The domain controller on Linux in the field of IT solutions has long moved from exotic to the category of trivial deployment options for inexpensive and flexible enough, and most importantly, a free alternative for Microsoft Active Directory. Of course, it will not replace the product of this American corporation by 100%, but if you need basic functionality and basic capabilities, then Linux will do it quite well.
In this article I would like to share information on the topic and talk about two distributions, the main "trick" of which is the installation of a PDC (Primary Domain Controller) domain controller, which will be ready to work after deploying the operating system and a little configuration.
Skeptics will smile. Why such difficulties if you can install Win2K3 and not fool yourself by setting up a domain controller on a Linux system?
Firstly, the price - if in the case of the Microsoft solution you need a thousand, or maybe not one, dollars, then free software is not worth a penny.
Secondly, legality. Now that the article on computer piracy has appeared in the Criminal Code, all those who steal software in the old way have a real opportunity to get acquainted with the operatives and prosecutors. I doubt that the employees of the IT departments of any company are attracted by this prospect.
So, after going through several popular options, in which, as a rule, the Samba package is used as the PDC control element, the domain controller, and it works very stably, I managed to collect. We turn directly to those distributions that I have tested and recognized as the most convenient.
Mandriva Directory Server is one of the most successful examples in my opinion of how to make a domain controller on Linux. There are no unnecessary elements in it, and the fact that for some reason you did not need is easily turned off. MDS is not a regular “get ready PDC in a minute” assembly; you need to customize it to your needs. The system administrator himself determines what will come in handy in his work, and what can be removed. Well, the management of all services Mandriva takes over. By the way, the control elements also need to be independently installed and configured.
Managing the MDS server is easy and convenient, as there is a web interface.
If you have a need for any plug-ins, PHP and Python are at your service, after reading the official documentation, you will implement everything you need without any problems. As a matter of fact, it was with this that I liked him.
The second option is called Fedora Directory Server, also known as 389 Directory Server. This Linux domain controller can be described briefly - an excellent implementation with great potential. When building the Mandriva Directory Server distribution, Fedora Directory Server was taken as the basis, but FDS is a much more serious product than MDS. It provides synchronization with the AD domain under the control of Win2K and Win2K3, you can manage all components through the java console, and there are also many useful additions.
What conclusions can be drawn from the foregoing?
If you are comfortable with a domain operating at the NT4 level, and your computer park does not exceed eight dozen computers - these solutions are right for you.
As practice has shown, PCs running Windows feel great in the Linux domain. Profiles work as they should, network drives are connected normally, there is even the ability to determine, although not to the extent that occurs in Win2K3, group policies. Still, global GPs cannot be implemented on Linux. For this reason, for a large fleet of PCs, with the number of PCs above 100, these options are inconvenient.
As a result, I chose the Mandriva Directory Server, which still works in my company, PDC running Linux-based systems correctly processes the requests of fifty PCs and, if necessary, would cope with even more computers.
Well, the experience that I gained in the process of its implementation and configuration, I consider simply invaluable.