As i am new to linux and trying different things, Im wondering how in linux that we can create a domain server and how just like in windows you can join computers to that domain. Im currently using rocky, centos 7 and ubuntu. And im just curious and want to test to create a domain server and join computers to that domain.
Also is it possible for example my domain server is rocky linux and i would like to join my centos 7 and ubuntu to that rocky linux domain? Also is windows machine can be join to that domain as well?
The OP asked how to create a domain, freeipa isnât a domain, using their own terminology, â FreeIPA is an integrated security information management solutionâ.
The problem with creating an AD domain on rhel based distros comes from redhat deciding to push their inferior product (my opinion) and not to provide the functionality built into Samba that can provision as an Active Directory Domain Controller.
This leaves you with four options:
A) Use freeipa, but it isnât a DC.
B) Build Samba with the required code (hint, if you do this, do not use MIT, it is experimental).
C) Find ready built Samba RPMs that can be provisioned as an AD DC.
D) Probably the most controversial on here, use Debian.
Rocky and Centos (and by default, RHEL) do not have a domain, not unless you count a NIS domain and they are dead. Ubuntu on the other hand does provide Samba packages that can be provisioned as an Active Directory Domain, just like Windows, perhaps it doesnât have all the bells & whistles that Microsoft AD has (yet), but it is being used in some pretty large setups.
That does not answer what is a domain. For example, rockylinux.org is a (DNS) domain, but such domain is not a domain? âMicrosoft Active Directoryâ isnât really an answer either. IMHO, it is like saying that âdomainâ is an expletive.
Is domain perhaps centrally managed group of computers? Say authentication with Kerberos, account info in âdirectoryâ like LDAP, network defined via DHCP&DNS, time synced (to keep Kerberos happy), and âgroup policiesâ â i.e. system config â pushed to every system via configuration management âtowerâ.
I donât have FreeIPA, because it is made from such components and I already have the components, but FreeIPA definitely sounds like âsystem that joins computers to such collectiveâ. Yes, if Iâd start from scratch, then Iâd use FreeIPA today.
OK, yes, a domain is a centrally managed group of computers, with generally one place to control them (I say âgenerallyâ because there is a least one directory server that has multiple controllers and replicates changes from one controller to all other controllers)
The OP asked about creating a domain and then joining various distro machines to it, so this, to myself, sounds like some form of directory server. The OP then went on to mention joining Windows machines to the domain, this instantly ruled out freeipa, you cannot join a Windows machine to freeipa, you have to use trusts, NIS is dead (or as good as), so this just leaves Samba running as an Active Directory server.
Rather than Rocky, I would suggest looking into Zentyal Linux. It is based on Debian or Ubuntu⌠It offers something like an AD alternative. It is a modular system so you can also add other functions. The free Community version is not officially supported, for help you need to use the forums, but there is also a payed for version where you are entitled to help.
The âAD alternativeâ that zentyal provides is just Samba AD. Zentyal provides a lot more on top, but the point is that it uses samba as its AD. Samba AD will likely have schema and/or functional levels that are still lagging behind Microsoftâs AD. This may or may not be a problem in some environments, especially where Windows is used/required.
Yes, Samba AD is lagging behind Microsoft when it comes to the schema and functional level (the latter relies on the former), but there is lot of work going on to get these raised and it looks like this will come to fruition fairly soon.
There are a few other distros that are Samba AD at their core, such as Univention UCS and razdc, but they are usually a few versions behind the Samba head.
Do you really need to ask this question without being pedantic. Obviously from the question the OP asked and the wording involved he was referring to a Microsoft Windows AD domain. Which by common definition provides a Microsoft approved method of centrally managing computers and Users (Active Directory User and Computers), Roles (users) and functions (AD Forest support for Policies, and add-on components such as Exchange etc