Samba-TNG Team Releases 0.3

emissary47 writes "The Samba-TNG (the next generation) team, releases the first beta of Samba-TNG (a Samba fork since 2000) including some very interesting features for everyone willing to replace NT4 domain controllers. With excellent LDAP-backend support, integration of Microsoft tools such as usermanager for domains and servermanager and a powerful command-line tool called rpcclient it is _the_ alternative solution for Windows domain controlling at the moment. They even include scripts for NT4-server migration in order to make a change easier."

Good!

It's about time. Too bad this wasn't available two years ago, when NT4 was still run in some older environments...

Inter domain trust relationships?

[Malc]

Samba doesn't support domain trusts, does TNG? For example, if I have my own domain configured at home, can I set up a trust relationship with the domain at work and thus make authentication and network access easier for me?

Re:What's new?

[Anonym0us+Cow+Herd]

Is File Locking critical?

Yes. There are plenty of applications that exploit this capability.

A long time ago, in a galaxy far, far away, before the dark times, that is, before MS SQL Server, there were multi user applications. Multiple workstations, each locally running a copy of the application, could open the same data file on the server. Because they could, through the API, request certian byte range portions of the file be "locked" from other users who had the file open, they could effectively do sophisticated multi user operations without a database server. (Database servers were things for mainframes.)

There are still programs that can do this. For instance. Microsoft Visual FoxPro. If you use FoxPro's native database (not an ODBC to some other database), then you need nothing more than a shared folder on a fileserver that supports locking. Too bad that SMB isn't suitable. This effectively cuts out some vertical market applications written in tools such as Visual FoxPro from using a shared Samba server. "Sorry, Mr. Customer, to run this specialized package, you'll need an NT server, a Novell server or an AppleShare server."

Don't think these are merely "legacy" applications either.

How many modern software programs allow concurrent editing of a document by multiple people? (where the applications cooperate in modifications to the data structures of the document and don't clibber each other) Excel? Word?

Don't jump on conclusions

[Koyaanisqatsi]

Quotes:
(...) releases the first beta of Samba-TNG (...)
(...) it is _the_ alternative solution for Windows domain controlling at the moment (...)

While I'm all for OSS alternatives to M$ products, I don't think it is wise to call a "first beta" product a viable alternative to NT4, which is proven and tested (I can almost feel the fames coming now)

Re:Better late than never?

Okay, but what are they supposed to do about GPOs? Or WINS replication? Ever try to get network browsing to work across subnets without that? What about failover support? Are you really going to tell your boss "Yeah, we'll use this 0.3 release beta software to run our organization's network/file services and hope for the best! If shit breaks then tough!" If you would actually consider implementing Samba as a primary authentication service in a production environment then you are utterly mad. Even Samba-TNG will not be suitable for quite some time now for anything outside of a home network. The only place I can see Samba having any use is in a heterogenous environment with lots of Unix and Windows clients, and even at that you have to maintain seperate username/password databases for the Unix and Windows users. Administering Samba is a pain in the ass, frankly.

Don't get me wrong, I think that the Samba project has a noble goal, I just think that perhaps they're going about it the wrong way. What I would like to see, rather than a redundant project immitating what Microsoft already can do, is an open-source "Client for Unix Networks", sort of like a Novell for Unix. Sure the windows client would have to be designed from the ground up, but that would make implementing things such as Group Policy Objects and functionality simmilar to Novell's ZEN system a whole lot easier. You could integrate code for the already existing Kerberos and AFS clients for windows into it, and build an LDAP backend on the server side of things that could be used to authenticate Macintosh, Windows or Unix clients. Maybe it could even have a plugin system for implementing policies on those respective operating systems as well. More importantly, if serious effort were concentrated onto this project, it could very well break the impending stranglehold that Microsoft seems destined to have on the server market with the fall of Novell and the rise of Windows .NET and its facist licensing system.

I dunno, just a thought.

Re:late ???

[psamuels]

obKarmaBonus: because I'm a samba-tng developer (:

this is right on time ! because people will start to find NT is no longer supported by MS and move what they move to might just not be Microsoft based because its too expensive hence samba TNG

Right. The other thing is, with LDAP support, samba-tng (and samba.org for that matter) has many of the internal advantages of Active Directory. Network-side, it still looks like NT4, but internally, you can manage it via LDAP rather than the crusty old tools.

For this reason, I personally don't see a lot of point in emulating a true Active Directory server. It just doesn't seem to buy all that much on Unix. On Win2k you have the whole world integrated into Active Directory - the DHCP server, the DNS server, dynamic DNS tying the two together, you name it. I think that's most of the value proposition of Active Directory, and on Unix the whole integration thing wouldn't be there anyway.

Years ago, when samba-tng was young and fresh, someone (can't remember who, I think Luke Howard was involved) tried to write an NT5-compatible LDAP backend. It was never finished, but the regular LDAP backend matured to the point where we don't feel we need the AD-compatible one. The difference was mainly in the LDAP schema, as I recall.

Re:Advantages over Samba-TOS?

[psamuels]

my understanding is that some of the Samba developers wanted to replace Microsoft entirely, whereas the Samaba project was designed to coexist with an MS environment.

Well, it's vague at best. Mainly it's just a fork, with occasional code merging in both directions (though we (-tng) take quite a bit more from them (samba.org) than they do from us). Many things samba.org does better, a few things we probably do better, but then again some of the differences are just ... differences.

Sorry it's hard to give a more concrete reply - I don't know the exact capabilities of samba 3.0 alpha. I suppose abartlet (from samba.org) will give you a more complete answer, as is his habit. (: