Build A Primary Domain Controller With Samba
With Samba as your network's Primary Domain Controller, you can provide single sign-on authentication, roaming profiles, and more on an inexpensive platform.
Managing heterogenous networks is one of the bigger challenges facing the harried network administrator. Users want what they want: Linux/UNIX, the many Windows variants, OS/2, Macintosh, OS X, who knows what else. Bringing cooperation and harmony to all of these incompatible platforms is made possible by Samba.
Samba is the Open Source implementation of the SMB/CIFS (server messaging block/ common Internet file system) protocols. CIFS is an evolution of SMB, capable not only of enabling file and printer sharing across different platforms, over various transport protocols, but is also a transport protocol itself. (See the SNIA link below for all the gory, yet fascinating details.) Samba is most commonly used to enable file and printer sharing between Windows clients and Linux/UNIX servers. As a file server, it ranks at the top of the class, outperforming Windows NT/2000 handily, both in speed and reliability.
Microsoft's concept of a Primary Domain Controller is most useful, as it simplifies a number of network administration chores. It provides a "single sign-on", storing information about domain users, and providing user authentication. User's profiles are stored on the PDC; the PDC handles all authentication requests, allowing users to access different services in the domain without needing multiple authentications.
Samba makes a fine NT-type PDC. It supports roaming profiles, domain logon from all Windows clients, Windows NT4-type system policies, name services, master browser, and user-level security for Windows 9x/ME clients. Which in my opinion do not belong in a business environment, but if they're there and you have to deal with them, Samba doesn't mind in the least.
Samba cannot act as a Backup Domain Controller to a Windows PDC. There is a way to use two Samba machines as PDC/BDC. (See Resources) As a belt-n-suspenders kinda gal, some kind of redundancy is essential.
Samba runs on just about any Linux or UNIX, including Mac OS X, OS/2, AmigaDOS, and Netware. For this article I'm using Red Hat Linux 7.2 and Samba 2.2.3a. The current stable version is 2.2.4. It pays to start with the latest stable version, as the Samba team continually adds improvements and bugfixes. Samba 3.0 adds native connectivity with Microsoft's Active Directory, support for Microsoft's version of Kerberos, SAM (Security Accounts Manager) replication, and doubtless many other fine goodies. It's not ready for a production server yet, as it is still in alpha. Worth waiting for.
Hardware requirements, as always, depend on the load to be handled. As users cannot access network services without the PDC, this is not the place to pinch pennies. A pair of Celerons or Durons will hold up better under load than a single Pentium or Athlon. More important are memory, the disk subsystem, and the NIC. Lots and lots of RAM, as Samba spawns a daemon for every user connection. A 3-disk SCSI RAID 5 array gives speed and data protection. I've learned the hard way that it's worth paying the price for a server-quality Ethernet card. Not only are they more durable and better-performing, they come with rafts of nice features you don't get with the $20 specials.
Download Samba here. Also on this page are various clients and utilities. As always with Linux, there are two ways to install an application: RPM, or compile from source. (OK, there are three: Debian's apt-get. As I don't speak Debian, I'll leave that to the Debian Linux gurus.) RPM is easier, compile from source gives more control. Whichever method you choose, be sure to remove any existing Samba installations first.
rpm -qa|grep samba
tells you if Samba is on your system. If it returns a blank line, no Samba. Otherwise it will list the package names. Removal is most easy:
rpm -e (package name)
Red Hat makes 3 Samba RPMs, so be sure to remove all installed packages. Don't worry if you don't find all three on your system. The Samba team supplies a single RPM for Red Hat. That's the one I use.