Linux as an Active Directory DC

[clayb226]

I was just curious how many others are using Linux and Samba 4 as your AD Domain controllers. We had implemented one a couple months back, and I have now set up another Samba 4 server and have replication all set up. We have several locations, all connected with hardware VPN solutions. I was thinking about setting up a few, so called floaters, with roaming profiles. I am curious if the profiles will also replicate, or if I will have to slap a quick script together for that part of the process. I have had few issues, the only ones being a poisoned DNS on the ISPs side, had the server DNS cache all froze up. Was thinking it would be nice to see how others experiences were going with it in the production environment.

 

[codegreen]

Have played with it on my own, but haven't used it in production for a client yet. I don't feel like I have a good enough handle on what Samba 4 can and can't do yet.

 

[rockhoptec]

We use ClearOS and have had no issues. We have 4 at the moment setup as DC in working environments and they just tick right along without any problems. ClearOS has all the parts you would need to setup a working DC, also has roaming profiles which we do not use so I cannot answer on that part.

 

[kwisher]

There is also Zentyal. I have not used it personally buy I have heard good reviews on it.
http://www.zentyal.org/

 

[clayb226]

What are you guys using for a DNS Server? I opted for the internal DNS Server, meaning internal to samba, but did have a poisoned DNS on the ISP side lock it up, until I forwarded to a different DNS Server. That was when I started to wonder if I should consider setting up BIND, and going that route. I built the latest version, of Samba4, and installed it a server that I put Ubuntu 12.04 LTS server edition on, I have been using Ubuntu LTS server OSs since 6.10, I believe that was the release.

rockhoptec, do you have the servers on the same network, and replicating? What kind of failure tests do you run, do you just make sure that the server can assume the roles properly, once, or do you test redundancy often?

The smb.conf file was generated by the Master DC, and does not have a copy of profiles share in it, so there is no share to copy the profiles to, if it does not do it automatically, it would be easy enough to write a script to utilize a preferred method. I am unsure how Microsoft handles this stuff, only use them for files shares, and utilize some business related software.

 

[clayb226]

OK, I have set up the secondary domain controller, and have set up replication. The replication of SysVol works fine, but at this point I am using rsync, which is one way. I just make sure to do all the Group Policy management on the primary controller, and replicate as I see fit. Roaming profiles work great also, but I mainly only use that feature when I am replacing a computer, so I have no reason for replication of those. It seems to work great, for our needs, there were a couple minor kinks for work out, but that was very easy. I would love to hear others stories/ideas/experiences on this subject. Thanks

 

[Paul Rodgers]

I was just curious how many others are using Linux and Samba 4 as your AD Domain controllers. We had implemented one a couple months back, and I have now set up another Samba 4 server and have replication all set up. We have several locations, all connected with hardware VPN solutions. I was thinking about setting up a few, so called floaters, with roaming profiles. I am curious if the profiles will also replicate, or if I will have to slap a quick script together for that part of the process. I have had few issues, the only ones being a poisoned DNS on the ISPs side, had the server DNS cache all froze up. Was thinking it would be nice to see how others experiences were going with it in the production environment.

Roaming profiles suck. If you can set those people up on a terminal server instead.