Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Applications

Software

Samba 4 review

Article comments

Managing the Samba Domain Controller

With your Samba Domain Controller up and running, you can use the standard Windows Active Directory administration tools to manage computers and users. The Excellent virtual appliance provides the 32-bit installer for Windows XP and Windows 7 in the /srv/www/htdocs directory. (If your Samba distribution doesn't include them, the tools are freely available from Microsoft's website.) You can get to the files on the Excellent Samba4 Appliance by opening a web browser and entering the IP address of the appliance. It will present a list of files that you can then right-click on and save or run.

Microsoft's administration tools come in the form of an .msu file, which will add options to the "Turn Windows features on or off" area of your Windows client machine's Control Panel. Once the installer finishes, you'll have to open Control Panel, find Programs and Features, choose "Turn Windows features on or off," then navigate to the Role Administration Tools section (see Figure 1). From there, expand the AD DS Tools section and choose the AD DS Snap-ins and Command-line Tools. Note that the Active Directory Administrative Center requires Active Directory Web Services, which Samba 4 does not support. If you want to use PowerShell, you should check Active Directory Module for Windows PowerShell as well.


Figure 1: From the Role Administration Tools section of the Control Panel on your Windows client machine, expand the AD DS Tools section and choose the AD DS Snap-ins and Command-line Tools.

PowerShell offers a number of built-in features to query and manage an Active Directory installation. Choosing to install the Active Directory Module makes these AD-specific commands readily available at the PowerShell command line. As an example, the dsquery command will return a wide range of information about the directory including computers, groups, servers, and users. There are also command-line tools such as dsadd, dsmove, and dsrm for adding, moving, and removing objects, and plenty more. Help is available for any of the commands by typing the command followed by /? at the command line.

One of the other big uses for Active Directory is in the area of GPO (group policy objects) and permissions. Samba 4.0 fully supports GPO settings for both computers and users. Group policy is especially useful for such capabilities as blocking access to Control Panel on a Windows machine so that normal users can't alter settings or install software. When you create a group policy, it is tied to a specific OU (organisational unit). Once set it applies to all computers or users in that OU.

The Microsoft Group Policy Management Editor provides the means to create or edit a group policy that will be attached to a specific domain. Figure 2 shows the GP Demo policy for the Linux.tstsamba.com domain and the default rules. You can restrict specific pieces of Control Panel such as the Add or Remove Programs feature, or choose to prohibit access to the Control Panel altogether.


Figure 2: Viewing the GP Demo group policy through the Microsoft Group Policy Management Editor.

Another management option is Webmin. This freely available tool installs on the system running the Samba 4 server and provides a web-based interface to manage a wide range of internal server settings (add administrators and users, create new file shares, share printers, allow and deny hosts) and software. I was able to get it running on the Samba 4 appliance with just a few minor tweaks to the configuration settings. Figure 3 shows the Webmin Samba module, which includes an icon labeled SWAT (Samba Web Administration Tool). This is the native Samba management tool (see Figure 4), which handles all of the traditional Samba user administration and server settings.

In short, Samba does not yet offer GUI tools for managing the Domain Controller or GPO settings from Unix or Linux, but there are Python-based hooks into the internals of Samba 4 that should make these easy to build.


Figure 3: The Webmin GUI on Samba (above) and Figure 4: The native Samba Web Admin Tool (below).

Verdict

Samba 4.0 is definitely a zero point release, meaning it still has some growing and maturing to do. It is a good first step in providing a completely open source solution that mirrors much of Microsoft's Active Directory core functionality. Although the Domain Controller in Samba 4.0 appears to be stable, the single-domain limitation currently restricts it to small deployments. An obvious use case would be in education and training, where Samba 4.0 would provide a good platform for teaching domain administration. But in the real world, most small workgroups for which the Samba Domain Controller is suited will choose to do without.

On the plus side, there are new Python-based programmability features in Samba 4.0 that could prove useful to anyone looking for a way to either expand or more fully utilise the Samba 4 server functionality. PowerShell provides another avenue to script actions against a Samba Domain Controller.

Samba 4.0 is definitely early code and not enterprise-ready yet. As it matures, it will present an interesting option to larger organisations that rely on multiple Active Directory domains. If the Samba team meets its goal of a nine-month release cycle, we can hope to see a more scalable and useful version by late summer or early fall.



Share:

More from Techworld

More relevant IT news

Comments

davids said: the setting in webmin to tweak is in the module configuration the paths to the executables are wrong

D'anton said: Hello there Could you please tell us which configuration setting did you tweak for Webmin to work with Samba4

khaidir said: nice for samba

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *