Hi,
I was hoping you could clarify the following for me.
I would like to use Samba as a AD DC, but need to know in advance which features
of a "classical" Windows DC it supports. (By Samba, I mean the latest
version of
Samba.)
For example, I have been given advice how to setup Public Key Policies on
Server Fault (for link, see [1]). How do I tell whether this particular
functionality
is supported by Samba?
As I understand it, Samba is AD compatible, meaning it can take the hierarchical
structure of a directory to build GPOs. When a Windows workstation requested
GPOs for the user, it uses it to alter registry keys, etc. - it is a change in
the workstation's configuration, "no work is being done" except
for this change in
configuration. (I believe it's actully a lot of work...)
However, what is suggested in this case on Server Fault is a little bit more
complex
functionality. It does not only involve change in configuration, it involves
automated
transport of a file (a certificate) to a remote computer, checking current
certificate's
expiry date, communicates to the CA about certificate renewal etc. It's
called
Certificate Management, I think.
Is my assumption correct that with Samba, I can perform all the configurations,
but
these specialized functions such as certificate deployment are features of
Windows
Server, not the AD DC itself?
Furthermore, can this behaviour (automated distribution of certificate for
RADIUS
server) be scripted on a Linux DC?
(This particular case is not as important as understanding which functions in
general
are supported. It would be nice to know how to do it, though.)
Greetings from Prague, Czech republic
David
PS: If I sent this message more than once, please excuse me. I had some
trouble setting up my mailing list account.
---
[1]
https://wiki.samba.org/index.php/Samba_AD_management_from_windows#Implementing_Group_Policies_.28GPO.29_in_A_Samba_Domain
