back to article Samba 4 arrives with full Active Directory support

The team behind the Samba Project has released version 4.0 of its open source Windows interoperability software suite, the first version to offer full compatibility with Microsoft's Active Directory protocols. The Samba stack is by far the most popular solution for networking non-Microsoft platforms with Windows machines, but …

COMMENTS

This topic is closed for new posts.

Page:

  1. b166er
    Pint

    Now that's really good news.

  2. Anonymous Coward
    Anonymous Coward

    I reluctantly raise my hat

    to Microsoft for this one. I still don't like them but they deserve a little credit for their decision to let this happen.

    1. Captain Save-a-ho
      WTF?

      Re: I reluctantly raise my hat

      You mean credit for compling with the EU mandate to open up their protocols? That was April 2007.

      Glad to see this finally come to fruition, but nearly six years seems like a bit long to play catch-up to Windows Server 2008. Server 2012 was just released, so Samba 4.0 is still behind the 8-ball (no doubt, crouching to avoid the chairs thrown from Redmond).

      1. Anonymous Coward
        Anonymous Coward

        @Captain Save-a-ho - Re: I reluctantly raise my hat

        From Samba Team press release :

        [quote] The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable. [/quote]

        I'm fully aware about the EU ruling. My remark was about interoperability testing performed by Microsoft engineers.

        Hope this will make one less down vote.

  3. MacRat

    Microsoft Lock In

    Who can't appreciate that!

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft Lock In

      And the Microsoft Lock In still stands and shall stand.

      This is GPL3 so do not expect to see it in a commercial "all in one" product shipped in a "user friendly" wrap which your average SME can use. It is definitely not making its way into any NAS or "pre-baked" SME server.

      Having it in RHEL, Ubuntu, etc is nice of course. However, let's be real - it is will find it difficult to be widely adopted. Large enterprises have stopped using Windows storage and networking altogether. A lot of them use third party AAA systems too. Small enterprises mostly do not have IT nowdays. They are served by external shops which will not put this in place as this undermines their pricing (and justification for re-financing their Microsoft certs). The only place where this may possibly go is the odd SME shop that still has an IT dept which also needs to have a clue. That is a top order in this day and age. This leaves a very small segment of the market interested in this.

      So while a great achievement it is a bit too late and it is licensed in a way where it cannot dent Microsoft the monopoly. Take a bazooka, load a GPLv3 versioned rocket in it, aim at foot, fire. Just to put my point further - if it was not for GPL3, Samba would have still continued to ship with every Apple out there. _THAT_ would have done a serious dent in MSFT monopoly as shops which run hybrid environments are much more interested in reducing their MSFT dependence. Oh well... time to go under my bridge... Wake me up when a non-GPL3 implementation is released, I may actually put it into a product and ship it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Microsoft Lock In

        That's crap. Freenas, nas4free are just two examples of user friendly packages that use Samba. I use nas4free on a HP MicroServer and set up AFP/SMB and even a ZFS storage pool via the web interface!

        1. Anonymous Coward
          Anonymous Coward

          Re: Microsoft Lock In

          Quote: "That's crap. Freenas, nas4free are just two examples of user friendly package"

          Key words - buy hardware, get package, install.

          No vendor shipping it and that is for a reason and the reason is GPL3. No vendor supporting it and that is for a reason and the reason is GPL3.

          Let's face the facts and move along - shall we?

          1. Anonymous Coward
            Anonymous Coward

            Re: Microsoft Lock In

            OK; do you know any facts?

          2. Jeremy Allison
            Linux

            Re: Microsoft Lock In

            Stop the anti-GPLv3 fud, it won't wash here. I was on one of the committees tasked with creating the GPLv3 and I can tell you it's a *better* license for shippinging commercial FLOSS product than GPLv2. If you don't believe me believe IBM, EMC, Symantec, Dell, etc. All of whom ship and support enterprise storage products based on GPLv3 Samba code.

            Jeremy Allison,

            Samba Team.

      2. jbuk1
        FAIL

        Re: Microsoft Lock In

        Looks like someone doesn't understand the GPL.

