Replacing Active Directory

roachy · #1 4th June 2008, 04:05 PM

Hi, I'm a windows network admin with a bit of a big question.

How to replace the functionality of Active Directory/Exchange in a linux environment?

I'm not really concerned with AD integration. This will be a test at home with all linux boxes in the first instance. I just want to see how it could be done.

I;d really like to be able to see something that would allow for some kind of roaming profile arrangement with something similar to group policy, networked "home" folders, and mailserver integration.

I'm looking at implementing a Fedora Directory Server box, and think this will allow me to configure some of the functionality - but not sure if this will allow me to control all of the features above?

Any advice or articles anyone can point me in the direction of would be really appreciated...

Thanks in advance..

savage · #2 5th June 2008, 03:20 AM

Samba can do the roaming profiles, I have it as PDC for both Vista and XP as well as the file server.

I haven't gone as far as group policies etc. as this is a home network and just used for centralised logins, FTP access to docs etc.

As for Exchange, well over what I need here, but I did read about a few projects, have a Google

If you want more info on setting up Samba as a PDC, let me know.

roachy · #3 5th June 2008, 08:10 AM

Thanks for the quick reply

I've set up a Samba server a few times (currently my testbed consists of Ubuntu 6.04 server running Citadel for mail/calendaring, Samba for files etc) but not done the roaming profile thing - I'll give it a whirl when I rebuild with Fedora.

I was hoping to find something that would allow for as much automation as possible - I can foresee trying to migrate the organisation I'm at at the moment over to Linux in the next 2 years but in order to do this I need to put myself through a strict learning curve.....

I've kind of found an answer to one of my big issues - how to integrate Fedora DS with Postfix. This will ease one headache as a single user database takes away a lot of the admin overhead.

To be able to assign applications and a Desktop environment on the basis of a users OU is still a bit puzzling though. I suppose it's probably best to just install and iron out any issues as go

Thanks for the help

savage · #4 5th June 2008, 09:30 AM

Yeah, I've never seen anything like OUs/group policies in Linux, Linux itself doesn't seem to need them, as a user is a user and that's that.

Just skimming about, I came across this site, which are advertising an add-on for Samba that enables group policies, it is commercial software, there is a price list on the site.

Might be worth a look. I'd be interested to know how you go with getting OUs and group policies running, it is something I've been meaning to look into, but isn't that huge on my priorities at the moment.

roachy · #5 5th June 2008, 11:58 AM

Thanks for that....

I was thinking there must be something like GPO's for *nix, but now I'm not so sure.

For those not familiar with Windows Server environments, Windows Group Policy allows you to tweak loads of things for users depending on which OU in the directory they are part of.

This could be anything from available software packages, administrative functions they are allowed to perform (such as adding printers, devices), removal of menus and options right through to making their internet homepage mandatory and setting a static desktop background...

For example, I used to manage infrastructure for a call centre....when users changed teams, we could just move the user into a different OU, giving them a new desktop that was the same as the rest of the team..... it was just really easy to manage 300 users with about 30 change requests per day....