Identity Management for Home Network

Howdy Gals and Guys,

I am in the process of nuking my entire home network. Going to re-architect from the ground up. I am looking for an identity management solution that is Open Source and can connect to any service that reads from LDAP.

The reason behind this is that I want to make sure all wireless VLANs that have family information are as secure as possible. IoT devices can be on their own VLAN that have a bit more stringent security measures.

I want Mac, iOS, Windows, and Linux clients to connect to this network using the network logins. This solution also has to integrate with RADIUS, Nextcloud, OpenVPN-AS, and other services that use traditionally connect to LDAP


  • Samba in AD mode
  • FreeIPA
1 Like

i run Samba4 as an Active Directory DC at my home and i have built these setups for some local businesses also. as far as anything talking to it is concerned, it is a windows DC. any normal service request will work with it, and things like Group Policy on windows computers will even work.

makes mapped drives and folder security super nice.

Yeah that’s it as far as I know.

Samba AD is half-baked compared to FreeIPA but is compatible with more things with lower effort.

You can use Zentyal if you absolutely need a Web GUI for Samba AD.

i would say say SambaAD is the superior one of those options.
Windows RSAT works with SambaAD for management.

FreeIPA touts ‘AD integration’ SambaAD is an Active Directory server.

FreeIPA can establish one or two-way trust with an AD domain but last I checked it did not work with Samba AD. Also, it appeared to only apply to Kerberos so anywhere using password auth it wouldn’t work. That was a few years ago though.

I guess i dont get why someone would use AD and freeIPA. Linux and OSX and windows can all just be bound to AD. And SambaAD support LDAP and everything so other devices can auth to it.

Yeah, It seems like all the research is pointing to Samba since most of the libraries used for authorization tend to work with AD.

Unfortunately for me, the last time I used samba I did not have such a good experience. The network shares are not consistent with my implementation. However, I have seen QNAP and SYNOLOGY create file shares that work way better than windows and I am assuming they are using Samba under the hood. May be worth revisitng.

Thanks for the information.

If your environment has no Windows at all, admining SambaAD is not great. I’m all for cli, but I do want some sort of GUI, at the very least for password self service.

SambaAD is administered with WINDOWS RSAT. literally it is the Active Directory Users and Computers snap in. NO CLI required at all. you admin it the same as a windows DC. it appears like a windows DC. the 12 dozens times i have said this here it is again.


if you bind a linux or osx pc, it shows up as a computer, users can log in to them as users. on linux sudoers can be configured by group. on osx, i dont know, i dont use it that much.

additional utilities that allow pre-login services for AD (third party password reset, etc) work as if it was windows AD. it is functionally, windows AD.