Linux distro for replacing Windows Server

[ZippyDan]

Something that can do everything a domain controller would: ldap, Active Directory, Group Policy, etc.

Basically I want a Linux server to manage a network of Windows-based workstations.

I've seen a few options while googling, but I'm looking for some more personal recommendations backed by specific experiences.

 

[smakme7757]

Samba 3 can work as your domain controller and it integrates nicely with LDAP, Samba 4 even more so. I've had a play with it as a small project at uni and it worked out fine. Samba 4 is actually really neat, but I'd imagine the cost of server 2012 standard or 2008r2 would end up saving hours of setup time and headache.

But it is entirely possible, just not the smoothest solution unless you really know your Linux packages. If you are well versed in LDAP and Samba then I guess it might be worth the effort and would save you on licencing costs.

It would be a fun project anyhow .

Unfortunately I haven't had the chance to try it on such a large scale, all I can say is that it is possible!

 

[jae]

I've actually been wondering myself if I samba take care of all these things. I haven't used linux in a professional environment yet, so I haven't done match with samba besides [shares].

 

[hasu]

http://www.zentyal.org/
Zentyal seems to have a nicer web interface to manage all server tools. I felt the interface to be a bit slow.

 

[ZippyDan]

http://www.zentyal.org/
Zentyal seems to have a nicer web interface to manage all server tools. I felt the interface to be a bit slow.

zentyal is my first choice so far of the options i have run across while googline

another possibility i found was here http://www.turnkeylinux.org/domain-controller

 

[Savatar]

As soon as you said Active Directory... ugh, Linux traditionally doesn't have great Active Directory implementation/support. I agree with smakme7757, while it might be doable, it is probably going to be a pain. I'd be very hesitant about replacing AD in any large environment with a Linux implementation because of that, especially if you're doing anything involved with cross-forest trusts and so on... though it might be neat to try out hasu or ZippyDan's suggestion in a home or smaller work environment. There is a _lot_ to test, I'd be afraid that eventually you'd encounter a scenario for some action that isn't implemented or doesn't work right, though.

 

[Scarpozzi]

As soon as you said Active Directory... ugh, Linux traditionally doesn't have great Active Directory implementation/support. I agree with smakme7757, while it might be doable, it is probably going to be a pain. I'd be very hesitant about replacing AD in any large environment with a Linux implementation because of that, especially if you're doing anything involved with cross-forest trusts and so on... though it might be neat to try out hasu or ZippyDan's suggestion in a home or smaller work environment. There is a _lot_ to test, I'd be afraid that eventually you'd encounter a scenario for some action that isn't implemented or doesn't work right, though.

Yeah....directory services and domain authentication can be tricky. Microsoft is very, umm....proprietary. I've had success in the past using AD to authenticate local linux user accounts on a Linux server using winbind, etc...but never the other way around.

I guess the real question is what do you use AD for? If you're just providing ldap authentication for 3rd party apps and don't have Exchange server and don't care about workstation group policies, etc...then go for it. But what AD has to offer on the workstation support side is a way to lock systems down and provide a higher level of system security by restricting what users can do based on their domain credentials/domain group memberships.