Using Active Directory with Debian & Samba

Like it or not, a lot of authentication uses Active Directory (AD) to manage users and resources. It’s a staple of the Windows world and until recently (Samba 4) there was no way to have a complete AD stack in FOSS to “talk proper AD”. Luckily, with SAMBA version 4.7 and later it’s possible to build an AD controller based completely on Debian and Samba. If you follow AD all the way back it’s just Microsoft’s take on LDAP with some extra secret sauce.

This new capability is a great step forward. However, it’s important to note that while the authentication will work as expected, some items may not work. The message is, “Try this but be aware there may be some areas that present difficulties.” That said, authentication, print servers and SMB file shares should all work if correctly implemented.

The home user among us may be thinking, “This does nothing for me” but even at home, for the techie types AD can be useful. Think of all those usernames and passwords across different systems that are all managed separately. If you could just use one across the entire breadth of your eco-system, wouldn’t that be great? AD makes this possible. One simple daily example is integrating AD management into FreeNAS so that you can log in using a centralised authentication. AD provides this, as well as being able to assign domain-based rights to SMB shares.

A key part of setting up AD