Weekend Project: Replace Active Directory with Resara Server and Samba4

1136

Samba4 aims to be a drop-in Active Directory server replacement. It’s still in alpha, so the easy way to try it out is with Resara Server, which supplies a polished administration console and decent documentation. So grab your Windows peecees and come take Resara for a spin.

Resara is Easy Samba4

Active Directory is the keystone in Windows networks, so an open source replacement for it is very big deal. Samba4 is designed to be an AD replacement, and it is the only open source project with this goal. Samba4, like Samba3, is a LAN manager that supports Windows, Mac, and Linux clients. Samba4 is in alpha, so you don’t want to put it on production machines yet. But you can start getting familiar with it, and this is a good time because the Samba team expects their first 4.0 release to come out this year. It’s been a long journey, as Samba4 has been in development since 2003.

There are multiple ways to get Samba4. You can download alpha sources, nightly builds for those who find that alpha releases are not adventurous enough, and your distro might have packages.

The easy way is try a nice prefab setup like Resara Server. Resara integrates all the pieces, supplies a good graphical administration console, and has decent documentation. You can download full ISO images, a VirtualBox OVA image, or just install the Resara packages on your Ubuntu system. The latest release of Samba4 is 4.0.0alpha20, and Resara Server uses 4.0.0alpha17.Figure 1: The Resara Server desktop and login dialog.

There is a good detailed howto on installing, configuring, and testing a Samba4 domain controller, which includes some helpful videos. This is also a great help with Resara server.

Keeping Windows Happy. Ha.

The idea of creating a drop-in replacement for Windows Active Directory is a noble one. AD is expensive in multiple ways: overpriced over-complicated licensing, high hardware requirements, inefficient cumbersome administration, and gratuitous lockin “features”.

On the client side, Windows PCs are very particular about how they connect to a network, and they require some kind of AD support for almost everything. Adding to the fun, AD relies on Kerberos, DNS, and LDAP. But not nice ordinary Unix Kerberos, DNS, and LDAP; it wants special “enhanced” features just for Windows. (You didn’t expect real interop, did you?) Microsoft networking protocols rely on remote procedure calls (RPCs) in amazingly creative – or bizarre, take your pick – ways that are difficult for a third party to implement. Samba3 will never advance beyond being a Windows NT-style domain controller and Active Directory member. Replacing Active Directory server is Samba4’s special job.

Resara For Small Shops and Simple Networks

I tested Resara Server 1.1.2, released April 18, 2012. This is a minor bugfix to the major January 1.1 release. I tried the standard commercial version, which offers a 30-day free trial. There is also a free-of-cost community edition and an enterprise version. The free version includes:

  • Active Directory-style domain controller
  • User management
  • Network host management
  • File shares
  • Automatic drive mapping for Windows clients

The commercial and enterprise additions include WebDav for Web-enabled file sharing, technical support, server configuration backup, and multi-server replication with failover. Standard costs $749.99 for up to two servers, and the enterprise price tag of $1199 is for unlimited servers. The price tag includes a year of unlimited support. That’s all you pay – there are no user or client licenses, and no additional software licenses for the myriad services and applications that make up Resara Server.

Resara also offers a number of hardware bundles. The Mini costs $1299.99; it’s small, quiet, includes two hard disks in a RAID 1 configuration, and supports USB-attached storage. The Pro starts at $1799 and the Rack at $1899. These are the same except for the form factor, supporting a maximum of 6TB storage, hot-swap RAID 5, dual NICs, and an Atom D525 processor. All three have a three-year hardware warranty and one year of unlimited support.

Installation and Getting Acquainted

Installing Resara was a bit mind-bending because it’s stock Ubuntu 10.04 LTS with the GNOME desktop, so the installer messages are all about desktop apps like F-Stop, chat, and OpenOffice. Other than that little bit of dissonance for a LAN server it was uneventful, a typical easy fast Ubuntu installation. The partitioner was a bit annoying; I chose to let the installer automatically partition the whole disk, expecting that I would have a chance to review this and make changes. But no. It divided the disk into a root and swap partitions, and did not report their sizes or offer an option to make changes. The advanced button only gave bootloader and network proxy options.

Resara uses the generic Ubuntu kernel, rather than the server kernel. The Resara Admin Console requires a graphical desktop environment. This can be on the server, or you can run administer it remotely because the Admin Console can be installed on any Linux, Mac, or Windows PC.

The Admin Console has a clean appearance and logical organization. It supports the usual configurations: users, groups, networks, network hosts, shares, name services, and storage management. A nice feature is being able to manage LDAP organizational units (OUs) from a graphical interface. You can control all the usual Windows folderol such as roaming profiles, user file storage, and login scripts. A rather large missing piece is a group policies manager; you have to edit group policies on a Windows machine using the Windows remote server administration tools.Figure 2: Setting up WebDav in the Admin Console.

Active Directory protocols are extremely picky about time and DNS, so Resara sets these up during installation. When you’re joining A new Windows clients to a Resara domain, make sure that the Resara server is the only DNS server configured on the client.

Resara server can be joined to an existing AD domain, but this is not supported in the Admin Console. If you want to try this, follow this Samba4 howto.

Migration

The Samba team plan to include a tool for migrating from Samba3 in the Samba 4.0 release. Migrating from Active Directory is a lot trickier. One way to do it manually is to join Resara/Samba4 to an existing AD domain, replicate it, and then promote the Resara/Samba4 server to primary domain controller. I think that providing a good utility to automate this process will be the #1 driver of Samba4 adoption.

The current release of Resara is good for smaller shops with fairly simple networks. It’s fast and easy, and doesn’t require an über Linux or Windows guru. But, the Admin Console is not complete, and you’ll still want to be acquainted with the command line for complete functionality, remote administration, and troubleshooting. There isn’t any documentation for the Resara commands, which are in the rdsutils package. The Resara people are active in the forums and IRC, so you can usually get fast answers. There is a secure VPN option to let a Resara support engineer log into your server and examine it remotely.

Should you buy Resara server for your business? If you’re already a Samba and Linux guru, you probably don’t need it. If you want a nice prefab system that’s ready to go to work, Resara has a lot going for it. Check out the free trials and then decide.