Graphic of a company's worldwide network

The release of UCS 4.3 also provides you with the Samba version 4.7 . Compared to older versions, it clearly improves the performance in the area of LDAP queries and replications of group memberships in particular. This offers great benefits, particularly for large organizations with several thousands or even ten thousands of authentication accounts.

But what is Samba in general? How can it be compared to Microsoft‘s Active Directory? Where is it involved in UCS‘s identity management and how can you benefit from it?

In this article I want to present you two solutions for the central detection and authorization of the members of a domain. Both of them enable you to centrally administrate a domain network. They also help to achieve more data protection and significantly increase failure security for your IT systems.

Besides, I want to show you how UCS is able to bridge the gap between the Linux world and the Windows world. By this you can reap the benefits of both systems, instead of having to decide for one and thus restrict yourself.

Now let’s first take a short glance on Active Directory:

What exactly is Active Directory and what is it used for?

Active Directory is a solution developed by Microsoft to provide authentication and authorization services in a domain network.

The Active Directory core elements are an LDAP directory service, a Kerberos implementation as well as DNS services. Information on users, groups, and hosts is stored in the directory service. Kerberos assumes the authentication of these users and hosts and DNS (Domain Name System) ensures that client and server systems in this domain network find and can communicate with each other.

These three components LDAP, Kerberos, and DNS are closely interrelated and in order to group them into a single entity, they are called Active Directory Domain Services (AD DS).

As a so-called domain controller, Microsoft Windows Server can provide these Active Directory domain services or join such a domain as a simple member. Also Windows client operating systems can join such a domain within the respective business and education versions.

Multi-master replication for resource allocation and failure safety

The contents of the directory service are replicated between the domain controllers of a domain, making them available on multiple systems. This contributes significantly to the failure safety and load distribution of the resources of the domain network. Active Directory uses here a so-called multi-master replication. Changes can thus be made on each individual domain controller and are automatically transferred from there to the other domain controllers.

Samba for interoperability of Linux and Unix systems with Microsoft solutions

Logo SambaThe Samba project provides a free software suite that enables the interoperability of Linux and Unix-based systems with services and protocols used and developed by Microsoft.

Provision of Windows-compatible services

At first, Samba merely offered the possibility to use file and print services via the SMB / CIFS protocol used and shaped by Microsoft. This counts both for a server implementation where Samba provides the services on Linux or Unix as for a client implementation that allows Linux and Unix systems to use the services provided by Microsoft Windows.

Samba as an Active Directory Domain Controller

Meanwhile Samba has implemented a variety of services and protocols, including SMB / CIFS, NTLM, WINS / NetBIOS, (MS) RPC, SPOOLSS, DFS, SAM, LSA, and the Windows NT domain model. With version 4.0, Samba was supplemented by an open source implementation of Active Directory and can thus be deployed as a full-featured alternative to Active Directory domain services.

Since then, Samba systems can not only join as members of an Active Directory domain, but also take the role of the domain controller and deploy the Active Directory domain services on a Linux or Unix-based system.

Client systems, such as Windows or Mac OS, can join an Active Directory domain provided by Samba by the same mechanism as a Microsoft Windows Active Directory domain. In addition, group policies can also be used to manage Windows clients.

Build a bridge between the Windows and Linux / Unix world with UCS and Samba

In general, OpenLDAP being the directory service in UCS, is the core element that must exist in each UCS domain.

Active_Directory_mit_UCSWith the app Active Directory-compatible Domain Controller from the Univention App Center, UCS also offers the possibility to run an Active Directory domain via the Samba software suite.
The Univention S4-Connector developed by us synchronizes here all relevant information between the OpenLDAP directory service and the Samba directory service. This interaction makes UCS ideal for unifying the Windows and Linux / Unix world in a single domain network.

The Federal Office for Radiation Protection in Germany, for example, has been using UCS and Samba for years to fully benefit from the advantages of the Linux servers in use while the institute’s employees can work with Windows services and clients at their various sites.

I’d be glad if I gave you a good insight into the tasks of the directory services Samba and Microsoft Active Directory.

If you want to know more about how you can easily combine Microsoft and Linux-based applications in your IT environment with UCS and Samba, please contact us or take a look at our references that describe various application scenarios of UCS and Samba AD.

Open Soure Software Consultant and member of the Professional Services Team of Univention

What's your opinion? Leave a comment!

Your email address will not be published. Required fields are marked *