Slashdot Mirror
Active Directory Comes To Linux With Samba 4
Da Massive writes in with another possible answer to a recent Ask Slashdot about FOSS replacements for Microsoft AD server. "Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols. Because AD is 'far more than LDAP and Kerberos,' Bartlett said, Samba 4 is not only about developing with Microsoft's customization of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager."
Can someone tell me how AD is licensed? I thought it was a part of server 2003 and once you buy that there should be no additional costs right? Our Sys Admin is planning to install ad for our office (we used never had AD before) and I am trying to figure out what if any the advantages of getting AD will be.
My last tussle with samba was yet another try with ubuntu on this old macbook.
Samba refused to accept proper config messages through gnome's graphical tools, I had to go in and edit the config manually, and samba did not respond properly to the config.
Why not just create a front end for samba and distribute it with the server and client software rather than depend on distributors?
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
One thing I find it interesting in the article is that Microsoft been working with Samba developers to provide them the inner workings of AD. Hell, even Samba developers discovered a bug about random passwords in AD and told Microsoft about it.
AD in it's present form is still closed source project so I find it interesting Microsoft team is willing to provide them some of the secrets knowing that eventually it'll take away some of their profits like they'll miss it anyway.
So what exactly the direction is Microsoft taking?
"A new year... A new hope?" "Let us know your predictions for 2009".
And, right on par with my hope of seeing Half-Life 2 Episode 3 in "early 2009", my hope of seeing a fully working, easy to set up and maintain, "it just works" Active Directory server for Linux this year has diminished due to the fact that this same exact story was posted here over 3 years ago. (or on Digg)
mark my words, it'll have bugs which will result in 1000's of "RTFM n00b" or "it's ms's protocol that sucks" responses.
Just as Slashdot is full of trolls and OT comments help forums often have people posting unhelpful comments. Just ignore them. Life is too short for arguing with idiots.
I find the Samba help forums are generally excellent if you take the time to ask a sensible question instead of just posting the first problem that comes up. Often the task of formulating a sensible question solves a problem without actually having to ask on the forums at all. I also generally find my query has already been answered in the forum and all I need to do is search.
The Samba documentation is an excellent resource and generally answers most of the questions you may have. Try starting with John Terpstra's Samba 3 by example which is a practical guide to implementing Samba 3. I don't know if John is working on a Samba 4 update to the book, but there is a WIKI, HowTO and a FAQ available. If you are risk averse you may not want to use Samba 4 in production just yet :)
Samba 4 is not really production ready yet. That is why it is labeled as an alpha version. Those using it in production, do so at their own risk. That said, I use it in a home network and it does run beautifully. However, I would be leery of using it in a business environment just yet.
Something to do with...". This is in every AD 101 book (machine accounts, password renewal, ... thing). I would at least expect that the Samba developers have experience in installing, running and maintaining a "realistic" Active Directory environment (read: more than 1000 client machines) before delving into the real messy details. I am not sure I even want to know how they are going to handle disaster recovery (one of the fun parts of AD, rest assured).
Disaster recovery will be far easier on a Samba 4 DC because access to AD itself will be far less obscured and convuluded. A simple raw LDAP call could restore the entire database at the linux command line. I have seen countless problems restoring AD after a DC failure. I created a mock scenario with a Samba 4 DC wherein the entire database was wiped. I simply used Samba's own LDB toolset and had it up and running again in seconds.
And please, cost is not a reason for not going with Active Directory. The cost of a single Windows Server license is absolutely peanuts compared to what *you* cost your employer. The operational costs are what matter in long term and I am pretty confident that Microsoft's AD will do much better than that for the years to come.
You're missing the point. It isn't about cost at all. The point of having an open source replacement for AD is to make it easier for software developers to take advantage of the largely undocumented protocols. This is designed to facilitate interoperability. Even Microsoft, from the light of the anti-trust lawsuit it lost, extended an olive branch to the Samba team to assist in providing documentation. Plus, the work that Samba does stands to benefit Microsoft as well because they might be able to see where the Samba team has had some really good ideas and legally incorporate them into mainstream AD. And, before you express such confidence, I would try using Samba 4 myself. Some parts of the code are very mature and work well.
And was re-offered his position after many people including Julian Bond, chairman of the NAACP, spoke harshly of mayor Williams "acceptance" of Howard's resignation. Too bad that it went as far as it did, though. Ignorance always has a cost.