Slashdot Mirror
Active Directory Comes To Linux With Samba 4
Da Massive writes in with another possible answer to a recent Ask Slashdot about FOSS replacements for Microsoft AD server. "Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols. Because AD is 'far more than LDAP and Kerberos,' Bartlett said, Samba 4 is not only about developing with Microsoft's customization of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager."
Can someone tell me how AD is licensed? I thought it was a part of server 2003 and once you buy that there should be no additional costs right? Our Sys Admin is planning to install ad for our office (we used never had AD before) and I am trying to figure out what if any the advantages of getting AD will be.
My last tussle with samba was yet another try with ubuntu on this old macbook.
Samba refused to accept proper config messages through gnome's graphical tools, I had to go in and edit the config manually, and samba did not respond properly to the config.
Why not just create a front end for samba and distribute it with the server and client software rather than depend on distributors?
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
According to TFA FOSS AD is not here yet by a long shot, in early alpha, many missing features. Summary is *terrible* in suggesting non-M$ AD is already here.
Those are my principles, and if you don't like them... well, I have others.
"A new year... A new hope?" "Let us know your predictions for 2009".
And, right on par with my hope of seeing Half-Life 2 Episode 3 in "early 2009", my hope of seeing a fully working, easy to set up and maintain, "it just works" Active Directory server for Linux this year has diminished due to the fact that this same exact story was posted here over 3 years ago. (or on Digg)
Actually - the AD support in Samba is a bit of old news, since that has been promoted before.
But it's still good news, especially since lately the configuration of Microsoft's softwares and platforms has started to get incredibly complex and very hard to penetrate - as well as configure in a secure way.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
headache of AD? uh.. backing up? are you serious? there are command line tools, 3rd part tools as well that handle backing up of AD as well as full forest recovery (and even restoring a single attribute for one use to ALL users in minutes... google is your friend..
sig goes here!
If you're calling an imperfect alternative to insanity "fixed"...
...why, you must be a Windows 7 developer. ;)
...'tis easier to blame than to improve.
He has Samba confused with Sambo. Somebody(same person?) made a post just like this a couple of days ago.
What's wrong with Micosoft's licensing model? You pay either per server or per seat. If you license some servers per server, and some per seat their monitoring software tells you how often you need to "true up", and if their software fails to do its math correctly they get to sue you and seize all your computers. That makes a lot more sense than Linux or BSD's licensing model where no matter how many clients or servers you have you don't have to pay. That's just anarchy.
Help stamp out iliturcy.
Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office. It's "big news" here when we find a government organisation or a school going with a Linux installation, and until it stops being so we can never consider Linux *as good* as MS or OS X, purely because of usage base. This functionality is an excellent step in the right direction for the office software, because we (as sysadmin's) can build a server that silently integrates with all the XP/Vista machines on a network, without "telling" anybody about it. After a few months of having a stable linux server in place, we can start pushing stable Linux onto the less-than-important PC's - like the receptionist (who can/should be trained) or the marketing department. Slowly (but surely) bringing across all the machines possible we can to Linux. Having AD functionality is definitely the first step. Getting a decent-free Exchange-replacement will be the next (and I mean free in the same way that Debian is free, unrestricted as much as possible) in the chain. Simply put, any OSS supporter needs to make some compromises to get their software into the enterprise. People grow up on Windows, or on OS X (as a rule it is one or the other) not (necessarly) on Linux, so we need to ease them in.
Oh and Linux has its own Directory functionality, it's OpenLDAP. It's just not necessarily as easy to maintain as Open/Active Directory.
My $0.02 AU.
Me failed English...
FreeBSD over Linux. If my comments seem odd, this may explain...
mark my words, it'll have bugs which will result in 1000's of "RTFM n00b" or "it's ms's protocol that sucks" responses.
Just as Slashdot is full of trolls and OT comments help forums often have people posting unhelpful comments. Just ignore them. Life is too short for arguing with idiots.
I find the Samba help forums are generally excellent if you take the time to ask a sensible question instead of just posting the first problem that comes up. Often the task of formulating a sensible question solves a problem without actually having to ask on the forums at all. I also generally find my query has already been answered in the forum and all I need to do is search.
The Samba documentation is an excellent resource and generally answers most of the questions you may have. Try starting with John Terpstra's Samba 3 by example which is a practical guide to implementing Samba 3. I don't know if John is working on a Samba 4 update to the book, but there is a WIKI, HowTO and a FAQ available. If you are risk averse you may not want to use Samba 4 in production just yet :)
It is not very comforting to read the following statement:
... thing). I would at least expect that the Samba developers have experience in installing, running and maintaining a "realistic" Active Directory environment (read: more than 1000 client machines) before delving into the real messy details. I am not sure I even want to know how they are going to handle disaster recovery (one of the fun parts of AD, rest assured).
