In our latest article from our ‘Brief Introduction’ series, we would like to introduce you to the software Samba and Microsoft Active Directory – two solutions for the central detection and authorization of members of a domain. These are very important features as the central administration of a domain network helps to achieve more data protection and higher failure security for your IT systems.
We also like to show you briefly how UCS is able to bridge the gap between the Linux world and the Windows world so that the benefits of both systems can be utilized.
For more information on exactly what a domain is and what tasks a domain controller fulfills, please check our article: Brief Introduction: Domain/Domain Controller
Now let’s go back to the actual topic of this article: the directory service solution Active Directory and the software Samba.
What Exactly is Active Directory and What is it used for?
Active Directory is a solution developed by Microsoft to provide authentication and authorization services in a domain network.
Core Elements of Active Directory
The Active Directory core elements are an LDAP directory service, a Kerberos implementation as well as DNS services. Information on users, groups, and hosts is stored in the directory service. Kerberos assumes the authentication of these users and hosts and DNS (Domain Name System) ensures that client and server systems in this domain network find and can communicate with each other.
These three components LDAP, Kerberos, and DNS are closely interrelated and in order to group them into a single entity, they are called Active Directory Domain Services (AD DS).
As a so-called domain controller, Microsoft Windows Server can provide these Active Directory domain services or join such a domain as a simple member. Also Windows client operating systems can join such a domain (this counts for the respective business and education version).
Resource Allocation and Failure Safety
The contents of the directory service are replicated between the domain controllers of a domain, making them available on multiple systems. This contributes significantly to the failure safety and load distribution of the resources of the domain network. Active Directory uses here a so-called multi-master replication. Changes can thus be made on each individual domain controller and are automatically transferred from there to the other domain controllers.
The Samba project provides a free software suite that enables the interoperability of Linux and Unix-based systems with services and protocols used and developed by Microsoft.
Provision of Windows-Compatible Services
At first, Samba offered the possibility to use file release and print services via the SMB / CIFS used and shaped by Microsoft. This counts both for a server implementation where Samba provides the services on Linux or Unix as for a client implementation that allows Linux and Unix systems to use the services provided by Microsoft Windows.
By the way, the name “Samba” was derived from the protocol name ‘SMB’.
Interoperability through Integrated Services and Protocols
Meanwhile Samba has implemented a variety of services and protocols, including SMB / CIFS, NTLM, WINS / NetBIOS, (MS) RPC, SPOOLSS, DFS, SAM, LSA, and the Windows NT domain model. With version 4.0, Samba was supplemented by an open source implementation of Active Directory.
Samba as an Active Directory Domain Controller
Since then, Samba systems can not only join as members of an Active Directory domain, but also take the role of the domain controller and deploy the Active Directory domain services on a Linux or Unix-based system.
Client systems, such as Windows or Mac OS, can join an Active Directory domain provided by Samba by the same mechanism as a Microsoft Windows Active Directory domain. In addition, group policies can also be used to manage Windows clients.
The Interplay between Samba and UCS
In general, OpenLDAP being the directory service in UCS is the core element that must exist in each UCS domain.
Build a Bridge between the Windows and Linux / Unix World with UCS and Samba
With the app Active Directory-compatible Domain Controller from the Univention App Center, UCS also offers the possibility to run an Active Directory domain via the Samba software suite.
The Univention S4-Connector developed by us synchronizes here all relevant information between the OpenLDAP directory service and the Samba directory service. This interaction makes UCS ideal for unifying the Windows and Linux / Unix world in a single domain network.
The Federal Office for Radiation Protection in Germany, for example, has been using UCS and Samba for years to fully benefit from the advantages of the Linux servers used while the institute’s employees can work with Windows services and clients at their various sites.
We would be pleased to have given you a good insight into the tasks of the directory services Samba and Microsoft Active Directory. If you want to know more about how you can easily combine Microsoft and Linux-based applications in your IT environment with UCS and Samba, please contact us.
To give you further insights into this topic, we recommend the following articles or video tutorials: