I am looking for a smaller scale AD solution for small business/home business clients. What would you suggest for a centralized authentication/user administration platform? I’ve tinkered with LDAP and FreeNAS as “user rights” platforms, but know that you are strictly a linux (for the most part) environment. Can you share any of your secrets without compromising security? Thanks!
I havn’t used it myself but have heard great things about the Synology software suite which includes their own version of AD.
As I like to say, there are no secrets. I have not seen anything that is as full featured and works for Windows authentication as AD. This is why most ever system, even FreeNAS offers integration with it.
Take a look see at Centrify
What would you suggest for the alternative to AD for centralized username/password authentication for file sharing? It is an office of 4 people and I think AD is overkill for that. Maybe I haven’t played around enough with LDAP?
If you are using FreeNAS or Synology, the user their / pass system that is built in to either of those systems.
I would recommend Univention Corporate Server (UCS, for short). I use it as a DNS for my network, but since 2 weeks back I’ve started fiddling with the AD-part of the appliance. So far I’ve connected 5 Windows VMs to it with no problem, it being a Windows-AD-compatible installation of LDAP and other software.
Would love to deploy on a real customer in the future.
Shall start testing out more features soon.
FreeNAS has an option to run as a domain controller as well, not sure if that is what you are talking about when you say you’ve tinkered with it. It is under services>domain controller. I have tested it out a few years ago for a few months and it ran fairly well, although the initial set-up may have been fairly involved. Once the service is enabled and configured the rest can be managed via RSAT from a windows machine, you should then be able to join the domain. The file permissions are also managed from a windows machine, you just have to make sure your share is set-up to use Windows permissions instead of Unix.
I have tested a few over the years but have given up about 5 years ago. The ones that stand out are Zentyal which kept kicking member machines out for some reason at random intervals from a few weeks to a few minutes, and UCS which was limited to non-commercial use with 5 free users, or commercial use paid per user/year (I think) not sure if it still is.
These days any of our clients without an on-site server/AD are using Office 365 which comes with Azure AD so we just set-up a domain in azure and connect them to that. The features of the Azure AD will differ depending on the O365 plan but I believe basic user management functionality is still there in most business plans. I don’t believe the O365 Home plans include any of this so unless home users are willing to get a business subscription - they are out of luck.