I’ve done some experiments in preparation to doing the tutorials. I have gotten Samba to act as a DC, as well as support LDAP over TLS connections. There were a few hiccups here and there, but mostly it was just user error. For instance, I misunderstood the proper placement of the certificates. There was a path /etc/samba/tls where it looked like they should go, but they actually go in /var/lib/samba/private/tls ( unless you built it yourself, in which case they go in /usr/local/samba/private/tls ). It’s good for me to get these hiccups out of the way now, so when I do my write-ups, I can account for those and prevent others from falling in those traps.
In any case, I shall continue with my preparatory investigations by testing Linux LDAP management interfaces. I have a couple that I definitely want to look into first, namely PHPLDAPAdmin, and Apache DS Studio. There are a couple others I’m considering, but that will depend on how my primary investigations go. I want to get it all written up, so I don’t want to waste my time on every possible combination of tools.
Another thing I learned is that while RSAT tools are great for managing a Samba DC, other tools, such as the group policy tools don’t seem to do much. I ended up resorting to the command line to manage things like password complexity rules. I’m hoping that the Linux utilities might fill in some of those gaps, but given the state of Linux AD tools, I’m not holding my breath.
My goal behind this process is to eventually replace all the closed source tools I use with open source alternatives, as well as to document how to integrate them together in a stable environment. The documentation is mostly for me, but in the spirit of openess, I’m sharing it all with the world as well. Some of these tools will be easier to replace than others, and some will be absolute nightmares, I’m sure. When all is said and done, it is my sincerest hope to have a fully functional enterprise class network on a home lab budget.