Slashdot Mirror
Microsoft Working For Samba Interoperability
JP writes "Andrew Bartlett of Samba fame has written a document describing their recent collaboration with Microsoft's Active Directory team. In brief, it would seem that the sky is falling, as Microsoft's engineers seem to be really committed to making Samba fully interoperable with AD. They have organized interoperability fests and have knowledgeable engineers answering technical questions without legal or marketing drones getting in the way. However according to Andrew the Samba AD team is currently very short on manpower, so if you have network experience, now is the time to get coding."
"In brief, it would seem that the sky is falling, as Microsoft's engineers seem to be really committed to making Samba fully interoperable with AD"
The bolded part is a euphemism for "disaster in progress".
Forgive my naivety, but isn't this a good thing (as much as MS collaboration can be)? Why is this a "sky is falling" situation?
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
There's no car analogy to describe my deranged stare.
and this will probably be of some benefit to Microsoft, since playing well with other operating systems must always be an advantage.
i find your lack of faith in science disturbing!
I could probably make some small contribution but have neither the time nor inclination to set up the dev and test environment.
For projects of this magnitude a site that could be ssh'd to, 'check out' a dev environment slice would make it a whole lot more practical for folks to work on a small bug or enhancement.
If you can't beat them, join them!!
It's left blank because I have nothing to say to you punks!
Seems like a good time for some of the larger distros to help Samba out.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
When you've got me! I can always come up with a car analogy. Lessee....
This is like [insert your favorite automaker here]'s engineers giving their competitors engineers an opportunity to ask questions and collaborate on their new engine designs.
In fact, the more I say that, the more it does sound like Admiral Ackbar may be right here....
My blog
I don't want to sound like I'm pulling the rug out from under the Samba team, who has helped to make SMB a truly interoperable protocol - but there is a big part of me that just wants it to go away. It's really not very good. And very complicated. And inefficient. Oh I hope that somethin' better comes aloooong!
This seems roughly akin to two soldiers from opposing armies suddenly having brunch and discussing the finer points of shooting people.
hmmm what was that last one again?
If MS is truly working with Samba to get it 100 percent, what I'd REALLY like to see (and I won't believe they ARE working with SMB until then) is non-encrypted passwords.
SHARE the SMB password system, make it available, so not every friggin windows machine has to do unencrypted passwords across the network to access SAMBA shares / printers / whatever.
That's always been my BIGGEST stumbling block. Linux is touted as being so secure, but then it has to use unencrypted passwords to chat with the desktop clients for sharing.
I KNOW it's an MS problem (their authentications schemas are proprietary), but if they claim to be trying for interoperability (which, they probably are), this was / is my biggest hurdle to accepting *nix in a windows shop.
--Toll_Free
I work for a company that does a lot of integration for enterprise customers. Sometimes there are spaces for Microsoft products in an otherwise Unix environment. Our customers happen to be pretty set on using Unix in general, so for Microsoft, it makes sense to make sure that their products can fit into an environment like that without any hassle. After all, a small sale is better than no sale.
This guy asked a relevant wuestion, albeit mking a minor html mistake in the process, and some jackass mod comes in and carpet bombs him? I want to know the same thing, this seems like a good thing, but submitter makes it out to be something else with his terminology. So, is it a good thing or not? And to whomever modded this guy down, you're a jerk and you owe him an apology.
If you can't beat'em, embrace'm.
"The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
Clearly, it's a sign of the Apocalypse. Dogs and cats living together and all that.
... and yet the Cubs still can't win the World Series. :(
interoperable with AD. They have organized interoperability fests and have knowledgeable engineers answering technical questions
What's a fest?
Just remember - if the world didn't suck, we would all fall off.
If the sky is falling, where will our beloved pigs fly?
Infuriate left and right
They're really doing well without Microsoft as it is. Taking into account the conflict of interest on MS's end to help out a competing product, what would be the incentive for the SAMBA team to work directly with those who may not have their best interests at heart?
Twinstiq, game news
Long ago, being having compatibility with Microsoft's file sharing backend would have been a big win, but the target has moved and, let's face it, Samba still isn't very easy to set up.
In this case, Microsoft knows the knife is cutting both ways. The low-end license buyers won't bother paying for a Linux admin, so it doesn't harm Microsoft one bit.
Microsoft's biggest customers buy the whole mess that includes their mail server and a bunch of other back office crap that remains totally closed.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
This is just an extension of the MS mind set. No, not the chair-throwing, but making sure that at least THEIR technology is being used, and not some open standard. Microsoft would rather folks run pirated copies of XP than install Linux. Just extend this to AD on SAMBA. Microsoft can still lay claims to number of AD nodes and such.
