1. Introduction

Once a Windows-based network grows beyond around a dozen computers, setting up a Primary Domain Controller to simplify and centralize the management of users, computers and network resources becomes a must. But does the Domain Controller necessarily have to be a Windows machine, thus meaning the end of our project of a completly OpenBSD-based server network?

Of course not! Once again, OpenBSD comes to our rescue and, with the help of a few additional pieces of software, it will turn into a full-blown, secure and reliable Domain Controller. In particular, the pieces of software we will use are the following:

an open source implementation of the Lightweight Directory Access Protocol (LDAP);
an Open Source/Free Software suite that provides secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others;
a set of perl scripts designed to manage user and group accounts stored in an LDAP directory;
Bind (Berkeley Internet Name Domain)
an open-source software that implements the Domain Name System (DNS) protocols for the Internet;
Clam AntiVirus
a open source (GPL) anti-virus toolkit for UNIX;
a proof-of-concept module for Samba, which uses the VFS (virtual file system) features of Samba 2.2.x/3.0 to provide an on-access Samba anti-virus;
CUPS (Common UNIX Printing System)
a standards-based, open source printing system.

We have already discussed Bind configuration in a previous document entirely dedicated to OpenBSD and DNS, so we won't come back to this topic now. Therefore, throughout this document, I will assume that you have already set up a fully functional Domain Name Server and that it correctly resolves the domain names of the client machines that will connect to the Domain Controller. Please note that this is a fundamental prerequisite for successfully building the Primary Domain Controller, since nmbd(8) will rely on DNS to resolve unregistered NetBIOS names.

Also a working knowledge of OpenBSD is assumed, since we won't delve into system management topics such as base configuration or packages/ports installation.