with an exclusive list of functions and integrated services, a solution that is easily configured through a convenient web-interface. "(C)
I did not like it because there is a lot of superfluous in it. I would not like to share a domain controller and an Internet gateway on the server.
ClarkConnect is an integrated antivirus that checks for viruses all ... mail traffic and spheres. It is also a backup server, internet server, ldap server, samba, VPN, Mysql, Mail, FTP, etc.
There is a Community Edition version. And for those who want support, they can purchase the Enterprise version.
There is also an unofficial Russian site with support.
Site project: www.clarkconnect.com
Unofficial Russian support: www.clarkconnect.ru
4.Fedora Directory Server (also known as 389 Directory Server)
Great project. Periodically updated and having great potential. Unfortunately it was not possible to study it in detail.
Mandriva Directory Server itself is based on the Fedora Directory Server. Only FDS is a bit more global.
Here and support synchronization with the Active Directory domain (based on 2000/2003 win), and management is performed via the java console. There are also some interesting stray.
Site project: directory.fedoraproject.org
Findings:
Using one of these solutions you get a domain level NT4. Tobish Samba3 + Ldap. This standard is lower than the domain based on Windows 2003 \ 2008.
In my opinion, these solutions are suitable for companies in which the fleet does not exceed 80.
The advantages of this solution are that it is free and it is also possible to integrate WITHOUT PROBLEMS * nix machines at the ldap level, which will allow you to create a kind of heterogeneous local network.
Windows machines in a Linux domain behave like a fish in water. Everything works fine, the profile is saved ... network drives are connected and there is even an opportunity to implement partly GROUP POLICIES (http://hidx.wordpress.com/2009/01/28/gpo-samba-domen/), but only at the NT4 domain level.
Global GPOs that are in Windows 2003 \ 2008 will not work. This is in principle the main reason that makes it difficult to use this domain in organizations with 100+ cars.
And what is the result?
I settled on a Debian Lenny-based Mandriva Directory Server. That's just, I introduced it to another organization.
In any case, the experience that you get in the process of building a domain is very useful.
I would like to share with you one of my interesting experiences - Domain Controller on Linux. In this article, I will most likely write a small mini review of the systems with the help of which I tried to implement an alternative to ActiveDirectory.
A bit of history:
It was written by me in January 2009: In general, I am far from a pro in * nix systems, but still actively interested in and studying them. In the company where I work, about 3-4 of my servers are based on Debian and FreeBSD. Which perform various tasks to ensure the core business processes of the company.
Regarding the domain on linux, I heard a lot of reproaches and praises. And more than a year ago I wondered about raising a domain to Linux. Firstly it’s just interesting, and secondly it’s absolutely free, which is what the company where I worked demanded. For the year went through a bunch of options, a bunch of assemblies. Raised manually ... ldap + samba + krb on BSD and Linux systems. But it seemed to me that all this is not that. Either insanely inconvenient to manage, or a lot of excess. A bunch of excess was in the finished distributions (ala-domain in one minute.). It was scary to introduce them into my small and small company (more than 80-100 workstations in one office only). Firstly, it is not known what and how the developers did with the distribution kit, and secondly, electronic support in a foreign language))) And I don’t want to clean up the consequences myself.
')
Below I will write a mini review of some ready-made options for raising the domain. And at the very bottom read my results and conclusions regarding all this experience. Please note that the conclusions are my own and do not call anyone for anything ... just decided.
1.Mandriva Directory Server.
Perhaps the most successful option of all that is available. Nothing extra (you can safely turn off the extra). Mandriva Directory Server is not a stupid build or ready distribution that can be deployed in 5 minutes. MDS is probably the only option that combines the manual work of the system administrator in assembling and configuring the main components of the domain + ready solutions from Mandriva to manage all the main services of the domain controller. By the way, these solutions should also be set and configured manually.
Management is done through a convenient Web interface.
