Guest blogpost by Graham French
Graham F French is an IT veteran of almost two decades and specialises in virtualisation and cloud infrastructure technologies. He can be found on twitter at @NakedCloudGuy and blogs at thenakedcloudguy.com. He holds VCP5-DCV and MCSE qualifications and is currently studying for the VCAP-DCD.
Microsoft has sounded the death knell for TechNet and if, like me, you use it for your own home lab, then an alternative to Microsoft Active Directory is needed.
A few years back I was looking to substitute Microsoft’s AD. I still needed to have some sort of authentication and authorisation platform, but I was becoming frustrated at having to build an AD infrastructure for quite a few small proof-of-concepts that I was building, for a large programme of works for a central government client.
After some intense research, better known as Google, I came across a German open source product called Univention Corporate Server, otherwise known as UCS, at http://www.univention.de and I’d never heard of it. But it had at least one redeeming feature; it offered Active Directory style service and ran on an open source Linux kernel.
I downloaded it, put it onto VMware Player and started to learn more about it. However, events overtook the Proof of Concept work I was doing and parts of the project were moving towards live implementation, so I also moved onto this work and forgot completely about UCS and Univention.
That was back in the mid to late 2000’s. Fast forward to 2013 and I decided to take another look at this Linux based AD alternative, but couldn’t remember the name. A quick bit of Googling brought me back to the same, but updated, German based website. This time I had the option of downloading a ready made, VMware friendly virtual machine alternative, instead of the binary that I used last time. You don’t have to give your name and address details, but you do have to confirm that you are going to use this under a restricted personal license. A few minutes downloading and after starting VMware Fusion on my Mac, I’m ready to get started. Simply double clicking on the .vmx file opens the Virtual Machine within VMware Fusion and we are off! (VMware workstation or VMware Player will easily get the same effect).
The first screen to greet you is the green start-up screen. Once this has booted up, you are given a series of setup screens, the first is to create a Master Domain Controller, this is the same as the first Microsoft AD Domain Controller (although you do have the option of joining an existing AD Domain). Successive screens then allow you to customise regional settings, Domain Name and IP Addresses etc.
The basic software settings offer additional options for the type of services you want to add into this Microsoft alternative, such as a basic web mailer, Active Directory Connector or Nagios monitoring.
After the setup completes you are presented with a Linux KDE desktop environment, but this isn’t used for domain administration, all administration is undertaken via the Univention Management Console (UMC) via a web browser. The IP Address for the UMC is the same as the one used during the initial setup, but use the ‘Administrator’ login, with the password that you allocated during setup.
The UMC can check to see if there are any updates from Univention, which at the date of this blog post, there was one single update available.
Creating users, Groups and Policies is very straightforward and if you are used to Microsoft’s AD tools, you will find the transition to the Univention interface is quick and easy.
As this is a personal license model, you are restricted to the number of users you can create to five, so planning your requirements beforehand is vital, but as this is for a home lab scenario, it shouldn’t pose too many issues.
If you decide to use this in a production environment, you can install the personal license first and then easily upgrade the license without having to rebuild.
So, if you decided to use it in production, how easy is it to use something like Group Policies? In a Microsoft environment, this is a relatively straightforward process.
But in UCS, if you want a simple policy to implement, there are not a lot of standard policies to choose from. One of the built in policies is the password policy. If you have a look at the screenshot below, you can see that it’s relatively simplistic.
I also had a look at creating one from scratch, but after several minutes of head scratching, decided it was better to RTFM and refer to the handbook. The dozen or so lines of information barely cover the basics and as I’m not a Linux administrator, it made very little sense to me.
On the other hand, the interface for Group Policies within Server 2012 couldn’t be simpler.
I’m using it in my own vSphere home lab on a regular basis, it’s easy to setup and use for AD authentication without the Microsoft costs. I’d certainly recommend that you also give it a try! 🙂