[Samba] Managing Samba Active directory.

Luke Bigum luke.bigum at lmax.com
Tue May 5 06:14:26 MDT 2015

Hi James,

We use Samba 4.2 DCs and have Linux talking to the DC fine. This is using Kerberos via SSSD on CentOS 6 and various Fedoras - Password expiry works, nested Groups work, Sudo rules and Netgroups can be placed inside the AD tree as well.

A combination of the samba-tool command and pdbedit can achieve most things, however you will still need the Windows Management tools to interact with the Windows side of things, for example Group Policy Management. The ADUC tools are also very useful for visualising your LDAP tree and moving things around. Our internal documentation also says you need to use the ADUC tools to add UNIX Attributes to a Security Group. There might be a way to do it on the command line but none of us have seemed to have bothered to figure it out :-)

I would recommend a single Windows Server (2012) with the ADUC tools installed for management (you could probably get by with Win8.1 but Server is less "graphical"). The server just needs to be joined to your domain, it doesn't need to be DC as well. Then just install the "AD Management Tools" role and you should be set.

I do not recommend other Linux based LDAP management tools, eg: LAM (https://www.ldap-account-manager.org/lamcms/). Our staff are under strict instructions only to use LAM for Netgroup management. You can create users and groups in LAM that badly break things on the AD side, like not creating the correct password expiry attributes.


----- Original Message -----
From: "A. James Lewis" <james at fsck.co.uk>
To: samba at lists.samba.org
Sent: Tuesday, 5 May, 2015 12:32:34 PM
Subject: [Samba] Managing Samba Active directory.


I've never been a Windows user, but I'm curious to see how the AD 
integration works in Linux, since it looks like we may need to have one 
or two Windows desktops and I don't realy want to start setting up 
Windows infrastructure.  If I can have Samba as a domain controller that 
makes things a lot simpler.

I have one question tho, the documentation suggests using the Microsoft 
tools to administer the domain... is there any equivalent on Linux for 
doing this?  I'd hate to have to install a Windows machine simply to 
administer a Samba domain controller that was set up to avoid having to 
install Windows infrastructure.

If Windows is required, what's the minimum installation/setup to 
correctly administer a Samba domain, I guess I could run something in 
Virtualbox to achieve this.

A. James Lewis (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

LMAX Exchange, Yellow Building, 1A Nicholas Road, London W11 4AN

#1 Fastest Growing Tech Company in UK - Sunday Times Tech Track 100 (2014)

2015 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2014 Best FX Trading Venue - ECN/MTF - WSL Institutional Trading Awards
2014 Best Infrastructure/Technology Initiative - WSL Institutional Trading Awards
2013 #15 Fastest Growing Tech Company in UK - Sunday Times Tech Track 100
2013 Best Overall Testing Project - The European Software Testing Awards
2013 Best Margin Sector Platform - Profit & Loss Readers' Choice Awards
2013 Best FX Trading Platform - ECN/MTF - WSL Institutional Trading Awards
2013 Best Executing Venue - Forex Magnates Awards
2011 Best Trading System - Financial Sector Technology Awards
2011 Innovative Programming Framework - Oracle Duke's Choice Awards

FX and CFDs are leveraged products that can result in
losses exceeding your deposit. They are not suitable
for everyone so please ensure you fully understand
the risks involved.

This message and its attachments are confidential,
may not be disclosed or used by any person other
than the addressee and are intended only for the
named recipient(s). This message is not intended for
any recipient(s) who based on their nationality,
place of business, domicile or for any other
reason, is/are subject to local laws or regulations
which prohibit the provision of such products and
services. This message is subject to the terms at
however if you cannot access these, please notify
us by replying to this email and we will send you
the terms. If you are not the intended recipient,
please notify the sender immediately and delete any
copies of this message.

LMAX Exchange is the trading name of LMAX Limited. LMAX
Limited operates a multilateral trading facility. LMAX
Limited is authorised and regulated by the Financial
Conduct Authority (firm registration number 509778)
and is a company registered in England and Wales
(number 6505809).

LMAX Hong Kong Limited is a wholly-owned subsidiary
of LMAX Limited. LMAX Hong Kong is licensed by the
Securities and Futures Commission in Hong Kong to
conduct Type 3 (leveraged foreign exchange trading)
regulated activity with CE Number BDV088.

More information about the samba mailing list