      3. Anonymous Coward
        Anonymous Coward

        @AC 07:18GMT - Re: Microsoft Lock In

        Your last sentence finally revealed why you hate GPLv3 so much. You'd like a license which will allow you to pilfer ten years of work spent by Samba team trying to come up with this software, turn it up proprietary in a blink of an eye and monetize it. We all know how Apple used BSD software for free, made billions and never bothered to send a mere 50 cent thank you postcard to those developers.

        In your opinion if GPLv3 software can't be sold, nobody will use it. You are right, go under your bridge but please try to stay there for longer periods of time.

        1. Anonymous Coward
          Anonymous Coward

          Re: @AC 07:18GMT - Microsoft Lock In

          Quote: "Your last sentence finally revealed why you hate GPLv3 so much"

          You are mistaken.

          If it was GPL2 it could have been bought, sold and supported same as any other software. It would have had companies contributing to it. GPL3 is not a software license any more - it is a political anti-patent system statement. It offers _NO_ extra licensing protection and it has failed to offer any of its misguided patent litigation protection either because no company with any IPR worth mentioning has shipped a GPL3 product.

          So if the Samba project stuck to GPL2 it would have been protected same as now and had more people contributing to it. It would have shipped in tens of product by end of next year and would have had developers contributing to it. As it stands - it will not (so it is not surprising it needs 10+ years between major releases).

          1. Anonymous Coward
            Anonymous Coward

            @AC 17:21GMT - Re: @AC 07:18GMT - Microsoft Lock In

            Bought, sold... see what I mean ? Version 3 of GPL came to life because too many companies were looking to poke holes in the GPLv2 protection. Think TiVo.

            As for IPR, you're dead wrong here, my friend. Any version of GPL forbid you to distribute patent encumbered FOSS software. It's just that in v2 the enforcement was not that perfect, this is why a lot of companies (Microsoft comes first to mind) whine against version 3. GPL v3 is like version 2 but with added teeth and claws.

            Just stick with proprietary licensed software, you seem to understand it better than GPL.

  4. Jim McDonald
    Thumb Up

    I for one welcome our Penguin overlords!

    1. Anonymous Coward
      Anonymous Coward

      Vivat Penguina!

      (See Title)

  5. Levente Szileszky
    Go

    Amazing news...

    ...but let's see the performance numbers - high-end performance (multiple 10GbE) over CIFS/SMB2.x sucked even from Microsoft itself and while they have fixed things in SMB3/Server 2012 and it is indeed a lot faster I will probably wait for Samba 4's update to full SMB3.0 support (with fingers crossed, of course.)

    Anyhow, great news, congrat!

    1. pixl97

      Re: Amazing news...

      The latest Linux kernel, released today comes with experimental SMB2, so it might be a while before we see v3. I'm guessing most Samab4 installs aren't going to see that kind of hardware, and instead will more in the SME that doesn't have volume license agreements.

  6. Trixr
    Facepalm

    What a waste of time

    If you want an AD server in your environment, go out and buy the licence and get over it. Sure, use your Samba implementation for your file shares, but why all this effort on reinventing the wheel?

    Oh, right, *gasp*, Microsoft's implementation of LDAP + kerberos is actually easily maintainable and works in enterprise environments. There has been nothing stopping these earnest Unix admins from rolling their own LDAP implementations, but if anyone has been involved in one of those from the ground up, you know it's a horror story.

    AD server - install, add user + computer accounts, and it "just works" (with apologies to the Jobs-ites). Ok, I do see where if you're in a single small/home office, saving the OMG $500 on an unsupported solution might seem to stack up financially, or if you have expensive Unix gurus on tap who can get all low-level with their troubleshooting and fault-fixing.

    For most environments, buying something you can get vendor support for is just common sense. I'm sure Red Hat or Suse will be releasing Samba 4 in due course with their offerings... and have you seen how much a full RH licence costs?

    I'll take it all back if the opensource implementation gives you vastly improved performance benefits without any additional administrative overhead compared to a standard MS implementation... but I haven't yet seen any analysis along those lines.

    (steps into flameproof suit)

    1. pixl97

      Re: What a waste of time

      I'm excited about the prospect of using it for the home network. All my windows copies are Pro, and an AD network is a whole lot easier to maintain then standalone boxes. That, and I'm the Unix guru too.

