Meet Univention: Linux Alternative To Windows Domain Controller

Univention Corporate Server (UCS) is a Linux-based solution to manage your IT infrastructure.

It is close in concept to a Windows Domain Controller or a NIS server. While all the building blocks (OpenLDAP, Kerberos, Samba and so on) are largely available and already deployed on countless networks, UCS aims at lowering the entry barrier for switching to a Linux-based network infrastructure.

Instead of tweaking configuration files and handling interoperability issues by yourself, UCS provides a Web-based interface to manage your domain, including computers, users, shares and many other entities.

We talk about UCS here because this is an open source solution based on Debian. You can checkout the sources from the SVN repository here. Not only Univention promotes the use of Linux server-side, but client-side too, since they provide very mature Ubuntu support including image rollout and remote administration.

Discovering Univention Corporate Server

The core functionality of an enterprise server is to manage users and groups, devices (computers, printers) and network (DHCP, DNS). UCS aims at being much more than that because of its pluggable architecture. Simply said, you can add “modules” or “apps” that will add extra services to your server.

UCS is designed to operate as well as in a Linux-only environment and in a heterogeneous Linux, MacOS X, and Windows environment through Samba and Active Directory support.

For Linux on the desktop, Univention provides customized Ubuntu images that can be remotely installed and maintained on the client via PXE. I didn’t test that, but apparently, you can build your own custom images, which is a must to tailor the users’ environment to their needs.

Modular design

As part of their solution, Univention UCS supports what they call “Apps” whose goal is to add services on top the core UCS infrastructure.

Some apps are provided and supported by Univention. Some other by third parties. Through apps, you can add to your UCS server support for common enterprise services such as email handling with Fetchmail and AV Mail or printing with CUPS as well as a couple of business-oriented CMS.

Other apps may be used to improve Windows integration (Integrate UCS in existing Active Directory or Office 365 single sign-on). Finally, task-oriented apps are available too, notably to support developer tools (JIRA, Jenkins) and VM or cloud users.

Some of the applications--or «Apps»--available for UCS

Surprisingly enough I didn’t find any Database-related app. As of today, you cannot manage MariaDB or MongoDB through UCS. But this will surely come as third party Apps.

Who is behind Univention?

Univention Gmbh is a Germany-based enterprise. Behind Univention, there is Peter Ganten who is as of 2017 the chairman of the Open Source Business Alliance— a German lobbying group promoting the open-source movement.

How much does that cost?

The Univention system is based on open-source software. And you can use the “Core Edition” free of charges. Business users will probably turn toward a yearly subscription through in order to have business-class support.

The subscription includes fixed yearly fees for the server and per-client license fees after the first 10 clients.

Pricing details are available on Univention website.

First experience with UCS

In order to have the first taste of UCS, I’ve set up a small virtual network made of one server and a couple of client hosts. UCS is only available for Intel/AMD 64-bit environment. And I used Qemu/KVM virtual machines on an Intel Core i7 host for that test.

My test UCS server was installed from the just released UCS-4.2 DVD ISO. For the clients, I used the Univention Corporate Client (UCC) module to roll out the Univention-customized Ubuntu image on them. Except for one client which was a newly installed genuine Debian Jessie system.

I reserved 2GB of RAM for the server and 1GB for each client.

My test machines

Server installation

The server installation went flawlessly and the process should be familiar to anyone already having installed Debian or a Debian-derivative in graphical mode.

While setting up the server, you can install a couple of modules (CUPS, Fetchmail, Sendmail, RADIUS, Squid, Nagios, … ) In addition, you can install the KDE desktop environment if you want to access the web-based administration interface from the server itself rather than remotely. I didn’t use that later option myself, as I intended to access the web interface using my standard browser running on the VM host. Given the limited resources of my test system, I performed a rather minimal UCS installation.

I must say the UCS server installation and usage was incredibly easy— once I fixed a couple of initial misunderstanding:

  • The administrative account is “Administrator” — not “root”
  • Despite its name, the Univention Corporate Client (UCC) is not the client software, but a server module used to manage clients.

Could you believe it, I had to contact the Univention support to understand that! I take that occasion to thank them all— as, while not being a paid user, the people at Univention were incredibly supportive and pointed me to the right direction.

Worth mentioning for core (aka, non-paying) users, there is a community support through a forum— but it was down when I started testing UCS. It was back online a few days later and has proven to be a great source of information from there— even if many threads are written in German.

UCC client installation

Once I finally understood what UCC was, installing the Ubuntu client machine was a formality. Through the UCS administration interfaces you “create” your computer by registering their name, MAC address, and subnet (for IP address assignation)–and choose the image to install on the next boot.

Image management setup for UCC clients

You then have to ensure your client will boot on PXE–et voila. At the next client startup, it will get a DHCP address and boot image from the server, and after confirmation, the configured disk image will be installed onto the client hard drive.

Few minutes after that you will have a working Ubuntu client, having joined the domain and you can log into that system using the credential for users created in the UCS administration console. No need to say you can install several clients at the same time.

%d bloggers like this: