+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
*nix Thread, Samba server as a domain controller in Technical; Hello All, We want to expand our network and offer logons to all staff, pupils and parents via various web-based ...
  1. #1

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234

    Samba server as a domain controller

    Hello All,

    We want to expand our network and offer logons to all staff, pupils and parents via various web-based services (Moodle, email, file servers, whatever other random stuff I write). We want to avoid having to pay Microsoft any money to do this. The answer would seem to be a Samba server of some kind acting as a domain controller. Does anyone have any thoughts on the best way to go about this?

    Do I use Samba 3 or 4?

    Is it worth waiting for Ubuntu 10.4 LTS to come out next month? Should I install 9.10 and upgrade to 9.10 later, or should I use Debian instead?

    Do I need an OpenLDAP backend, or does Samba supply its own LDAP server these days?

    What's the best way of distributing policy changes to Windows workstations? I understand I can create and edit ADM files to set policies on workstations, how do I get those on to workstations? Can I install them via a share on each workstation?

    --
    David Hicks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    If you're using Windows workstations stick with at least one Windows Server. Education get Windows Server for a fraction of the RRP.

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by Michael View Post
    Education get Windows Server for a fraction of the RRP.
    But, if I understand correctly, if we wanted all our pupils, staff and parents to use a Moodle server that used our Active Directory server as an authentication backend we would have to pay for either device CALs for each machine that authenticated or user CALs for each user in Active Directory.

    Is there some let-any-number-of-web-based-users-authenticate MS license available, does anyone know?

    --
    David Hicks

  4. #4

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,479
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    You'd need an external connector license. Although if you purchase CALs for all students then according to Microsoft UK Schools : Licensing parents for SharePoint ? what?s free and what isn?t you could be "granted" an external connector by MS.

  5. Thanks to Soulfish from:

    dhicks (30th March 2010)

  6. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    Moodle supports LDAP which I believe requires no further finances, just some tweaking

    There are ways around Active Directory, but you'll create yourself work locking down computers when using GPOs is straight forward. I would keep one Windows Server and host Moodle either on a seperate Windows box or indeed Linux.

  7. Thanks to Michael from:

    dhicks (30th March 2010)

  8. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by Michael View Post
    Moodle supports LDAP
    Then you have two separate authentication servers - if a user sets their password via Windows then their password on the LDAP server doesn't change.

    There are ways around Active Directory
    Do you have any more details?

    --
    David Hicks

  9. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by Soulfish View Post
    You'd need an external connector license.
    A quick Google search suggests a price of around 200 for an external connector license, which sounds okay. Anyone any idea if that's about right? Is that all I need to allow people to use (any number of) web-based applications that authenticate against our Active Directory server?

    --
    David Hicks

  10. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    That's about right for windows server. There are others for Sharepoint (very expensive), Exchange (quite expensive). CPU licenses will cover things like SQL not needing any CALs.

  11. Thanks to DMcCoy from:

    dhicks (30th March 2010)

  12. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    Do you have any more details?
    Registry hacks in other words for locking down machines To be honest I would still recommend AD as your primary naming source for usernames and link applications to it.

  13. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    What's the best way of distributing policy changes to Windows workstations? I understand I can create and edit ADM files to set policies on workstations, how do I get those on to workstations?
    ADM files are mostly a bunch of registry keys and microsoft publishes which key each setting modifies.

    http://www.microsoft.com/downloads/d...5-ff24cc2030fb

    If you know what the key is you can easily implement that in a login or startup script with samba. Active directory is the GUI for the registry keys, but you could script it.
    http://oreilly.com/catalog/samba/cha...k/ch06_06.html

    Alternately you could set the policy on base images and then override them with scripts.

  14. Thanks to CyberNerd from:

    dhicks (30th March 2010)

  15. #11

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by CyberNerd View Post
    Active directory is the GUI for the registry keys, but you could script it.
    Hmm. It all certainly sounds plausibly easy enough - if the external connector license thing doesn't work out then this definatly looks worth a try.

    --
    David Hicks

  16. #12

    Join Date
    Jan 2008
    Location
    Cheshire, UK
    Posts
    336
    Thank Post
    66
    Thanked 60 Times in 42 Posts
    Rep Power
    48
    At a previous school we used OpenLDAP for authentication and Samba for file serving. For configuration we used ntconfig.pol with a number of custom ADM files to add extra functionality. The only Microsoft servers we had were for the MSSQL server for CMIS & IIS for ePortal.
    Last edited by sjatkn; 15th April 2010 at 11:35 PM. Reason: Fixed a minor spelling error.

  17. #13

    Join Date
    Dec 2009
    Location
    London
    Posts
    42
    Thank Post
    4
    Thanked 10 Times in 7 Posts
    Rep Power
    11
    Connecting Moodle to active directory is really easy. Yes, having moodle installed on a LAMP server (Linux, Apache, MySQL, PHP) is highly recommended, but all you need to do is to confirgure the Moodle LDAP authentication module to point to a domain controller and set a few mapping tweaks (can provide more detail if required). I've set this up in many schools and to date it's very stable. I personally choose Ubuntu because it's sooooo easy.

  18. #14

    Join Date
    Dec 2009
    Location
    London
    Posts
    42
    Thank Post
    4
    Thanked 10 Times in 7 Posts
    Rep Power
    11
    Oh sorry, forgot to mention... Samba as a member server to be used as a file or print server is excellent, but I wouldn't attempt as a domain controller, stick with Microsoft.

  19. #15

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by prad View Post
    Connecting Moodle to active directory is really easy.
    The ease of setting up Moodle to authenticate against Active Directory isn't the issue here, I need to check that we are appropriatly licensed to allow external users (in the sense of pupils having out-of-hours accesss and probably parents having accounts) to use our system.

    Samba as a member server to be used as a file or print server is excellent, but I wouldn't attempt as a domain controller, stick with Microsoft.
    Why?

    --
    David Hicks

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. New Domain Controller Problem
    By glennda in forum Windows
    Replies: 12
    Last Post: 21st April 2010, 04:16 PM
  2. Domain controller: LDAP server signing requirements
    By cookie_monster in forum Windows Server 2008
    Replies: 0
    Last Post: 11th August 2009, 08:56 AM
  3. W2k8 Domain and Samba
    By Geoff in forum *nix
    Replies: 0
    Last Post: 23rd May 2008, 09:20 AM
  4. Replies: 4
    Last Post: 3rd April 2008, 10:23 PM
  5. Replies: 5
    Last Post: 17th August 2007, 03:52 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •