Just would like to ask. Have you implemented a DC (Domain Controller) solution using open-source in corporate environment before? If yes, which solution/ distro have you implemented and would recommend? Compared with MS AD (Microsoft Active Directory) does it fulfill the role as a DC in corporate environment?
If you can do a video on this topic with some recommendations and guides, it would be helpful for me and others who are looking for open source solution for DC.
What you need is SaMBA with all the options to use as a DC (Domain Controller). This was being used in a secondary school for at least 10 years here in the UK until 2012 when I lost contact and probably still is. From what I have read SaMBA has vastly improved and is far better even now in the DC role. If you read the latest documentation on SaMBA you will find all of the information you need. ( https://www.samba.org/ ). Most people think of SaMBA as a CIFS app to share documents between Linux and Windows but it is far more than that.
I ran Windows networks with mainly Windows servers including DCs, however I would not have an issue with using SaMBA as the DC though that does depend on your requirements. If you run other Windows applications from your DC then that may not be possible, as may some other requirements. However you maybe able to use SaMBA as your DCs and limit the number of Windows servers for the other applications and hence saving yourself money. SaMBA also has the ability to act as secondary DC to actual Windows DCs. What you could do is set up a test of SaMBA and give it a whirl before rolling out. I am sure that Jay will have some input as well.
I haven’t worked with Active Directory much, it’s one of those things that I always steer away from (due to the proprietary nature of it) and encourage others to go with something else as well. That said, I do understand that it’s often not the case that you can simply not use AD, because at that particular organization that decision is often made for you before you even start working there.
When I did join an Ubuntu server to AD a long time ago, there was a third-party solution that we used, and it worked well. I don’t remember the name of it, and honestly, I’m not even sure if it still exists. Starting with Ubuntu 20.10, it has built-in Active Directory support now, so that may be worth a look. I would recommend not using a non-LTS release, but the built-in support didn’t make it in time for 20.04.
Alternatively, you can look into “389 Directory Server”, as well as FreeIPA and Zentyal as potential replacements for proprietary Active Directory. I haven’t used those myself, but I’ve worked with individuals who has had success with them. That was several years ago though, so newer (and possibly better) solutions may have come out since then.
I agree with BigBunny. Samba is a good solution. My only hesitation there is that it may take less time to consider one of the ones I’ve mentioned (or similar) that are more “turn-key” solutions. Samba is probably the best option overall, but you’d likely find yourself spending more time tweaking the settings than you would with an out of the box solution. If you do have the extra time though, Samba is the way to go.
It’s probably not a bad idea to at least try the built-in support in 20.10, if you haven’t already. I’ve not had a chance to try it myself though.