Samba 4 review: No substitute for Active Directory -- yet
Samba's open source alternative to Microsoft's domain controller is a good start, but not ready for prime time
Samba 4.0 installation and setup
There are a number of ways to get Samba 4.0 installed, depending on your system and how you want to go about testing. You can download the latest release in gzip form and install it yourself. The Samba Wiki has a complete how-to detailing the process step by step. For popular distributions such as Ubuntu, there are packages available for installing using the normal methods. From a terminal window in Ubuntu 12.10, you can simply type:
apt-get install samba4
For the purposes of this review I downloaded the Excellent Samba4 Appliance, a ready-made virtual appliance based on SLES 11 SP2 64-bit and Samba4 Stable 4.0.0. The Excellent Samba4 Appliance virtual machine is available in the OVF format; in a VMware image that will work with VMware, VirtualBox, or KVM; and in a VHD file for use with Microsoft's Hyper-V. I chose the VHD file and installed it on an HP ProLiant DL385 G7 server running Windows Server 2012.
You must run a script to initialize a number of settings (IP address, domain name, admin account name, and so on) before you can actually start the Samba Domain Controller. Once you've entered the required information, the script (dcpromo.sh) will configure the appropriate DNS settings and create default DNS records. DNS is a requirement for Active Directory and must be running to enable client machines to connect to the domain.
Configuring an Active Directory domain in Samba is straightforward, though not as easy as in Windows Server. It's a much easier process on native Windows as the pieces come with Windows Server and you don't have to download anything. Many of the configuration tasks are handled in Windows Server 2012 with wizards.
Managing the Samba Domain Controller
With your Samba Domain Controller up and running, you can use the standard Windows Active Directory administration tools to manage computers and users. The Excellent virtual appliance provides the 32-bit installer for Windows XP and Windows 7 in the
/srv/www/htdocs directory. (If your Samba distribution doesn't include them, the tools are freely available from Microsoft's website.) You can get to the files on the Excellent Samba4 Appliance by opening a Web browser and entering the IP address of the appliance. It will present a list of files that you can then right-click on and save or run.
Microsoft's administration tools come in the form of an .msu file, which will add options to the "Turn Windows features on or off" area of your Windows client machine's Control Panel. Once the installer finishes, you'll have to open Control Panel, find Programs and Features, choose "Turn Windows features on or off," then navigate to the Role Administration Tools section (see Figure 1). From there, expand the AD DS Tools section and choose the AD DS Snap-ins and Command-line Tools. Note that the Active Directory Administrative Center requires Active Directory Web Services, which Samba 4 does not support. If you want to use PowerShell, you should check Active Directory Module for Windows PowerShell as well.
Figure 1: From the Role Administration Tools section of the Control Panel on your Windows client machine, expand the AD DS Tools section and choose the AD DS Snap-ins and Command-line Tools.
PowerShell offers a number of built-in features to query and manage an Active Directory installation. Choosing to install the Active Directory Module makes these AD-specific commands readily available at the PowerShell command line. As an example, the
dsquery command will return a wide range of information about the directory including computers, groups, servers, and users. There are also command-line tools such as
dsrm for adding, moving, and removing objects, and plenty more. Help is available for any of the commands by typing the command followed by
/? at the command line.