Mandriva Directory Server can manage the following services:
1. Advanced Postfix mail server, with Imap support and POP3 server (Dovecot), with virus scan and mail filtering (Amavis, Spamassassin, ClamAV), SMTP server, quota support, SSL and TSL. (you can not put)
2.Sam domain controller (Ldap + samba)
3. Corporate caching proxy server (SQUID). (You can not put)
4.DNS server (Bind).
5.CUPS print server
6.Manage shared network resources.
7. DHCP service
8. Relocatable Profile
* Plus, MDS does not limit you to server services. You can also equip a server for example with an NFS server, anti-virus protection, etc.
There is also a system of plug-ins ... which are written at the level of PHP and Phyton (there is off documentation).
Actually this option came up to me.
Site project: mds.mandriva.org
My MDS configuration project: linuxforum.ru/index.php?showtopic=84474
2.BSLOS
Quite an interesting solution ... created by Sergei Butakov, (the city of Lesnoy, Sverdlovsk region. Written on the site)
Distributed as a ready-made distribution based on GNU / Linux (which one is not clear).
This is a specialized distribution, sharpened only by the needs of the server. Regarding the fact that you can bet on it yet whether it be or not ... I can not say anything.
Management is performed at the console level and there is also a convenient web interface.
Main features
Centralized management of user credentials
Dynamic Network Host Configuration Server (DHCP)
Primary Samba domain controller (compatible with MS Windows NT4 PDC) with support for roaming user profiles and home directories
File server (SMB / CIFS protocol)
Site project: www.bslos.com
3.ClarkConnect Server
A bit not clear project. It is distributed as a ready-made distribution based on CentOS ... into which everything is crammed.
“ClarkConnect is a powerful server software solution designed for small and medium organizations. Nevertheless, ClarkConnect comes with an exclusive list of functions and integrated services, a solution that is easily configured through a convenient web-interface. "(C)
I did not like it because there is a lot of superfluous in it. I would not like to share a domain controller and an Internet gateway on the server.
ClarkConnect is an integrated antivirus that checks for viruses all ... mail traffic and spheres. It is also a backup server, internet server, ldap server, samba, VPN, Mysql, Mail, FTP, etc.
There is a Community Edition version. And for those who want support, they can purchase the Enterprise version.
There is also an unofficial Russian site with support.
Site project: www.clarkconnect.com
Unofficial Russian support: www.clarkconnect.ru
4.Fedora Directory Server (also known as 389 Directory Server)
Great project. Periodically updated and having great potential. Unfortunately it was not possible to study it in detail.
Mandriva Directory Server itself is based on the Fedora Directory Server. Only FDS is a bit more global.
Here and support synchronization with the Active Directory domain (based on 2000/2003 win), and management is performed via the java console. There are also some interesting stray.
Site project: directory.fedoraproject.org
Findings:
Using one of these solutions you get a domain level NT4. Tobish Samba3 + Ldap. This standard is lower than the domain based on Windows 2003 \ 2008.
In my opinion, these solutions are suitable for companies in which the fleet does not exceed 80.
The advantages of this solution are that it is free and it is also possible to integrate WITHOUT PROBLEMS * nix machines at the ldap level, which will allow you to create a kind of heterogeneous local network.
Windows machines in a Linux domain behave like a fish in water. Everything works fine, the profile is saved ... network drives are connected and there is even an opportunity to implement partly GROUP POLICIES (http://hidx.wordpress.com/2009/01/28/gpo-samba-domen/), but only at the NT4 domain level.
Global GPOs that are in Windows 2003 \ 2008 will not work. This is in principle the main reason that makes it difficult to use this domain in organizations with 100+ cars.
And what is the result?
I settled on a Debian Lenny-based Mandriva Directory Server. That's just, I introduced it to another organization.
In any case, the experience that you get in the process of building a domain is very useful.
Source: https://habr.com/ru/post/60275/
All Articles