Bearded Dragon
Comment removed based on user account deletion
Linux is a growing very fast as a server os. They will still make money on the clients. I mean they are even giving out SUSE vouchers. Next thing you know, they will port MS Office to SUSE.
The samba team already made sure it was interoperable. You can use samba/ldap as an AD replacement.
I have done it.
MS just wants to save some customers by doing this. I say it's not going to work all that well.
Those customers are probably not going to ditch windows desktops for linux anytime soon though.
They're using their grammar skills there.
How much are you going to pay me?
I mean, if I am going to enable to 'Embrace' part of the borg, I might as well get paid.
Embrace, Extend, Extinguish.
The Kruger Dunning explains most post on
We should be suspicious. M$ will never give up the battle so easily.
If they cannot destroy FOSS through FUD marketing, maybe the new tactic is infiltrate and then destroy from within. Just like a cancer.
Rumors of M$ trying to infiltrate ODF. Now Samba. Why on earth would they want to infiltrate ODF? Why don't they just invent their own open document format and fuck that up first? Oh, wait ....
Be afraid, be very afraid.
"Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
If they are in earnest working towards interoperability (it's documented that they are), then it's just that more difficult for them to prove infringement later on.
Better check and see if that shiny new horse MS gave you is full of Trojan soldiers...
I cannot believe the samba team is down to ONE full time developer.
Its a HUGE project to undertake.
When I buy my Red Hat, Suse or Ubuntu thingies for money, Im thinking some of that money goes to helping FOSS developers.
Hey, it better be that way guys: put some dough into Samba.... NOW!
NO SIG
Not trolling here, but doesn't it seem like every time Microsoft is onto an idea for a feature that's useful it gets tossed aside when the release version comes around? At least that's what I've seen in Windows. They really should take a page from Steve Job's book from NeXTSTEP and have seamless interoperability with all different kinds of networks and operating systems. But that user-friendliness would be time-consuming and not profitable.
The game.
Remember when IBM was the Microsoft of it's day? Now it's a darling because it learned a valuable lesson....
Ultimately companies that create standards will eventually have to transition to a company that contributes to them.
I'm no M$ fan at all and that goes back a ways for me. On the other hand, Microsoft seems to be showing signs that they have accepted open source as something that's here to stay (although they hate it).
Next up on the radar? Google
Once they became a publicly traded company, responsible for only making a profit for their shareholders, it appears more and more like their motto should transition to "We do less evil than everyone else"
Wouldn't this be a GOOD time to have legal drones getting involved? No, not Microsoft's lawyers, the ones that will protect the interests of the Samba intellectual property?
I'm not suprised.
For a long time Microsoft has had a package called Services For Unix that you can install on Windows. It allows Windows to act as a server but not a client with respect to standard *nix protocols like NFS.
Microsoft wants to replace *nix in the server space by breaking into purely *nix environments and replacing an entrenched server operating system with their operating system.
Whether this is done by making Windows interoperable with the protocols that are already on the clients or changing the clients to interoperate with Windows as a server is immaterial.
Unless they're making it easy for people to replace Windows AD servers with Samba servers running on Linux, this is not a big deal.
Duh. Good engineers with no PHB supervision will tend to to great things. Even the ones at Microsoft.
What makes Microsoft Microsoft is the fact that engineers are very rarely left under little or no PHB control. When they are, news like that will follow.
You have confused SMB, NMB, and SMBX, which Microsoft calls CIFS.
SMB is not all that different in how it works from FTP. Its a TCP Protocol that operates on Port 139.
NMB (NetBios Message Block) is how Windows provides SMB with services like Name Resolution. It also handles things called Browser elections which determine who the Domain Controllers will be.
Windows NT4 and 9x is hard Coded to only allow use of NMB to resolve SMB names. This was a horrible lockin tactic for Windows NT4 Server. Windows 2000 on can use NMB or DNS.
SMBX operates on port 445, and acts independantly of NMB and SMB.
Linux machines from Samba 2.2 on could use DNS to resolve SMB paths. Even though Windows machines are hard coded not to allow that.
Another lockin tactic with SMB was the use of the UNC (Universal Name Convention) which was FAR from Universal. The proper URI for smb is smb://. Konqueror has it right.
So, that should clear that up.
The worst offense Microsoft ever did was when they added the PAC to Kerberos. If there is a beacon shining in the night why the GPL is superior to the BSD liscence, the Kerberos PAC that has kept Active Directory Dominant for almost ten years should be a becon in the night. MS Kerberos PAC is incompatible with virtually EVERY SINGLE Kerberos server out there.