      For businesses I see your point.

    2. Jeremy Allison
      Happy

      Re: What a waste of time

      You' re missing the point. The "free" in free software isn't about the money, it's about the freedom and control. The only thing I can say FOR SURE about what people will use the Samba 4 AD server for is that they'll want to do things with it that we in the Samba Team haven't thought of yet.

      That flexibility is priceless. No one cares about spending the money, it's about doing things that are simply not possible with a Windows AD controller because you Don' get the source code.

      Jeremy Allison

      Samba Team

      1. grantmasterflash

        Re: What a waste of time

        "That flexibility is priceless. No one cares about spending the money, it's about doing things that are simply not possible with a Windows AD controller because you Don' get the source code."

        Or having someone take away what you paid for because they chose not to support it anymore. How many pieces of hardware are laying around because Windows7 no longer supports it?

        I would PAY for Samba 4 over using Microsoft AD because I will always be able to use it.

      2. Anonymous Coward
        Anonymous Coward

        Re: What a waste of time @ Jeremy Allison

        "That flexibility is priceless. No one cares about spending the money, it's about doing things that are simply not possible with a Windows AD controller because you Don' get the source code."

        The source code thing is good in itself, but your statement about nobody caring about spendng money is, IMO, wrong. When most companies hear about Samba, the main attraction is likely to be price, and rightly so. Then they'd look (I assume, admittedly,) at whether it does what they want (most seem to just want AD, probably without understanding it fully) and whether the performance is adequate. I don't see most companies caring about being able to do things you can't do with an AD server as a consequence of it being open source because they just want an AD server, not to have their tech bods messing around adding features that aren't a requirement. For smaller companies techs are hired to keep things running - they'll wait for patches for Samba same as they would for MS, I guess. Please don't take this as a dig at you or the product, it's just my take on how potential end users are likely to approach it.

      3. Anonymous Coward
        Anonymous Coward

        Re: What a waste of time

        Good point - Microsoft controlled me when they made me save porn to my home CIFS shares!

        If wife asks, that's what I'm gonna tell her

    3. PAW
      Alert

      Re: What a waste of time

      Most NAS devices use linux & samba and many organizations use one or more NAS as file server(s) without additional administrative overhead. It's efficient and inexpensive and probably causes Microsoft to lower the price of entry versions of Windows Server. An improved Samba is all win for everyone. Samba.org shows quite a few vendors that use Samba as part of a greater product.

    4. Anonymous Coward
      Anonymous Coward

      Re: What a waste of time

      @Trixr

      "Oh, right, *gasp*, Microsoft's implementation of LDAP + kerberos is actually easily maintainable and works in enterprise environments. There has been nothing stopping these earnest Unix admins from rolling their own LDAP implementations, but if anyone has been involved in one of those from the ground up, you know it's a horror story."

      It is ironic indeed that it needed one of the most proprietary companies in the world to make something good out of open standards like LDAP and Kerberos. It really goes to show how important good design and forethought are in these matters. MS did a really good job of it, so good in fact that they had created a technical (and thus commercial) monopoly. Still, I think they deserve the money that they make from it, especially as they seem to be playing ball with the SAMBA crew.

      @Jeremy Allison,

      "You' re missing the point. The "free" in free software isn't about the money, it's about the freedom and control. The only thing I can say FOR SURE about what people will use the Samba 4 AD server for is that they'll want to do things with it that we in the Samba Team haven't thought of yet."

      I applaud the efforts of the SAMBA team, you've done a really impressive job. However, please don't over egg the 'free' pudding. In practise almost no one else is going to take the lid off the SAMBA source code. It's too hard for most to get 'in' on someone else's software, free or otherwise, especially when it's so big and complicated. What most people actually want is something that works. AD is a standard of sorts, so "something that works" means *not* changing it. It's a shame indeed, but for most people 'free' will mean 'it didn't cost me a bean'.

