AD Emulation on *Nix
-
So I finally convinced one of my clients to buy a new server, it will arrive sometime in the next few weeks. A Dell T130 server, with the 4C/8T CPU, 16Gb of RAM and 4x1Tb hardware RAID 10 (H730 controller) all wrapped up with a nice 5 year NBD hardware warranty.
Right, so I plan on axing their current SBS server setup and go for a bunch of smaller Linux VMs, one for DNS/DHCP, one as a fileserver, and one as an AD server (to be used mostly for authentication) and then a single Windows 7 VM used for their crappy industry specific software.
Currently they have 6 Windows 7 clients joined to their AD domain, and apart from auth and filestorage they do not really use too much in the way of AD services.
So here is my question, how do I switch them over to a new *nix AD domain controller? Can I just join it to the current domain and promote it to a DC then remove the SBS DC? Or is this going to be way more complicated than that?
-
Definitely do NOT refer to this as emulation. It is 100% real AD in every way.
-
@jrc said in AD Emulation on *Nix:
So here is my question, how do I switch them over to a new *nix AD domain controller? Can I just join it to the current domain and promote it to a DC then remove the SBS DC? Or is this going to be way more complicated than that?
Yup, that's it. It acts just like a normal Windows 2012 R2 AD DC.
-
@scottalanmiller said in AD Emulation on *Nix:
@jrc said in AD Emulation on *Nix:
So here is my question, how do I switch them over to a new *nix AD domain controller? Can I just join it to the current domain and promote it to a DC then remove the SBS DC? Or is this going to be way more complicated than that?
Yup, that's it. It acts just like a normal Windows 2012 R2 AD DC.
Thanks, that is what I was thinking. I guess what I really need here is a "howto" that walks me through the setup as I have never done this before. Some guides on how to administer it would be nice too.
-
@jrc said in AD Emulation on *Nix:
@scottalanmiller said in AD Emulation on *Nix:
@jrc said in AD Emulation on *Nix:
So here is my question, how do I switch them over to a new *nix AD domain controller? Can I just join it to the current domain and promote it to a DC then remove the SBS DC? Or is this going to be way more complicated than that?
Yup, that's it. It acts just like a normal Windows 2012 R2 AD DC.
Thanks, that is what I was thinking. I guess what I really need here is a "howto" that walks me through the setup as I have never done this before. Some guides on how to administer it would be nice too.
How to admin will depend very heavily on which distro you go with and how you want to manage it.
For example, NethServer will give you a nice GUI. Fedora will work great from the command line. Fedora could be managed via Salt or Ansible.
-
@scottalanmiller said in AD Emulation on *Nix:
NethServer
Got it. I am completely open to which way I take this. My personal preference on a distro would be Ubuntu, but it does not have to be that. I am hoping to get something that is "easy" to administer and a turnkey solution would be best I think. A nice GUI would be great.
Nethserver does not seem to say anything about AD , and it looks to do WAY more than I'd need it to, there is no need for content filtering, firewalling, VPN etc. Just AD.
-
@jrc said in AD Emulation on *Nix:
Nethserver does not seem to say anything about AD , and it looks to do WAY more than I'd need it to, there is no need for content filtering, firewalling, VPN etc. Just AD.
AD is the core of NethServer's functionality.
-
Ubuntu 17.10 is fine. Not my preference, but no problem. Samba 4 is highly popular and stable there. Fewer management tools than on other platforms, but if you are going to do it all manual and/or go with Salt/Ansible you are all set.
-
-
@jrc said in AD Emulation on *Nix:
@scottalanmiller said in AD Emulation on *Nix:
Nethserver
How does Nethserver compare to Zentyal?
It's the more modern competitor. Zentyal kind of went off in a direction that people didn't like, so Nethserver stepped into that space.
-
What direction would that be?
-
My biggest hesitation with Nethserver is the site makes no reference to AD at all, contrast that with Zentyal, where it calls that out as the number 1 feature.
Why would that be a core feature, yet not marketed at all?
-
@jrc said in AD Emulation on *Nix:
What direction would that be?
Nethserver is completely free, there isn't stuff held back for the commercial version. It's 100% free. Nethserver is also based on CentOS, not out of date Ubuntu like Zentyal. And Zentyal has faced a bit of criticism that development has heavily stagnated and even its own community has a lot of discussions wondering if the project is still active. It is, from what we can tell, but not doing well. Their decisions around Ubuntu LTS and not being completely free (and just charging for support), their lack of involvement in their own community and others (Netserver is here, Zentyal is not, etc.), their lack of development on their projects, have all led to a massive decline and it generally being considered a "has been" product at this point.
-
@jrc said in AD Emulation on *Nix:
My biggest hesitation with Nethserver is the site makes no reference to AD at all, contrast that with Zentyal, where it calls that out as the number 1 feature.
Why would that be a core feature, yet not marketed at all?
Because it's considered so basic that they feel that they don't even need to draw attention to it. But it's right there in the docs...
-
Hmm, yes, the manual goes over it. But there are no instructions on how to use it to replace a Windows AD server (ie join the domain, then promote to DC), which is what I would have to do here.
-
@jrc you would perform the same exact process as if you were replacing any domain controller regardless of it being windows or Linux or anything else.
Join it, promote it, let things replicate and the decom the old system.
-
@jrc said in AD Emulation on *Nix:
Hmm, yes, the manual goes over it. But there are no instructions on how to use it to replace a Windows AD server (ie join the domain, then promote to DC), which is what I would have to do here.
Well it does, though. The problem is that you are asking something, or looking for something, in the wrong place. That's a basic question about AD and not something that Nethserver would be telling you. It should not be listed there.
Now maybe it is missing instructions on joining an existing domain. That is needed.
-
@dustinb3403 said in AD Emulation on *Nix:
@jrc you would perform the same exact process as if you were replacing any domain controller regardless of it being windows or Linux or anything else.
Join it, promote it, let things replicate and the decom the old system.
It might not show in their docs how to join as a DC that isn't root and how to promote. I'm not seeing that.
-
Umm, yeah it should be in the admin manual. Knowing it can do this does not help someone to actually do this. What are the exact steps in achieving this is what I need to know. The instructions on how to join a domain are in there, which is great, but how do I then promote it from there? This is a key step in what I need to do here.
-
@jrc said in AD Emulation on *Nix:
Umm, yeah it should be in the admin manual. Knowing it can do this does not help someone to actually do this. What are the exact steps in achieving this is what I need to know. The instructions on how to join a domain are in there, which is great, but how do I then promote it from there? This is a key step in what I need to do here.
I think what is lacking is their documentation on being a peer DC server. When they join there, they are assuming that something else is handling AD and it is just a client like any random WIndows server would be.