With MS increasing 'interoperability' with FOSS, many Universities are standardizing on MS products...
e.g. Oxford University, UK http://blogs.msdn.com/ukhe/archive/2008/10/22/oxford-university-and-microsoft-launch-it-collaboration.aspx
In the past, one of FOSS's heartlands was in higher-education, where linux systems do a lot of science work, producing thousands of graduates with linux experience.
Today, academics in faculties can no-longer demand the use of open, standards-based systems from their central IT since MS is 'open enough'. Don't believe me? Look at the language in the Oxford announcement.
Of course to get the full benefit of the 'open' MS system, you need to use MS products...
When Microsoft does something which does nothing to protect their position in the market and is more likely to do the opposite, they do it at a snails pace and kicking and screaming all the way. For example, JDBC drivers for MS SQL Server in the late 90s as Java was picking up steam. Microsoft eventually said they'd do it but the release date was 18 months out. Another recent example is the OLPC version of Windows XP which has taken over a year. They don't want to do these things and make more of a PR stunt out of them than actually effort and work. You could also look at the US and EU anti-trust issues still dragging on for years also.
The only thing of interest I glean from this is that GNU/Linux has grown to the point where Microsoft is put into this position of foot dragging. THAT is a very good sign. IMO. I would not expect much real help from MS in regards to improving SAMBA and AD interoperability.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Samba is GPL 3 licensed. I think Microsoft would have a hard time with any patent suite in light of that.
Well.. maybe. Or Maybe not. But Definitely not sort of.
MS will release Open Source AD compatible Samba - which everyone will use and will come with some weird license that everyone will argue with and MS will simply wipe out all products that use the MS AD Samba.
Embrace, extend, extinguish.
How hard is this to understand?
Here will be an old abusing of God's patience and the king's English.
[Services For Unix] allows Windows to act as a server but not a client with respect to standard *nix protocols like NFS.
I use SFU solely for enabling my Windows boxes to connect to NFS shares...so what are you talking about?
Uhm, that's exactly what they are doing. Samba4 can (mostly) act as a domain controller in an AD environment. This even includes replicating to Windows AD controllers.
What, no patent issues here ? Oh wait, I get it, greater "interoperability" leads to more targets for bogus patent claims like the ones my poor firm (a datacenter/hosting business) received a few days ago.
Here is the letter we received as a follow-up to an in-person meeting with a lame patent enforcement goon regarding claims to the effect that all the "linux" servers in our datacenter somehow violate yet-unspecified patents
- - - - -
From: XXXXXX
Sent: Thursday, October 16, 2008 12:26 PM
To: XXXXXXXXX
Cc: XXXXXXXXXX
Subject: XXXXXXXX - XXXXX NDA
XXXX,
It was a pleasure to meet with you Tuesday. I appreciate your interest and concern regarding the patent matters we discussed. As requested, I am sending (attached) a mutual, two-way Non-Disclosure Agreement. I believe that you will find this agreement fair and reasonable for both of our companies. Please sign and date, then scan (or FAX) a copy to me â" and also forward the original document via mail. My contact info is below.
Once I receive this document, I can work with you to make arrangements to meet with you again to show XXXXXXXXâ(TM)s patents and how they are infringed. If you wish, I can also forward licensing terms.
I look forward to working with you to amicably resolve this important matter.
--------- [NDA available upon request]
The law is not an ass. No really.
"Nope. He got down-modded for posting the exact same thing with a closed tag... he got modded Redundant, because it was redundant...as well he should have."
No, AC we were discussing the "offtopic" mod I recieved for my first post, a very on topic question with a minor error.
Keep trying though, maybe you won't be wrong eventually.
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
This is not a new thing. They have been working with samba for a couple of years at least.
Why is it that the Samba crew does all the work, including taking the case all the way through the courts, and shot down the appeals, and shooting down disinformation, and dealing with the anti-FOSS documentation NDAs, only for "JP" to give the headlines to M$?
The headline should reflect the content of the article and that is about the rapid headway that the Samba team is making. It's not the first time, nor even one of the first times, that the M$ developers have had to rely on the Samba team. Let's give credit where credit is due.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
...anyone on any computer on your network can do anything at all on any of your Windows boxes. What could be more compatible than that?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
You're aware that LDAP is a protocol right (that's the P in LDAP), and that AD is more than just an implementation of a directory service access protocol? AD provides more than LDAP services (e.g. Group Policy etc etc), but uses LDAP to provide a standard API to talk to the AD services.
http://linux.ittoolbox.com/documents/popular-q-and-a/how-to-set-up-a-samba-server-with-encrypted-passwords-2278
Samba has supported LM, NTLM, NTLM v2, and kerberos authentication for quite a long time (since v2.2 at least). Your gripe with "unencrypted passwords" is only valid if you want to use PAM for password authentication (which requires the password to be sent over the wire to be "applied" at the server side as if you typed it into the login prompt) and you are not using kerberos or LDAP, as you should be. This feature of windows is purposely disable in XP SP1 and greater because it is retarded and you don't know how to properly set up your linux box in a sane way.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Doesn't Windows AD server just sound like a really bad spam-infected Windows server to you? I mean, what company names their server with 'ad' in it. Windows AD[vertisement] server, now I know where the spam comes from.
signature is pants
Unless they're making it easy for people to replace Windows AD servers with Samba servers running on Linux, this is not a big deal.
