Samba 4 review: No substitute for Active Directory -- yet

Samba's open source alternative to Microsoft's domain controller is a good start, but not ready for prime time

One of the other big uses for Active Directory is in the area of GPO (group policy objects) and permissions. Samba 4.0 fully supports GPO settings for both computers and users. Group policy is especially useful for such capabilities as blocking access to Control Panel on a Windows machine so that normal users can't alter settings or install software. When you create a group policy, it is tied to a specific OU (organizational unit). Once set it applies to all computers or users in that OU.

The Microsoft Group Policy Management Editor provides the means to create or edit a group policy that will be attached to a specific domain. Figure 2 shows the GP Demo policy for the domain and the default rules. You can restrict specific pieces of Control Panel such as the Add or Remove Programs feature, or choose to prohibit access to the Control Panel altogether.

Figure 2: Viewing the GP Demo group policy through the Microsoft Group Policy Management Editor.

Another management option is Webmin. This freely available tool installs on the system running the Samba 4 server and provides a Web-based interface to manage a wide range of internal server settings (add administrators and users, create new file shares, share printers, allow and deny hosts) and software. I was able to get it running on the Samba 4 appliance with just a few minor tweaks to the configuration settings. Figure 3 shows the Webmin Samba module, which includes an icon labeled SWAT (Samba Web Administration Tool). This is the native Samba management tool (see Figure 4), which handles all of the traditional Samba user administration and server settings.

In short, Samba does not yet offer GUI tools for managing the Domain Controller or GPO settings from Unix or Linux, but there are Python-based hooks into the internals of Samba 4 that should make these easy to build.

Figure 3: The Webmin GUI on Samba (above) and Figure 4: The native Samba Web Admin Tool (below).