      1. Reginald Marshall
        Thumb Down

        Re: What a waste of time

        It is ironic indeed that it needed one of the most proprietary companies in the world to make something good out of open standards like LDAP and Kerberos. It really goes to show how important good design and forethought are in these matters. MS did a really good job of it, so good in fact that they had created a technical (and thus commercial) monopoly

        Lest anyone take this at face value -- it's a moderately subtle troll. Microsoft did make a good job of... extending and/or breaking Kerberos and LDAP in a myriad of ways, some obvious, some quite esoteric. The infamous Kerberos PAC (noted as such in the Samba documentation, btw) is just one example. Why do you think that Samba 4 took so long, even with the full protocol documentation? They had to implement and integrate their own versions of Kerberos and LDAP, since using the existing (standard compliant) implementations would mean butchering them beyond recognition.

      2. Anonymous Coward
        Anonymous Coward

        @AC 08:07GMT - Re: What a waste of time

        Your own keywords here are "almost no one" and "hard for most". This still leaves some room for creativity and this was Jeremy Allison point. And I also agree with his point that with Samba 4 you are free to buy Microsoft or not and nobody should blame you for doing either of the two.

      3. Nigel 11

        Re: What a waste of time

        In practise almost no one else is going to take the lid off the SAMBA source code

        A very large number of things one can do with Samba don't involve taking the lid off. They just involve reading the documentation and attaching code to hooks that Samba provides, and Windows server does not. Start with the pre- and post-exec hooks on any Samba share.

        It's also the nature of open source that if there is a need to attach code to some new action taken by Samba, then someone somwhere will open the hood far enough to create a hook. Also that if there's no good reason to oppose the creation of that hook (security?) then that mod will migrate into the main Samba tree quite soon thereafter.

        It's the difference between a product that wants to be used and useful, and a product that wants to force you to buy more secret closed sauce (or snake-oil) at every opportunity.

    5. Gerhard den Hollander

      Re: What a waste of time

      Not a waste of time for me, as other have said, it will make my home network a lot easier.

      And sidestepping the whole AD stuff, sharing unix shares over samba to windows clients will (under certain circumstances) be faster then accessing a windows file share over the same network.

      If samba 4 has better performance than previous incarnations, that would be good news.

    6. Dr. Mouse

      Re: What a waste of time

      "AD server - install, add user + computer accounts, and it "just works" (with apologies to the Jobs-ites). Ok, I do see where if you're in a single small/home office, saving the OMG $500 on an unsupported solution might seem to stack up financially, or if you have expensive Unix gurus on tap who can get all low-level with their troubleshooting and fault-fixing."

      You obviously haven't seen recent Linux server variants, or even read the article very well.

      Recent Linux server variants can be installed in such a way that they are just as easy to administer as Windows servers.OK, they are different, but some are now at the level where you don't need "expensive Unix gurus on tap" any more than you need expensive Windows gurus on tap. Sure, the gurus would be able to do a better job of fine tuning the environment, but it isn't 100% necessary. Just as a Windows guru (not the normal bods most companies have in their IT depts, from what I have seen) could set up your Windows servers much better.

      Once installed, you never (or at least rarely) need to touch the *nix box again. All the standard AD management tools will work straight from Windows. So management is just as easy as with Windows.

      There is one other good thing about the Samba4 release, which I will be taking up with my colleagues at some point in the new year: It becomes a second supplier. I will be suggesting we install a couple of Samba4 DCs alongside our existing Windows DCs. This gives several advantages, the biggest being that if, say, an update is applied to the Windows boxes which knocks them out, the Samba boxes will provide continuity of service until the Windows boxes are back up and running. I don't think you can put a price on that in an enterprise environment. Also, if MS increased the license costs to an unaffordable level, or dropped support for the version of server we are using at a time when upgrading was not feasible, or any of a number of situations which could arise, continuity of service is maintained.

      For myself, the main reason I am pleased with this is that I can set up an AD controller at home. Looking forward to the simplified administration and extra funtionality I will gain from that!

    7. Anonymous Coward
      Anonymous Coward

      Re: What a waste of time

      Well said, sir.

      Da fanboiz are going mad, of course.

      Whatever.

      It's another me-too step, nothing to get too excited about (at least not adult Lnux users who remember 2.2 kernels and dozens of "breakthroughs" none of which has made Linux as good as people have hoped for).

      At least it's cheaper than Windows... But if you're an enterprise user it's such peanuts that price is barely a factor - usually not at all.

