Comment my experience with this configuration (Score 3, Informative) 286
I've looked into using Linux with OpenLDAP, SAMBA and Kerberos before and in it's current state it simply isn't going to work as a replacement Windows domain controller.
All the key components exist, but none of them are well enough integrated to provide a convincing solution. Notably, Windows machines that log onto a domain use a microsofti[sz]ed version of the LDAP standard, CLDAP (Connectionless LDAP) which from my understanding OpenLDAP doesn't want to support because it's non-standard. This makes it's unsuitable for a Linux-based domain controller but suitable for most other tasks. Also, SAMBA 3 doesn't support Kerberos as an authentication backend, and so password synchronisation and single signon is difficult in a mixed windows and *nix environment.
The up and coming SAMBA 4 is promising to fix these shortfalls, with an inbuilt implementation of CLDAP, support for Kerberos authentication, etc. Until this happens, SAMBA and LDAP aren't going to meet the requirements of most medium size businesses as a replacement domain controller.
The lesson I learnt from my research is that a Windows server currently makes more sense for a Windows environment for things other than relatively simple implementations that a Linux one.
Graham
All the key components exist, but none of them are well enough integrated to provide a convincing solution. Notably, Windows machines that log onto a domain use a microsofti[sz]ed version of the LDAP standard, CLDAP (Connectionless LDAP) which from my understanding OpenLDAP doesn't want to support because it's non-standard. This makes it's unsuitable for a Linux-based domain controller but suitable for most other tasks. Also, SAMBA 3 doesn't support Kerberos as an authentication backend, and so password synchronisation and single signon is difficult in a mixed windows and *nix environment.
The up and coming SAMBA 4 is promising to fix these shortfalls, with an inbuilt implementation of CLDAP, support for Kerberos authentication, etc. Until this happens, SAMBA and LDAP aren't going to meet the requirements of most medium size businesses as a replacement domain controller.
The lesson I learnt from my research is that a Windows server currently makes more sense for a Windows environment for things other than relatively simple implementations that a Linux one.
Graham
