Any IAM system is concerned with defining and managing the roles and access privileges of users on a network, whether these users be employees, customers, or vendors. The core idea of IAM systems is that each user should be assigned a unique identity, and the associated level of access should then be managed throughout the user’s “lifecycle.”
Samba Active Directory (Open Source) can be used to solve access and identity verification for your organisation or business. Samba comes with no lock-in and can integrate with public and private cloud services. Samba 4.0 can serve as an Active Directory Domain Controller, provide DNS services, handle Kerberos-based authentication, and administer group policy.

Samba Active Directory – Architecture & Solution Details

  • The standard architecture – implemented in one of the commercial banks with over 1200 branches and around 12500 users Solution here included:
  • 4 Domain controllers, spread over 2 locations, all built on CentOS 7.x OS and Samba-AD version 4.12.
  • AD Management is being done with Microsoft Windows RSAT Tool
  • Access Control, Group Policies are all defined in Samba-AD
  • Different security devices, applications including core banking, & digital transformation applications are integrated with Samba-AD for central authentication.
Samba-AD – Advantages & Limitations
Advantages Limitations
Fully open source software released under GNU GPL v2 license that is free to use and free to distribute In case the customer needs to use Sites and Trusts features, customer has to use the Windows RSAT management tool only. No limitations on the user or the computer account count, no licensing lockdowns. No limitations on number of domain controllers and their licensing.
Support for Windows Server 2016 / 2019 schema is still under development/testing. Can still coexist with Windows Server 2016 or 2019 with workarounds.
No unlearning or relearning process. Administrators or the users do not glean any difference between either Microsoft AD or Samba-AD Implementation or upgrade process needs Linux Expertise

Samba-AD – Supported Applications for integration

Any application / device that supports Microsoft AD and standard authentication protocols can be integrated with Samba-AD out of the box without any specific customization.

Some Examples are:

  • Security Devices: Cisco Integrated Security Engine, HP ArcSight SIEM Solution
  • Core Banking Application: Finacle
  • ERP: SAP
Conclusion

Gleaning from the above points, it won’t be incorrect to say that Samba Active Directory can completely and economically replace Microsoft Active Directory because you get the same functionality along with additional features and without having to pay a heavy licensing fee. When it comes to Samba AD, all you need to do is implement the directory service, and you’re good to go.