      1. Anonymous Coward
        Anonymous Coward

        @AC 15:48 GMT - Re: What a waste of time

        Chill out, my friend, don't need to show us you heard about 2.2 kernel! Rest assured nobody will prevent you from buying your Microsoft proprietary licensed software. Unless of course, you do have some serious doubts about your IT organization.

  7. Blarkon

    only makes sense for expensive unix consultants

    Given how much a good UNIX/Linux admin costs on an hourly basis, this needs to be turnkey to the point of pressing a single button to beat the cost advantage of purchasing a Windows license. Good UNIX/Linux admins can cost 2 to 3 times per hour what a Windows admin costs.

    1. Anonymous Coward
      Anonymous Coward

      Re: only makes sense for expensive unix consultants

      ...or just cheaper because once the Linux box is up and running, it does not need to be rebooted monthly, does not need monthly critical vuln patching, will not break when one browser patch is applied, and you will still be able to compile it ten years from now on modern hardware?

      ..or cheaper because of the licensing costs that MS can, and will, adjust to compensate for their losses anywhere else?

      What appears as easy click and go now can become a nightmare in the future. Oh yes, the guy with the MSCE that is clicking the mouse wil be paid less, and will be gone by tomorrow.

      1. Anonymous Coward
        Anonymous Coward

        Re: only makes sense for expensive unix consultants

        @AC 0721 GMT

        "...or just cheaper because once the Linux box is up and running, it does not need to be rebooted monthly, does not need monthly critical vuln patching, will not break when one browser patch is applied, and you will still be able to compile it ten years from now on modern hardware?"

        Hmmm, most Linux distros I see get massive quantities of updates all the time (a kernel / month?) and need rebooting very regularly as a result. No one seems quite brave enough to actually do live kernel patching yet. Also Linux distros seem to have quite short shelf lives, and once the enthusiasts have moved on one's own installation seems to go stale pretty quickly. Ubuntu call 'Long Term' two years or thereabouts. Pah!

        Anyway, who cares about recompiling? No one has recompiled XP in the 13+ years it's been around.

        Are you some sort of troll?

        1. Anonymous Coward
          Anonymous Coward

          Re: only makes sense for expensive unix consultants

          "Hmmm, most Linux distros I see get massive quantities of updates all the time (a kernel / month?) and need rebooting very regularly as a result. No one seems quite brave enough to actually do live kernel patching yet. Also Linux distros seem to have quite short shelf lives, and once the enthusiasts have moved on one's own installation seems to go stale pretty quickly"

          So many factual errors here, most of them seem to come from believing those famous TCO comparison studies. Let's see if I don't leave something unanswered.

          First, you say Linux distros have lots of updates. You seem to count all Linux updates, not only the ones related to Samba/Kernel. Go back and count updates only relevant to kernel/samba, and substract the kernel updates not related to the network or Samba stacks. Still more than Windows?

          Second, last time I heard, Oracle has a healthy business selling Linux versions capable of live kernel updates. But that is hardly relevant, because AD is fault tolerant and redundant by design and can survive a reboot of an AD node providing you have more than one. But see previous point, you'll be rebooting less than with Windows.

          Third, you're using Ubuntu as an example of a typical Linux support lifespan, the one that is more end user oriented. Last time I checked, Red Hat support lasts ten years. But again the comparison is not valid, this is not your Microsoft world, where they decide what technologies are phased out based on marketing reasons.

          Also, what's your definition of "going stale"? In my book, an AD controller is an AD controller. How do you prevent your Windows AD controller to stale? By installing new multimedia codecs or a new DirectX version?

          "Anyway, who cares about recompiling? No one has recompiled XP in the 13+ years it's been around."

          Invalid point, no one can recompile XP, except Microsoft. And if you haven't tried lately, compiling from source has become much, much easier now than in the past thanks to modern packaging systems.

          "Are you some sort of troll?"

          Maybe I'm not the one trolling here?

    2. eulampios

      Re: only makes sense for expensive unix consultants

      How much does the incompetence cost?

    3. Dr. Mouse

      Re: only makes sense for expensive unix consultants

      "Good UNIX/Linux admins can cost 2 to 3 times per hour what a Windows admin costs."

