Have you ever been annoyed by all the Account information you need to remember?
Well i have been, so it was time that i started doing something to ease the burden at least in my home network. Originally i wanted to build something with openldap, but if i was going to do something ldap based, i could build an Active directory just as well.
Samba 4 is still in Beta, but it is pretty stable as a Domain Controller. There are still a few problems with it, and i would not use it in a production environment yet, but for my home network the problems are no deal breaker. The two most notable problem areas are Inter Domain Trusts and Sub Domains, you should be OK if you don’t need them.
A colleague of mine tested Samba4 not too long ago, that is why i know two issues i had to watch out for while deploying Samba4 in an OpenVZ Container:
1. Samba4 requires acl extensions enabled on the file system it is on. If you deploy Samba in a OpenVZ container, the file systems on the Host need to have acl extensions enabled.
Thats no big deal, simply edit /etc/fstab from something like this:
UUID=deviceID /vzstorage ext3 noatime 0 1
UUID=deviceID /vzstorage ext3 noatime,acl 0 1
2.Samba has problems with the Venet network adapter of openVZ. I didn’t actually try to confirm this one, i just used the bridged Adapter my KVM machines usually use.
After creating a new Debian Container i upgraded it to wheezy and installed samba4-beta2 out of the Debian repository. The Provision of the domain was simple enough but i could not get it to work correctly. After a lot of looking through logs and trying stuff i finally googled it and it turns out, that the samba4 package in Debian is currently broken (I believe this has been fixed by now, but i did not test it since june.
Since i preferred to stay with Debian, i was looking if there was a fix. Before too long i got the Tip, to have a look at SerNet.
They offer a Samba4 Domain Controller Appliance(based on Debian Squeeze), but they also offer Debian packages of the appliance to install on other Debian Machines.
I downloaded and installed the Packages.
The install had a few since i did not have the dependencies installed. I ran
apt-get install -f to fix the installation. The SerNet appliance installs a small desktop environment. They have a dcpromo tool on the Desktop of the user sernet. In order to connect to the desktop environment from my Windows machine i installed xrdp as well.
The provision of the Domain controller was extremely easy. It is a wizard, that asks you a few simple questions and generates your domain from the answers. It is very similar to the provisioning of samba on the command line.
SerNet uses the Samba internal DNS. Its a small simple DNS Server, that can be managed with the DNS mmc Snap-In on your Windows machines. There is a small problem with it though: it does not create or update the reverse DNS zone automatically. I simply added the Reverse DNS zone manually, and entered all my servers there as well. Since it does not update the addresses automatically, i did not bother to do reverse DNS for my clients.
After installing and provisioning SerNet you have a functional Active Directory. But I still needed a convenient way to manage it. As i mentioned earlier the Samba DNS server can be managed with the Microsoft mmc Snap-In. The same goes for the AD itself, it can be managed with the MMC Snap-Ins from Microsoft. They don’t ship with the Windows client systems, but they can be added by installing the Windows Remote Admin Tools:
After installing the Admin tools on one of my Virtual Windows Machine, I had an Active Directory, that could be managed with the tools i use every day at work. This Active Directory can serve as authentication backend of many different services and is the first step to a unified login for my Home Network.