The following document provides a synopsis of the Samba Directory (Samba 4) Beta 1 release for ClearOS Professional.
Samba 4 provides an Active Directory environment powered by open source. What may be surprising to those coming from Samba 3 is the fact that Samba 4 also includes a full LDAP implementation. In other words, Samba 4 not only provides file and print services, but also supports LDAP extensions and connections.
In ClearOS, Samba Directory is baked right into the operating system. How is this done? ClearOS uses a driver model for the accounts system (users and groups). One of the steps that you see when you install a ClearOS system is the account system driver selection (see adjacent screenshot). Once the final version of Samba 4 on ClearOS is released, you will be able to choose from one of the following account systems:
Once selected, ClearOS will use the driver in its normal and native way. In other words, there's no synchronization going on between Samba 4 and other directories or user databases. When Samba 4 is running, all apps and services on ClearOS query the Samba Directory. Clean, reliable and simple.
From an end user's perspective, the user interface remains the same. The underlying driver handles all the details.
The Samba Directory Beta 1 requires ClearOS Professional 6.5.0 or later. The app is not yet compatible with a few apps (notably, Flexshare), but it is certainly far enough along for kicking the tires.
Samba 4 needs to be installed before you initialize the accounts system. Proceed through the first boot wizard as you normally would, but please do not install the following incompatible apps:
The Directory Server (OpenLDAP) and Active Directory apps are different drivers for the accounts system, so these also naturally conflict as well.
Just after completing first boot wizard, run the following commands to install Samba 4:
yum --enablerepo=clearos-updates-testing,clearos-professional-testing install app-samba-directory
Go to <navigation>System|Accounts|Account Manager</navigation> in the menu and select the Samba Directory option. The next section provides information on how to configure the app.
Please see the User Guide for configuration details.
In the first alpha, the user and group interface was set to read-only mode and users/groups needed to be added from the command line. With the beta 1 release, the users and groups web interface behaves exactly as it does with the OpenLDAP driver!
With a few users and groups added to the system, go ahead and use the standard Linux command line tools for viewing users and groups:
# getent passwd test1 DOMAIN\test1:*:3000017:100:Test1 Guy:/home/DOMAIN/test1:/bin/false
# id test2 uid=3000018(DOMAIN\test2) gid=100(users) groups=100(users),3000019(DOMAIN\pptpd_plugin)
Samba Directory (Samba 4) is under the hood, but the usual Linux tools work seamlessly. Here are some helpful links:
To make a long story short, most (if not all) of the Red Hat family distributions use the MIT Kerberos implementation, while Samba 4 uses the Heimdal implementation. These two implementations do not play well together in certain situations and this needs to be resolved. The Samba Team and Red Hat are working on the integration, but no ETA is available at this time.