      Also, good Windows admins cost 2-3 times what a normal Windows admin costs.

      You are paying for ability. Most Windows admins (in my experience) are terrible. Don't get me wrong, there are many good ones out there, but the ones who get paid as little as you are talking about... It's for a good reason.

      Even putting this aside, you do not need a team of Unix admins to run Samba 4 as AD controllers full time. You need someone to set up the server, and someone (or a support contract) to support it long term. Othere than that, Windows admins could easily still be used to administer the system from day to day, because standard AD admin tools on Windows can still be used.

    4. Anonymous Coward
      Anonymous Coward

      @Blarkon - Re: only makes sense for expensive unix consultants

      It's not only the cost of a Windows license, you forgot to consider the cost of a Symantec/McAfee or whatever AV license you will no longer need.

  8. Roger Greenwood
    Go

    "does not need monthly critical vuln patching"

    er . .

    "Software 40 security updates"

    currently waiting to be installed this month.

    Linux server (in this case Ubuntu based).

    1. hplasm
      Meh

      Re: "does not need monthly critical vuln patching"

      And how many reboots required?

      1. Roger Greenwood
        Meh

        Re: "does not need monthly critical vuln patching"

        "And how many reboots required?"

        Just the one - new Kernel. But it is optional i.e. doesn't nag you all the time!

        So Yes, fewer than the Windows server.

        1. Anonymous Coward
          Anonymous Coward

          Re: "does not need monthly critical vuln patching"

          One reboot for a new kernel after a month of patches is the same as one reboot after patch tuesday. It may well be "optional" to reboot after a new kernel has been installed, but you're not going to be using the new kernel until after that reboot and you did install it because it was an essential update, didn't you?

  9. Goat Jam

    "They can also integrate with Microsoft Exchange servers, and they can even be managed using Microsoft's own administration tools"

    Nice job, although it will be interesting to see if there are any shenanigans from Redmond prompted by this.

    They do have form.

    1. Anonymous Coward
      Anonymous Coward

      Sigh...

      Did you read the bit in the article where it said that MS supplied access to their testing labs, in order that the SAMBA people can assure compatibility?

  10. Captain Underpants

    Right, so let's get to the question that I'm not seeing asked.

    Samba 4 lets you integrate with a domain, act as a domain controller, interface with Exchange etc.

    So what happens if I set up a domain controller on eg Server 2K8, add in a bunch of other domain controllers using Samba 4, then remove the original Server 2K8 machine? Does it still work?

    More importantly, if you're only using AD for authentication - what happens when it comes to CALs if you're using an AD running exclusively on Samba4 installs on non-Windows boxes? I suspect Microsoft's stance will be that you still need CALs on either a per-user or per-machine basis, but it's an interesting question to ask...

    1. Swarthy
      Thumb Up

      Thank you

      That was the question I had as well. Here's hoping someone has an answer.

    2. Dr. Mouse

      "So what happens if I set up a domain controller on eg Server 2K8, add in a bunch of other domain controllers using Samba 4, then remove the original Server 2K8 machine? Does it still work?"

      AFAIK, it would continue working, in just the same way as if you had added a load of 2K8 DCs then removed the original. Someone else can probably confirm this.

      "More importantly, if you're only using AD for authentication - what happens when it comes to CALs if you're using an AD running exclusively on Samba4 installs on non-Windows boxes? I suspect Microsoft's stance will be that you still need CALs on either a per-user or per-machine basis, but it's an interesting question to ask..."

      I'm not sure which way round you are talking here.

      If you mean a Windows server with Samba clients, I believe you still need CALs.

      If you mean a Samba server with Windows clients, you don't.

      1. Captain Underpants

        @Dr. Mouse: Sorry, should've been clearer.

        I'm specifically thinking of the case where the domain runs entirely on Samba servers, with Windows present only on the client side. It'd be a lovely way of getting rid of the "authenticating user account/machine = need a CAL" tax, if you're not also using other services.

        I'm in the process of sorting out our CAL requirements for a small domain, hence my interest. If I can save us having to fork out money needlessly, I'd be delighted :)

Page:

This topic is closed for new posts.

Other stories you might like