[Samba] AD DC capabilities‏

DCepelik at seznam.cz DCepelik at seznam.cz
Thu May 1 12:29:08 MDT 2014

I was hoping you could clarify the following for me.
I would like to use Samba as a AD DC, but need to know in advance which features
of a "classical" Windows DC it supports. (By Samba, I mean the latest version of
For example, I have been given advice how to setup Public Key Policies on
Server Fault (for link, see [1]). How do I tell whether this particular functionality
is supported by Samba?
As I understand it, Samba is AD compatible, meaning it can take the hierarchical
structure of a directory to build GPOs. When a Windows workstation requested
GPOs for the user, it uses it to alter registry keys, etc. - it is a change in
the workstation's configuration, "no work is being done" except for this change in
configuration. (I believe it's actully a lot of work...)
However, what is suggested in this case on Server Fault is a little bit more complex
functionality. It does not only involve change in configuration, it involves automated
transport of a file (a certificate) to a remote computer, checking current certificate's
expiry date, communicates to the CA about certificate renewal etc. It's called
Certificate Management, I think.
Is my assumption correct that with Samba, I can perform all the configurations, but
these specialized functions such as certificate deployment are features of Windows
Server, not the AD DC itself?
Furthermore, can this behaviour (automated distribution of certificate for RADIUS
server) be scripted on a Linux DC?
(This particular case is not as important as understanding which functions in general
are supported. It would be nice to know how to do it, though.)
Greetings from Prague, Czech republic

PS: If I sent this message more than once, please excuse me. I had some
trouble setting up my mailing list account.
[1] https://wiki.samba.org/index.php/Samba_AD_management_from_windows#Implementing_Group_Policies_.28GPO.29_in_A_Samba_Domain

More information about the samba mailing list