Hey all, sorry for the low level question, but basically I’m looking for the easiest way to set up something like a Windows AD. This would be for something like 10 computers at a local church where I do a lot of their infrastructure work. Is also be interested in sound something similar on my home network, but a while directory is probably overkill. And any suggestions on learnings or other suggestions appreciated!
LDAP
And LLDAP for something lighter
Depends on what you’re looking for? Common logins? A way of mass applying configurations and policies or to multiple computers? Way of doing centralized shared file stores?
There’s no true 1:1 in Linux, but there are multiple applications that can cover all of the functions. As one person said, LDAP, but that’s a protocol that can be served via multiple applications. Samba is one that offers an AD like system that would probably cover SoHo type needs. Things like openldap, 389 server and other can do pure directory/authentication but may not meet everything.
Depends on what you’re looking for? Common logins? A way of mass applying configurations and policies or to multiple computers? Way of doing centralized shared file stores?
I’m actually kind of looking for all of this. Everything there is currently Windows, but it’s kind of hard to upgrade everything without paying money haha. I was wondering if I could do a version of Linux because as a non-profit we have a free google workspace account. It would be nice to move away from the Windows teat(especially because we have a free productivity suite in Google Docs), but that might be a hard battle to win.
I’d start by looking at Samba then. That’s probably gonna be your closest 1:1 replacement. It can even act as a domain controller for Windows systems too.
In Unix, there is a philosophy of small utilities that do their job well and are easy to integrate with each other. You don’t find one thing that does everything in Linux the same way you do with AD, but you might find something that does most of it.
I’d look at SSSD and FreeIPA, those are probably the closest you’ll get. Put in Ansible and you’ll be fine. You might also look at what Google can do on its own with ChromeOS
Depends, what are you going to use it for? Just authentication? OpenLDAP if so. If you want a full AD equivalent, it’s still AD via Samba.
What are the church’s requirements?
Right, so the church itself has no idea what they want/need. I’m basically doing all this set up for free, just so I can say I’ve done it. What I was really hoping for was authentication, but also group policy management and file share. Thanks for the response!
Non profits qualify for 10 free business premium licenses with MS. Hopefully a Linux cloud provider has something similar. You don’t want to have to go back to the church every week right?
The church being a nonprofit organization may be able to get GSuite for a super low cost or free.
While LDAP/Samba are the canonical answers for “what is the AD equivalent for Linux”, I would also like to point out that you could save yourself the time to maintain this by using an AD SaaS solution like Jumpcloud or similar that supports Linux. Given that you said it’s for a church with about 10 computers, there might be a discounted or even free option (eg under the nonprofit category).
AD is basically LDAP+Kerberos, plus some tools to manage system and user configuration using LDAP.
So for Linux it would be those two tools, and roll your own tools for config.
Or just use Samba which handles a lot of this in the same way as AD.
Thanks for the response! Can Samba handle things like group policy as well?
https://shape.host/resources/advanced-samba-configuration-in-debian-a-comprehensive-guide
https://wiki.debian.org/LDAP/OpenLDAPSetup
That should get you going on a near peer feature set to AD
If most of the boxes are Windows, probably Samba4.
But if you’re mostly using Linux, FreeIPA is actually really nice.
FreeIPA
Ho shit! I never actually heard of this before, but I’m interested now. I’ve been using Fedora on my personal laptop…and have been wanting to switch to Linux on my gaming PC. I haven’t made the leap yet though as I’m not 100% comfortable being without Windows. I know dual booting is a things but I haven’t done that in a decade and would rather just have one OS on my Pc. Thanks a lot for your response!
FreeIPA, and there was another one but its an enterprise level system, can’t remember the name.
Centrify?
Zentyal is a thing. I don’t know much about it. https://www.zentyal.com/community/
Damn, I hadn’t heard much about this either, but it does seem like a full replacement for Windows server with AD. I’ll for sure be checking it out, thanks!
I used this at v4.0, everything worked great for getting both lin and win 7 clients to play ball except the win7 machines would eventually keep claiming the machine key had expired. It was sooo irritating.
Why has no one mentioned freeipa/redhat IDM!
Another vote for Zentyal http://zentyal.com/ Basically AD on linux, with a nice GUI to boot.
Zentyal seems to be the closest direct replacement for Windows Server. I’m downloading it now to take on a test drive, thanks much! EDIT: Actually, it seems the link to download the community edition is broken?
There isn’t really a direct equivalent. AD is a great product. Best to focus on the individual pieces instead of the whole package for a replacement.