Best choice for an inexpensive Active Directory Domain Controller for a mostly Window home network ?

[NeverDie]

Apparently freeNAS is one possibility (The Ars NAS distribution shootout: FreeNAS vs NAS4Free | Ars Technica ) but it comes with a bunch of caveats.

What are good choices? If you're not using Windows $erver, what are you using?

 

[RTM]

I am not sure if it is a good choice, but you could use something like CentOS 7 and a 3rd party package repo for Samba 4 as outlined here: CentOS 7 Samba domain controller - Spiceworks

If you look around I am sure you can find similar options for other distributions, for instance this article, suggests that you can use Ubuntu 14.04 LTS without a 3rd party repo.

At the end end of the day, your options are limited to something that uses Samba or using Windows.

EDIT: Turnkeylinux has created an applicance that makes it extremely easy to setup a domain controller: Domain Controller - Drop-in PDC replacement | TurnKey GNU/Linux

 

[NeverDie]

Apparently freeNAS is one possibility (The Ars NAS distribution shootout: FreeNAS vs NAS4Free | Ars Technica ) but it comes with a bunch of caveats.

What are good choices? If you're not using Windows $erver, what are you using?

Also, apparently it can be done using CentOS:

Anyhow, rather than just blindly picking something from a google search only to find out down the road that the googled-up choice is biting me in the ***, I thought I'd inquire what serveTheHome folks are doing, since some of you have probably already been "down the road" and would already know if what you picked is biting you or not.

Any suggestions? Anyone?

 

[NeverDie]

I am not sure if it is a good choice, but you could use something like CentOS 7 and a 3rd party package repo for Samba 4 as outlined here: CentOS 7 Samba domain controller - Spiceworks

If you look around I am sure you can find similar options for other distributions, for instance this article, suggests that you can use Ubuntu 14.04 LTS without a 3rd party repo.

At the end end of the day, your options are limited to something that uses Samba or using Windows.

EDIT: Turnkeylinux has created an applicance that makes it extremely easy to setup a domain controller: Domain Controller - Drop-in PDC replacement | TurnKey GNU/Linux

Thanks! I guess we cross posted.

 

[NeverDie]

I am not sure if it is a good choice, but you could use something like CentOS 7 and a 3rd party package repo for Samba 4 as outlined here: CentOS 7 Samba domain controller - Spiceworks

If you look around I am sure you can find similar options for other distributions, for instance this article, suggests that you can use Ubuntu 14.04 LTS without a 3rd party repo.

At the end end of the day, your options are limited to something that uses Samba or using Windows.

EDIT: Turnkeylinux has created an applicance that makes it extremely easy to setup a domain controller: Domain Controller - Drop-in PDC replacement | TurnKey GNU/Linux

I'm leaning in the direction of trying the FreeNAS Active Directory Domain Controller, which runs Samba 4. Anyone else using it (or used it in the past but discontinued)?

 

[EffrafaxOfWug]

I use a samba4 AD controller, but on debian jessie rather than freeNAS. It works surprisingly well to be honest but I'm not doing anything complicated with it. The only thing I've run into that doesn't yet work is renaming sites.

Does freeNAS allow you to use bind as well? One of the caveats of samba's internal DNS server is that it isn't a forwarder so you either a) need a separate DNS server elsewhere for your internet lookups or b) use bind with the a samba DLZ (dynamically loadable zone).

 

[mrkrad]

What function level does samba 4 work at? 2003 R2? I've found samba leaves a lot to be desired when working with true AD windows servers!

 

[EffrafaxOfWug]

IIRC mine was 2008 OotB and raising it to 2008R2 was no issue; it's just an update to the LDAP schema after all.

Can't say I've had any "leaves a lot to be desired" problems at all, but for me it's just some home domains and a test lab - nothing big'n'funky like despairpoint or exchange.

 

[mrkrad]

How does it integrated into multiple domain controllers/multi-master roles?

 

[EffrafaxOfWug]

Well if you mean just "how easy is it to add multiple DCs", then pretty easy. I've got two physicals here, one of which also runs some linux VMs which also has a KVM hosted DC and I have another at a friends house as offsite failover (for no reason whatsoever TBH other than "let's see if it can do this")... all of which just depended on having network connectivity and DNS working correctly and then just running:

samba-tool domain join fhqwhgads.local DC -Uadministrator --realm=fhqwhgads.local --dns-backend=BIND9_DLZ

 

[PigLover]

Current Samba AD runs win2008 schema out of the box and has a schema upgrade for R2. AFAIK the 2012/2012R2 schemas are not suported. Most multi-dc methods are supported, as is using Samba as an SDC to a windows PDC.

It works better if you configure bind with dynamic updates. The internal dns server is pretty limited.

 

[Jeggs101]

Current Samba AD runs win2008 schema out of the box and has a schema upgrade for R2. AFAIK the 2012/2012R2 schemas are not suported. Most multi-dc methods are supported, as is using Samba as an SDC to a windows PDC.

How much does this matter if you have a basic HVS2012R2 farm and are using AD just for basic 1-2 user lab authentication?

 

[PigLover]

How much does this matter if you have a basic HVS2012R2 farm and are using AD just for basic 1-2 user lab authentication?

Doesn't matter a bit for that. But if you are running Hyper-v on that lab and want to do all the vodoo with it - smb-based vm storage, migrations, replication, etc. - it may matter a lot. The constrained delegation model was introduced in the 2012 schema...and without it none of those features work completely.