Free Active Directory for your VMware Lab using Samba 4 (UCS 3.1)

Are you looking for a free alternative for a Windows based Active Directory controller? The recently published version 4 allows Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. This is a great replacement for a Windows based AD Controller if you want to use Active Directory features in your Lab.

With the new release of the Univention Corporate Server 3.1 (UCS) you can deploy your Samba 4 Controller in a few minutes. The quickest way is to use the preinstalled VMware Images.

UCS Installation

The UCS Appliance has a really small footprint. It only requires one vCPU and 1 GB of ram, which is much less than a Windows based Active Directory. The whole installation process takes about 20 minutes:

1. Download, deploy and boot the Univention Corporate Server Appliance
https://www.univention.de/en/download-and-support/ucs-download/preinstalled-vm-images/

2. Set your Timezone
3. Select "Domain controller master"
ucs1

4. Configure your domain settings (Usually only the Controllers FQDN). The Password must be at least 8 characters.
ucs2

5. Configure static IP-Address
ucs3

6. Optionally change SSL Settings
7. Tick “Desktop environment” and “Active Directory-compatible domaincontroller (Samba 4)
ucs4
8. Click “Apply Settings”

All further configuration is accomplished through the web management interface.

vCenter 5.1 SSO Integration

To authenticate against an active directory the UCS has to be added as Identity Source. This step can be accomplished through the vSphere Web Client:

1. Home -> Administration -> Sign-On and Discovery -> Configuration
ucs6

2. Add Identity Source
ucs7

3. Add your Identity Source to Default Domains
ucs8

4. Move your Identity Source to the Top
5. Save!
ucs9

6. Don't forget to set permissions for your Active Directory Accounts ucs10

You can now use your UCS to authenticate Users and Goups. For me this is a great replacement for a Windows 2008 R2 Active Directory controller which needs a lot of resources and tooks minutes to boot.

vMA 5.1 Integration

The vMA (vSphere Management Assistant) integration has not been changed and works without any flaws.

1. Make sure to set a Forward and Reverse lookup DNS entry in UCS
2. Deploy and configure vMA with static IP
3. Connect to the vMA using SSH (putty)
4. Join the Active Directory Domain

#sudo domainjoin-cli [Domain] [Username]
sudo domainjoin-cli join virten.lab Administrator@virten.lab

ucs-vma

1 thought on “Free Active Directory for your VMware Lab using Samba 4 (UCS 3.1)”

Maren Abatielos February 12, 2015 at 1:53 pm
As of February 10, 2015, Univention Corporate Server is available in version 4.0-1. Further information on this and prior releases in the Univention forum at:
http://forum.univention.de/viewforum.php?f=54 and in the UCS release notes at:
http://docs.univention.de/release-notes-4.0-1-en.html and
http://docs.univention.de/release-notes-4.0-0-en.html
:smile:

Free Active Directory for your VMware Lab using Samba 4 (UCS 3.1)

UCS Installation

vCenter 5.1 SSO Integration

vMA 5.1 Integration

Share:

1 thought on “Free Active Directory for your VMware Lab using Samba 4 (UCS 3.1)”

Leave a Reply Cancel reply