Samba 4 released: The First Open Source Active Directory Compatible Server

This is huge! No other way of saying it.

An open source Active Directory implementation fully compatible nonetheless with Microsoft’s own solution is a game changer!

Here is the link to the announcement (their servers are getting hammered as of this posting):

https://www.samba.org/samba/news/releases/4.0.0.html

some quote’s so you can get an idea:

" LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, 
and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0
provides everything needed to serve as an Active Directory Compatible Domain Controller for
all versions of Microsoft Windows clients currently supported by Microsoft, including the 
recently released Windows 8."

"support for features such as Group Policy, Roaming Profiles, Windows Administration tools
and integrates with Microsoft Exchange"

"The Samba 4.0 Active Directory Compatible Server can also be joined to an existing Microsoft
Active Directory domain, and Microsoft Active Directory Domain Controllers can be joined to a
Samba 4.0 Active Directory Compatible Server"

I would also like to say: Big props to the Microsoft engineers who helped the Samba team bring this!

Time to fire up some virtual machines! 🙂

Advertisements

Installing and configuring a Linux NTP server

Blog entry under construction

Configure your own internal dedicated NTP server

This article can be standalone (Part 1) or as a precursor to my other Active directory time sync article (Part 2):

https://sysadminemporium.wordpress.com/2012/12/03/time-synchronization-in-active-directory-pdc-configuration/

For our purposes we’ll be using Ubuntu server.  I’ll be using 12.04  (LTS)  http://www.ubuntu.com/download/server

The tutorial should apply to most Debian based distributions. Other Linux distros should have very similar configuration setting might use a different package management than apt-get and not have sudo configured.

—————————-

Part  1. Install and configure the NTP server:

First we remove the ntpdate

sudo apt-get remove ntpdate

Then we install the NTP server

sudo apt-get install ntp

Next we need to very that it works:

ntpq -p

ntpq-p

and verify that the date and time are correct:

date

date

And this is it. 🙂

If you would like to play with more settings, here are some things you could change:

Remember to restart the server after any configuration changes so they can take effect:

sudo /etc/init.d/ntp restart

ntp_restart

Changing the upstream NTP servers to get updates from:

sudo nano /etc/ntp.conf

We can leave the default server list or we can comment/remove them and replace with whatever servers we prefer. For this example I choose two at random from this list: http://tf.nist.gov/tf-cgi/servers.cgi. (I found the default canonical provided server pools to be quite reliable so you can leave this setting alone)

ntp_server_config

Note. For lower latency google some local NTP server pools 🙂

Note 2. Adding iBurst to a server or more should speed up the initial synchronization with it.

NTP access

sudo nano /etc/ntp.conf

You can let the defaults stand:

ntp_time_share

If you would like a comprehensive guide to restrictions use this guide:

http://support.ntp.org/bin/view/Support/AccessRestrictions

—————————

Part 2.  Preparing system to act as NTP server for Active Directory

For the lab purposes let’s give it two NICs: one facing internet using DHCP eth0 and one facing the internal network with a static configuration eth1 (adapt the settings according to your topology and security)

Edit the network configuration:

sudo nano /etc/network/interfaces

to look like this (223.50.11.0 is the internal subnet used by the PDC):

nano_interfaces

restart:

sudo /etc/init.d/networking restart

Final result:

ifconfig_final

As we can see we gave the NTP server the 223.50.11.1 IP to use in the internal network (same one used by the forest root PDC).

Let’s make a DNS entry for it then:

dns_ntp

You can follow the rest:

https://sysadminemporium.wordpress.com/2012/12/03/time-synchronization-in-active-directory-pdc-configuration/