This year's sambaXP tutorial covers two interesting topics at once:
Setting up GPOs with Samba
Using GPOs is a fundamental technique in the Windows-world to mange the access to resources or to configure systems. One of the main topics in using GPOs are roaming profiles and folder redirection. Roaming profiles makes only sense if you also use folder redirection. If you don't use them, the profiles become too big. The problem is: every time a user log in to a Windows-client the profile will be loaded via the network and if the user log off, all profile data will be send via network to the profile share. So redirection is very important. Samba can also configure the GPOs for roaming profiles and folder redirection.
In the first part we will create the GPOs and configure a Samba file server to store users home directory and roaming profiles. We will also configure folder redirection and take a look on how Samba mange to store both: user data and redirected data from the roaming profile.
In the second part we will see how Samba is managing the Linux-GPOs. Starting with Samba 4.14 it is possible to set up GPOs for Linux-hosts. In this part of the topic we will configure the domain controller to handle the Linux-GPOs and we will take a look which GPOs you can set up. We than configure a Linux-client to use the GPOs.
Disaster recovery of an Active Directory
Running an Active Directory with more than one domain controller will prevent you from a single point of failure. You should always have at least two domain controllers to store your objects and manage the user authentication. But what will happen if the whole Active Directory crashes? Then you need not only a backup of your Active Directors database, you also need a strategy how to recover your domain. We will take a look at what do you need to backup to bring your domain up again. We will backup from a running domain with “samba-tool” and recover the domain from the backup, up to the point that one domain controller will be back online.
What do you need to join the tutorial?
- PC (BYOD) with “VirtualBox” and “Vagrant” installed
- A Windows VM to test the setup and running RSAT
- Webcam and speaker with microphone for interaction
You need at least a PC with 16GB RAM to install the setup. The Vagrant-file will create 3 Linux-Hosts and you also need to install a Windows-System.
If you don't have a Windows-VM you can download an evaluation Version from Microsoft https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/ Download the VirtualBox version and import the VM to VirtualBox. It's a full featured version valid for 40 days.
You will get a handout including all steps to be able to recap independently after the tutorial.
All the Linux-systems will be prepared - You will get a “Vagrantfile” to set up all the Linux-VMs needed for the tutorial.