Samba 4 review: No substitute for Active Directory -- yet

Samba's open source alternative to Microsoft's domain controller is a good start, but not ready for prime time

Page 3 of 4

One of the other big uses for Active Directory is in the area of GPO (group policy objects) and permissions. Samba 4.0 fully supports GPO settings for both computers and users. Group policy is especially useful for such capabilities as blocking access to Control Panel on a Windows machine so that normal users can't alter settings or install software. When you create a group policy, it is tied to a specific OU (organizational unit). Once set it applies to all computers or users in that OU.

The Microsoft Group Policy Management Editor provides the means to create or edit a group policy that will be attached to a specific domain. Figure 2 shows the GP Demo policy for the Linux.tstsamba.com domain and the default rules. You can restrict specific pieces of Control Panel such as the Add or Remove Programs feature, or choose to prohibit access to the Control Panel altogether.

Samba 4 review: No substitute for Active Directory -- yet
Figure 2: Viewing the GP Demo group policy through the Microsoft Group Policy Management Editor.

Another management option is Webmin. This freely available tool installs on the system running the Samba 4 server and provides a Web-based interface to manage a wide range of internal server settings (add administrators and users, create new file shares, share printers, allow and deny hosts) and software. I was able to get it running on the Samba 4 appliance with just a few minor tweaks to the configuration settings. Figure 3 shows the Webmin Samba module, which includes an icon labeled SWAT (Samba Web Administration Tool). This is the native Samba management tool (see Figure 4), which handles all of the traditional Samba user administration and server settings.

In short, Samba does not yet offer GUI tools for managing the Domain Controller or GPO settings from Unix or Linux, but there are Python-based hooks into the internals of Samba 4 that should make these easy to build.

Samba 4 review: No substitute for Active Directory -- yet
Figure 3: The Webmin GUI on Samba (above) and Figure 4: The native Samba Web Admin Tool (below).
Samba 4 review: No substitute for Active Directory -- yet
| 1 2 3 4 Page 3
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies