Samba as an Active Directory Domain Controller



Similar documents
Implementing Active Directory Hurdles, Obstacles, and the Finish Line. Jim McDonough Samba Team IBM Linux Technology Center April 6, 2004

Active Directory network protocols and traffic

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

Active Directory network protocols and traffic

Active Directory Domain Controller Location Service. Anthony Liguori IBM Linux Technology Center

Samba in the Enterprise : Samba 3.0 and beyond

Forests, trees, and domains

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

Integrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation

WINDOWS 2000 Training Division, NIC

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Integration with Active Directory. Jeremy Allison Samba Team

FreeIPA Cross Forest Trusts

Samba and Vista with IPv6

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Windows 2000 Planning at the University of Michigan

How the Active Directory Installation Wizard Works

Samba 4 AD + Fileserver

Active Directory. By: Kishor Datar 10/25/2007

Using LDAP for User Authentication

Successful DB2 NETLOGON in LAB (Sniffer on LAB HUB)

With Windows Server 2003 Active Directory

Integrating UNIX and Linux with Active Directory. John H Terpstra

Windows Server 2003 Active Directory MST 887. Course Outline

Going in production Winbind in large AD domains today. Günther Deschner (Red Hat / Samba Team)

Microsoft. Official Course. Introduction to Active Directory Domain Services. Module 2

IBM TRAINING L13. Replacing Windows Servers with Linux. Mark Post. Orlando, FL Mark Post

Searching for accepting?

# Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no

Installing Active Directory

<Samba status report>

Collax Active Directory

SerNet. Samba Status Update. Linuxkongress Hamburg October 10, Volker Lendecke SerNet Samba Team. Network Service in a Service Network

Samba. Samba. Samba 2.2.x. Limitations of Samba 2.2.x 1. Interoperating with Windows. Implements Microsoft s SMB protocol

Windows Server 2003 Active Directory: Perspective

Getting Started Guide

W2K migration and consolidation issues and answers

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

SuSE File and Print Services with

Testing Samba for Bigger Environments Samba / Linux / OpenLDAP at the german federal parliament

Domain Services for Windows Administration Guide

Setting up CIFS shares and joining the Active Directory. Why join an N series storage system to Active Directory?

FreeIPA 3.3 Trust features

Skyward LDAP Launch Kit Table of Contents

Setting up a DNS MX Record for mail.corp.com p. 327 Installing Fedora on the Front-End Mail Server with the Postfix and SpamAssassin Packages

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Samba 4 Status Update

LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash

Configuring and Using the TMM with LDAP / Active Directory

Websense Support Webinar: Questions and Answers

How To Understand And Use Domain Services For Windows (Dsw) For A Security Reason

Domain Services for Windows Administration Guide

INTRODUCING SAMBA 4 NOW, EVEN MORE AWESOMENESS

LinuxCon North America

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.

Implementing SAM replication in Samba 3

Domain Services for Windows Administration Guide

"Charting the Course... Enterprise Linux Networking Services Course Summary

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

LDAP connectivity to the REDDOXX-Appliance

Mac OS X and Directory Services Integration

EMC Celerra Network Server

Managing an Active Directory Infrastructure

Mac OS X Directory Services

Module 1: Introduction to Active Directory Infrastructure

Samba 4 - Active Directory. Andrew Bartlett abartlet@samba.org

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

Enabling single sign-on for Cognos 8/10 with Active Directory

Managing Celerra for the Windows Environment

Roles for Servers in the SCW Database

PineApp Surf-SeCure Quick

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Prepared by Enea S.Teresa (Italy) Version October 24

Windows Server 2003 Active Directory by Guy Thomas

CLEO NED Active Directory Integration. Version 1.2.0

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA

The Importance of a Domain

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Core Active Directory Administration

USING USER ACCESS CONTROL LISTS (ACLS) TO MANAGE FILE PERMISSIONS WITH A LENOVO NETWORK STORAGE DEVICE

Active Directory and DirectControl

Windows Server 2012 / Windows 8 Audit Fundamentals

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

Red Hat Enterprise ipa

Common Internet File System

Domain Controller Failover When Using Active Directory

Configure Samba with ACL and Active Directory integration Robert LeBlanc BioAg Computer Support, Brigham Young University

