Have you wondered what the specific differences are between Samba and Microsoft Active Directory, what functionality they offer, and what role they play in identity management for Univention Corporate Server?
In a nutshell: Samba and Microsoft Active Directory are both solutions for centralized discovery and authorization of members of a domain. While Samba is free software and under the GNU GPL license, Active Directory (AD) is the directory service of Microsoft Windows Server. Since Windows 2008, the core component is called Active Directory Domain Services (AD DS). Both solutions are used in the central organization, provisioning, and monitoring of a domain network: Samba and Microsoft AD manage objects on the network, such as users, groups, computers, services, servers, file shares, and so on.
In this article, I will introduce both approaches and show how you can use them to increase data protection and achieve better resilience of your IT systems. I will also explain how you can use Univention Corporate Server to build a bridge between the Linux/Unix and Windows worlds. This way, you can use the advantages of both systems and do not have to decide between Samba and Microsoft AD, and therefore not on the use of proprietary or open-source solutions.
What is Active Directory?
Active Directory is a solution developed by Microsoft to provide authentication and authorization services in a domain. The main elements of Active Directory are an LDAP directory service, a Kerberos implementation, and DNS services. Information about users, groups, and computers in your environment is stored by the directory service. Kerberos handles the authentication of users and computers. DNS (Domain Name System) answers name resolution requests. Thus, ensuring that client and server systems can find each other in this network and communicate with each other.
All three components, LDAP, Kerberos, and DNS, are closely intertwined and combined into a single unit in Active Directory Domain Services (AD DS). Windows server systems can provide these Active Directory Domain Services as so-called domain controllers or also join such a domain as a member. Windows clients can also join such a domain in the respective business and education versions of the operating system.