Samba Directory
The Samba Directory app powered by Samba 4 provides Active Directory 1) Domain Controller functionality. Features include:
- Support for the Active Directory logon and administration protocols
- Support for Group Policies
- An internal LDAP server, with Active Directory semantics
- Kerberos support
- Full NTFS semantics
Note: in order to avoid the pitfalls of confusing the trademarked Active Directory with the Samba 4 implementation, we refer to the Samba 4 Active Directory implementation as Samba Directory in ClearOS documentation.
Installation
This app is currently in development. You will be able to select Samba Directory when you choose between the various account platforms.
Menu
You can find this feature in the menu system at the following location:
- Server
- ↳Directory
- ↳Samba Directory
Configuration
Getting the Samba Directory configuration just right is important. Changing settings after you have started the deployment is labor intensive and painful!
Realm
Though the use of .local is common, we recommend avoiding it if possible. This suffix is used by other operating systems and mobile devices and can cause a conflict. We recommend using the domain or a subdomain based off of your primary Internet domain. Substituting the .lan suffix is up to you.
- Internet domain: EXAMPLE.COM
- REALM: EXAMPLE.COM
- or REALM: DIRECTORY.EXAMPLE.COM
- or REALM with.lan suffix: DIRECTORY.EXAMPLE.LAN
Regardless, it is very important to make sure the DNS for realm is working for any system connecting to ClearOS. If you select your Internet domain name as your realm, you will need to replicate the DNS record for your domain from the point of view of the LAN. Please reference the DNS section below. The ClearOS system must also be able to lookup this name (see DNS section below).
Windows Domain
This is the old Workgroup parameter. For small organizations, using the hostname part of the realm certainly works, but you can choose other domains. By convention, you will see the domain in all caps, but any case will work.
- EXAMPLE
- -or- DIRECTORY
- -or- WAREHOUSE
Server Name
The server name is taken from simple hostname of your system. If you want to change this parameter, click on the link to change the hostname. DNS and hostname changes are finicky, so provisioning Samba Directory right the first time will save you time and agony later on!
Password
Choose a good password – the standard Windows password complexity rules apply so make sure to involve numbers and upper and lower case letters.
DNS and Dynamic DNS
A working DNS infrastructure is critical to Samba Directory. In addition, an Active Directory implementation will operating better when the Dymamic DNS updates via Kerberos feature is enabled. For these reasons, the internal DNS server provided by Samba Directory is used in ClearOS. This DNS server will be active on all trusted (LAN) network interfaces.