Centrify-enabled Samba architecture

The following figure provides a conceptual view of the complete solution architecture using Active Directory, Samba, and Centrify for Samba components.

If you have not been using Samba up to this point, or if you have been using an older Samba security method (such as user or server), the integration process makes it easy to configure Samba as an Active Directory member.

On the other hand, if you have already been using Samba as an Active Directory domain member and have assigned UIDs and GIDs to Active Directory users and groups, the PERL configuration script helps to resolve conflicts when Samba and authentication, privilege elevation, and audit and monitoring services are integrated.

The integrated solution, composed of the DirectControl agent (installed separately), open-source Samba, and adbindproxy, provides the following:

  • Samba and the DirectControl agent use the same Active Directory computer object without conflicts.
  • Consistent user and group attributes are applied on files across Windows, Linux and UNIX computers.
  • All UNIX user identity attributes, including the UID, GID, home directory, and login shell in UNIX profiles, are centrally stored and managed in Active Directory.
  • Both Kerberos and NTLM Samba authentication methods are supported.
  • Standard Samba access-control features are implemented and augmented by the Centrify zones technology.