Can a Linux server serve as a Domain Controller for Windows Machines?

linux windows samba domain-controller single-sign-on

15,026

Solution 1

With the versions of Samba found in current versions of common distributions you can certainly have a Linux machine act as an NT-style domain controller (this has been the case for some time).

I believe that taking part in an AD based domain is being actively worked on but not yet ready for production use, though it isn't something I've looked at recently so the support may have moved on.

Solution 2

Samba4 is going to be able to do that, but it's still in alpha. If you're adventurous you can play with the latest releases.

Solution 3

My answer is going to be "why would you want to?" You're probably far better off implementing a Windows DC; it won't cost you that much, and you'll be on a supported and more predictable environment. AD isn't difficult - there's a lot in it, but it's not difficult. So long as you don't do bizarre or wacky stuff with it, it's incredibly robust and has low maintenance overhead. If you want the Linux boxes to authenticate against it, you can set it up in Mixed Mode and it will present itself as an NT4-like DC where appropriate.

Solution 4

Of course you can! Just read a bit some tutorials at samba.org Samba by example is great for a start

View more solutions

15,026

kdmurray

Geek with a heart of gold.

Updated on September 17, 2022

Comments

kdmurray almost 2 years

In a small office setup (5-6 employees) we have seven Windows XP and Windows Vista clients, as well as a couple of linux servers.

Is it possible to set up a linux machine to act as the domain controller to provide single signon and AD-like capabilities for the network?
Avery Payne about 15 years

+1, spot on. Coming to Linux Real Soon Now(tm).
Axel about 15 years

One clarification to my post: a samba as found in recent releases of Linux distributions (certainly Debian Etch+) can join an AD based domain as clients/servers, I have Linux file servers that do just that, just not act as any sort of controller on the domain.
MrGigu about 15 years

Does it actually make an NT domain controller, or just a Master Browser?
Axel about 15 years

I'm pretty sure it can be a full PDC (or BDC too if the PDC is also samba based).
kdmurray about 15 years

You make a good point. We've been looking at both options, and I'd been asked to find the most economical solution...
kdmurray about 15 years

It wasn't an MS-free solution so much as a cost-free solution that I was looking for. I'll have a look through the SMB stuff, but you and mh may be right about just biting the bullet and using the OOB MS solution.
Avery Payne over 14 years

The current (3.x) versions of Samba make it a full NT4 style PDC.