Active Directory Monitoring With PATROL

OpenVMS Update & OpenVMS Common Internet File System based on SAMBA

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : : Information Technology

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

Security Provider Integration Kerberos Authentication

The Win32 Network Management APIs

Mac OS X. Playing nice in a heterogeneous world PRESENTED BY:Charles Edge 318.COM

Interoperability Update: Red Hat Enterprise Linux 7 beta and Microsoft Windows

Windows Active Directory. DNS, Kerberos and LDAP T h u r s d a y, J a n u a r y 2 7, 2011 INLS 576 Spring 2011

Configuring User Identification via Active Directory

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

Transcription:

Samba as an Active Directory Domain Controller Gregory Havens II Texas A&M University venom@tamu.edu Anthony Liguori Rutgers University aliguori@clam.rutgers.edu C. Donour Sizemore University of Chicago donour@cs.uchicago.edu

Active Directory 2

What is Active Directory? Central repository of network resources users and groups computers, printers, etc. configuration data Administrative abstraction for managing users and resources. ADSI Windows MMC 3

Why People Use Active Directory? Provides much tighter integration of services than previously existed Bundled with all Windows 2000 servers. Provides central point of resource management Good Administration Tools 4

Components LDAP Server Kerberos Key Distribution Center (KDC) Domain Controller Integrated Services File / Printer (CIFS) Web (IIS) Mail (Exchange) Naming (DNS) 5

AD Domain Controller 6

What are domains? 1. Canonical DNS 2. Resource LDAP 3. Security NT domains Active Directory combines these 7

Domain Controller (DC) Function Manage various network resources Printers filesystems Applications Provides Authentication Authorization Administrative Abstraction 8

Native vs. Mixed Mode Windows 2000 Server supports both native and mixed mode operation Mixed mode Master-slave replication Support for NT BDCs Native mode peer to peer replication better server scalability (except Global Catalog which exists on one server) 9

NT Domain Master-slave domain hierarchy Samba Client NT BDC Windows Client NT PDC Windows Client Windows Client 10

Active Directory Domain Root Domain (ibm.com) igs.ibm.com linux.ibm.com ltc.linux.ibm.com Windows Client Samba Client 11

DC Components Filesystem / RPC server Samba Directory server iplanet, IBM Directory Server, edirectory OpenLDAP Kerberos MIT / Kerberos Heimdal 12

Possible Solution Windows Client Active Directory LDAP OpenLDAP SMB Samba DCERPC Kerberos DNS MIT/Kererbos BIND 13

Common Domain Processes Join a domain User logon Resource request Add user Add a resource (printer, shared folder, etc.) Add domain controller System boot 14

Domain Join Process Locate Domain controller DNS SRV record queries Locate logon server CLDAP Authenticate Kerberos Send connection request SMB/RPC Negotiate addition to domain Security Descriptor generation objectsid generation 15

CLDAP 16

CLDAP Connectionless LDAP server UDP 389 LDAP v3 Ability is being integrated into the Samba 3.0 development tree. Failure drops back to NetBIOS name service Long domain join delay 17

CLDAP Server Support Not a true LDAP request, seems to be more of a new RPC transport - so it can t be served by any current LDAP implementation. Preliminary work to integrate it into Samba s nmbd. 18

Samba 19

What Samba Can Do Now Samba 2.2 releases Supports most of the RPC calls necessary for a Windows XP join (netlogon, etc.) NT Primary Domain Controller Forthcoming in Future Samba releases Active Directory client Active Directory Domain Controller 20

AD LDAP Server 21

Dynamically Generated Fields Breaks with spirit of LDAP ntsecuritydescriptor objectsid Requires a special purpose backend to serve dynamic data. Proxy backend AD backend 22

Active Directory Schema Published in the Directory Root DSE attributes ldapservicename Includes non-standard objects Breaks certain standard objects person object class 23

Kerberos 24

Kerberos Heimdal Stores keytab data and principal database in OpenLDAP MIT/Kerberos Supports PAC extensions Doesn t support using an LDAP server for storing configuration. 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information