Did you not read the article you're posting about?
The bulk of the article is about precisely that. He's the lead dev on samba building an AD server, and talking about the wonderful level of support ms is (now) giving them.
He specifically mentioned that since they're the only ones working on an AD server replacement, at one of the 'plug fests' at MS' redmond campus, they were the only ones there to take advantage of it.
In addition, he mentions that the team on samba for building an AD server is short on developers, and is asking for help.
Microsoft is at embrace stage?
Persian Project Management Software as a Service
Don't forget WINS server!
But yes, I was going to bring up LDAP, DNS and Kerberos, since that's what AD is, with some minor incompatibilities. All of which have been around for >30 years..
Cool! Amazing Toys.
First, SMB is nothing like FTP. It's a whole different protocol, which uses a different network transport(when dealing with NetBEUI), with a different set of clients. FTP is a pure file transfer protocol, which uses pure TCP/IP.
Second dns/bind does not understand NetBIOS and doesn't do NetBIOS name resolution. That's wrong protocol and wrong name resolution service.
Just FYI ; )
Here's a link to better help you understand how NetBIOS name resolution works:
http://www.tech-faq.com/understanding-netbios-name-resolution.shtml
Here's just one of the differences FTA:
"The NetBIOS namespace is flat. This is different to the hierarchical namespace of Domain Name System (DNS). Because the NetBIOS namespace is not as scaleable as DNS, it does not work well for large networks. NetBIOS naming should be used for private networks."
-Viz
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
make it available, so not every friggin windows machine has to do unencrypted passwords across the network to access SAMBA shares
This is completely WRONG.
Samba fully supports NTLM and NTLMv2 which Windows will initiate without any configuration. And if the Samba machine is a domain member, Windows clients will also do Kerberos.
A few years back Samba required that you run some goofy commands to setup the password database. As a result, some users would simply punt and turn off encrypted passwords. I think that might be what you're thinking of.
No one should every be sending domain passwords over the network in plain text. However, last I checked, Windows clients actually do have a security policy setting that instructs the client to use plain text authentication. But you should never use that in a domain environment. It's for home users who just want to drop the pants on security for maximum compatibility with legacy systems (e.g. Windows 3.x).
"and Andrew just had to leave Novel in a storm to push the idea"
No, that would be me, not Andrew Bartlett. Andrew has been happily working at Red Hat for many years now.
Jeremy.
Probably because Microsoft want Businesses to keep their files in Sharepoint now.
Interoperability without Open source is Oxymoron.
Slashdot = Sarcasm
...shall get beaten with a Microsoft Bob for Dummies book.
Most all the software "ideas" MS has programmed has either been copied/taken or bought out, and regardless of that because that's a stupid topic, it's all just software and math, and there is no "property" definitely not on what the software can do, because software should only have copyrights, if that, and software patents can go to hell.
So, stop perpetuating terminology from companies that want you to support software patents by using terms like "our technology" or "IP". It's just fucking software and it's nothing new any way. You're still drawing pictures with crayons. Wake me up when developers create programs by strapping on brain scanners.
Promote true freedom - support standards and interoperability.
Microsoft don't do anything to help interoperability unless they're forced to...
If they have a dominant position in a market they will fight tooth and nail to prevent interoperability...
But where there are sufficient competitors that they are forced to provide interoperability or lose customers, that's the only time they bother, and usually with an eye to pushing customers onto their own proprietary alternatives and locking them in.
Look at history, they only implemented TCP/IP because it was too ubiquitous to ignore, and people were buying third party stacks.
In the case of Samba, there are now far too many samba based embedded devices out there, most of the storage servers you can buy are now running Samba on top of Linux or a BSD-derived OS, and if a new version of windows broke compatibility with all these devices it would severely hinder it's take up.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Ahha what kind of fucking loser are you that you track down a week old post to mod down?
Keep it coming cocksucker, my karma won't run out before your mod points, you twat.
How fucking sad that you are so devoid of intelligent opinions that you have to waste mod points in a place where they serve no purpose but to demonstrate how pathetic and empty your life is, as you seemingly have time to peruse old worthless stories making useless moderations.
Keep proving me right.
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...