Linux domain controller?

    Good afternoon.
    I would like to share with you one interesting experience of mine - Domain Controller on Linux. In this article, I will most likely write a small mini-overview of the systems with which I tried to implement an alternative to ActiveDirectory.

    A bit of history:
    Written by me in January 2009: In general, I am far from a pro in * nix systems, but still I am actively interested in and studying them. In the company where I work, about 3-4 of my servers are based on Debian and FreeBSD. Which perform various tasks to ensure the basic business processes of the company.
    Regarding the linux domain, I heard a lot of rebuke and praise. And more than a year ago I wondered about raising a domain on Linux. Firstly, it’s just interesting, and secondly, it’s absolutely free, which is what the company where I worked required. For a year I went through a bunch of options, a bunch of assemblies. Picked up manually ... ldap + samba + krb on BSD and Linux systems. But it seemed to me that all this was not right. Either insanely inconvenient to manage, or a bunch of superfluous. There was a lot of extra in the finished distributions (ala-domain in one minute.). It was scary to introduce them into my small and large company (More than 80-100 workstations in the office alone). Firstly, it is not known what and how the developers did with the distribution, and secondly, electronic support in a foreign language))) But I don’t want to rake the consequences myself.

    Below I will write a mini review of some ready-made options for raising the domain. And at the very bottom read my results and conclusions regarding all this experience. Please note that my own conclusions and do not call anyone to anything ... just decided.

    1.Mandriva Directory Server.

    Perhaps the most successful option of all that is available. Nothing superfluous (the fact that superfluous can be safely turned off). Mandriva Directory Server is not a stupid build or a ready-made distribution that can be deployed in 5 minutes. MDS is perhaps the only option that combines the manual work of a system administrator to build and configure the main components of the domain + ready-made solutions from Mandriva to manage all the basic services of the domain controller. By the way, these solutions must also be set and configured manually.

    Management is done through a convenient Web interface.

    Mandriva Directory Server can manage the following services:

    1.Extended Postfix mail server, with support for Imap and POP3 server (Dovecot), with virus scanning and mail filtering (Amavis, Spamassassin, ClamAV), SMTP server, with support for quotas, SSL and TSL. (you can not install)
    2. The domain controller itself (Ldap + samba)
    3. Corporate cache proxy server (SQUID). (You can not install)
    4.DNS server (Bind).
    5.CUPS print server
    6. Management of shared network resources.
    7. DHCP
    service 8. Roaming profiles

    * Plus, MDS does not limit you in server services. You can also equip a server for example with an NFS server, antivirus protection, etc.

    There is also a system of plugins ... which are written at the level of PHP and Phyton (there is off documentation).
    Actually, this option came up to me.

    Website project:
    My MDS configuration project:


    Quite an interesting solution ... created by Sergey Butakov, (the city of the Forest Sverdlovsk region. Written on the website)

    Distributed as a ready-made GNU / Linux based distribution (which one is not clear).
    This is a specialized distribution, tailored only for the needs of the server. Regarding whether you can bet on it, whether it be or not ... I can’t say anything.

    Management is done at the console level and there is also a convenient web interface.

    Key Features
    Centralized User Credential Management
    Dynamic Host Configuration Server (DHCP)
    Primary Samba domain controller (compatible with MS Windows NT4 PDC) with support for roaming user profiles and home directories
    File server (SMB / CIFS protocol)

    Project site:

    3.ClarkConnect Server

    Not much clear project. Distributed as a ready-made distribution based on CentOS ... into which everything is crammed.

    “ClarkConnect is a powerful server software solution designed for small and medium-sized organizations. Nevertheless, ClarkConnect comes with an exclusive list of features and integrated services, a solution that can be easily configured through a convenient web-based interface. ”(C)

    I did not like it because there is a lot of superfluous in it. I would not want to share the domain controller and the Internet gateway on the server.

    ClarkConnect is an integrated antivirus that checks everything for viruses ... mail traffic and balls. It is also a backup server, Internet server, ldap server, samba, VPN, Mysql, Mail, FTP, etc.

    Community Edition version available. And for those who want support, they can purchase the Enterprise version.

    There is also an unofficial Russian site with support.

    Project site:
    Unofficial Russian support: 4.

    Fedora Directory Server (aka 389 Directory Server)

    An excellent project. Periodically updated and with great potential. Unfortunately, it was not possible to study it in detail.

    Actually Mandriva Directory Server is based on Fedora Directory Server. Only FDS is a bit more global.
    There is support for synchronization with the Active Directory domain (based on 2000/2003 win), and management is done through the java console. There are also some interesting Pribluda.

    Website project:


    Using one of these solutions you get an NT4 level domain. Tobish Samba3 + Ldap. This standard is lower than the domain based on Windows 2003 \ 2008.
    In my opinion, these solutions are suitable for companies in which the fleet of cars does not exceed 80. The
    advantages of this solution are that it is free and it is also possible to integrate WITHOUT PROBLEMS * nix machines at the ldap level, which will create a kind of heterogeneous local network.

    Windows machines behave like a fish in water in a Linux domain. Everything works fine, profiles are saved ... network drives are connected and there is even the possibility to partially implement GROUP POLICIES (, but only at the NT4 domain level.

    The global GPOs that are in Windows 2003 \ 2008 cannot be implemented. This is basically the main reason that makes it difficult to use this domain in organizations with 100+ fleets.

    And what is the result?

    I settled on the Mandriva Directory Server based on Debian Lenny. That's just, I introduced it to another organization.
    In any case, the experience that you get in the process of building a domain is very useful.

    Also popular now: