Samba Directory - Beta 1
The following document provides a synopsis of the Samba Directory (Samba 4) Beta 1 release for ClearOS Professional.
What is Samba Directory
Samba 4 provides an Active Directory environment powered by open source. What may be surprising to those coming from Samba 3 is the fact that Samba 4 also includes a full LDAP implementation. In other words, Samba 4 not only provides file and print services, but also supports LDAP extensions and connections.
In order to avoid the pitfalls of confusing the trademarked Active Directory, we refer to the Samba 4 Active Directory implementation as Samba Directory in ClearOS documentation.
In ClearOS, Samba Directory is baked right into the operating system. How is this done? ClearOS uses a driver model for the accounts system (users and groups). One of the steps that you see when you install a ClearOS system is the account system driver selection (see adjacent screenshot). Once the final version of Samba 4 on ClearOS is released, you will be able to choose from one of the following account systems:
Once selected, ClearOS will use the driver in its normal and native way. In other words, there's no synchronization going on between Samba 4 and other directories or user databases. When Samba 4 is running, all apps and services on ClearOS query the Samba Directory. Clean, reliable and simple.
From an end user's perspective, the user interface remains the same. The underlying driver handles all the details.
The test installation is no longer supported and the notes below are provided for historical purposes. All future test versions will be provided in the ClearOS 7 release.
The Samba Directory Beta 1 requires ClearOS Professional 6.5.0 or later. The app is not yet compatible with a few apps (notably, Flexshare), but it is certainly far enough along for kicking the tires.
Samba 4 needs to be installed before you initialize the accounts system. Proceed through the first boot wizard as you normally would, but please do not install the following incompatible apps:
The Directory Server (OpenLDAP) and Active Directory apps are different drivers for the accounts system, so these also naturally conflict as well.
Just after completing first boot wizard, run the following commands to install Samba 4:
yum --enablerepo=clearos-updates-testing,clearos-professional-testing install app-samba-directory
Go to System|Accounts|Account Manager in the menu
and select the Samba Directory option. The next section provides information on how to configure the app.
Please see the User Guide for configuration details.
Managing Users and Groups
In the first alpha, the user and group interface was set to read-only mode and users/groups needed to be added from the command line. With the beta 1 release, the users and groups web interface behaves exactly as it does with the OpenLDAP driver!
Tips and Tricks
With a few users and groups added to the system, go ahead and use the standard Linux command line tools for viewing users and groups:
# getent passwd test1
# id test2
uid=3000018(DOMAIN\test2) gid=100(users) groups=100(users),3000019(DOMAIN\pptpd_plugin)
Samba Directory (Samba 4) is under the hood, but the usual Linux tools work seamlessly. Here are some helpful links:
To make a long story short, most (if not all) of the Red Hat family distributions use the MIT Kerberos implementation, while Samba 4 uses
the Heimdal implementation. These two implementations do not play well together in certain situations and this needs to be resolved. The Samba Team and Red Hat are working on the integration, but no ETA is available at this time.