"My Russian connection has had Samba 4 running in production since last June and has discovered a few missing features. They also discovered that machines would stop working after 28 days which was something to do with password expiry."
"Something to do with...". This is in every AD 101 book (machine accounts, password renewal,
Honestly, I cannot imagine why anyone would want to run a FOSS equivalent Active Directory. After having spent months in setting up a full mixed Windows/Linux environment (OpenLDAP, Kerberos, Samba, the works), I can say that setting up AD is a breeze: for me, it is a prime example where Microsoft took existing technologies (LDAP, DNS, Kerberos) and actually turned it into something useful without the typically associated configuration nightmares. And it works very stable indeed.
And please, cost is not a reason for not going with Active Directory. The cost of a single Windows Server license is absolutely peanuts compared to what *you* cost your employer. The operational costs are what matter in long term and I am pretty confident that Microsoft's AD will do much better than that for the years to come.
Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office.
Honestly? Gaming does not count. There was a nice market breakdown I saw not that long ago from AMD, breaking it down into laptop/desktop/server and low-end/mainstream/enthusiast and the gaming segments are honestly not that large. Replacing every Windows/MS Office with a Linux/OpenOffice solution would be 1000x greater than turning LAN parties into LUGs. Nor is it easy fruit - a game requires a lot of software infrastructure, it's got limited actuality (Linux support two years after is a big meh) and is full of bleeding edge performance optimizations. Just to take that college drop-out article we had recently - the school could have said "MS Office or OpenOffice". The DSL installation disc could have said "For Linux do steps X instead". Lots of things in that article was her fault but it's quite clear that Linux could be a lot more supported in ways that would matter a lot more to the masses that a few FPS junkies.
Live today, because you never know what tomorrow brings
It's "big news" here when we find a government organisation or a school going with a Linux installation...
We're not a big office but we run on Linux. Primary application servers and most of the desktops. So far it hasn't been any big news outside and not a big deal inside. It was a quiet transition, no user upheaval. The best part is we (the IT department) don't have to spend part of our day handling the crisis/virus/trojan/black screen crisis of the moment. We actually have time to document, plan upgrades, and spend time on development instead of serving the Redmond machine. The stress level comes way down.
You don't realize how much time you spend servicing Microsoft until you get away from them. Not just servicing the machines but the whole ecosystem. It's so complex, you need so many supporting services to keep it running right that the Windows admins I've seen are in a constant state of stress. And I think they like it, even though they tend to complain about how busy they are. Maybe it's job security. Don't know and honestly don't care.
All I know is I can go to a partner integration meeting today knowing everything is working fine and, in the absence of hardware failure or massive internet outage, will stay working. That there won't be a stack of trouble tickets in the queue or bill for some piece of software that does...something...that we need because MS didn't include it in the base server package.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
It is every bit as racist as niggardly is; as in "Microsoft behaves niggardly with its protocols while at the same time preaches interoperability."
That legitimate words "sound kinda like" racist slurs does not mean the common words are racist. On the other hand, we have just been trolled.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Nice anecdote, but all that says is that the IT people in your company don't have a clue. Once upon a time, IT people were just as clueless about Windows / PC's. It's sad really - people call themselves professionals and then behave like that, refusing to educate themselves (If you are not CONSTANTLY educating yourself in IT, you will very very quickly become a dinosaur.)
But gaming is a weird animal. Many gamers (not all, maybe not even most, but many) are influential in other people's tech decisions. Whether it be the kids who his parent's assume "knows about computers" because he spends lots of time on one and can spout jargon he read on game sites, the programmer or sys admin who games as a hobby, or the "Tech Site" writers who's primary measure of performance is game FPS; lots of gamers have some level of influence on various numbers of people's technical decisions.
On top of that, even many people who don't game take an attitude of "Well, if it'll play that game, it will certainly be able to handle my $trivaltask". Gamers may be a small part of the market, but they are a much bigger part of marketing.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
And was re-offered his position after many people including Julian Bond, chairman of the NAACP, spoke harshly of mayor Williams "acceptance" of Howard's resignation. Too bad that it went as far as it did, though. Ignorance always has a cost.
Reminds me of a story one of my former teachers told. He was working as a consultant for this decently large corporation. When taking stock of their computers he noticed an ancient NT server was sitting in the server closet doing their email and basic file serving. He went to the PHB and was told "I don't care what you change but do NOT touch that NT server! We had lots of problems until a IT guy we hired a few years back fixed it. It has never failed since and I do NOT want you messing with it!".
Of course being an IT nerd that instantly made him want to see what this "Miracle worker" had done. So one weekend while everyone was gone he plugged a monitor in to see what his magic recipe was. What he found was Red Hat 4 running with a text file sitting in \ with READ ME IMPORTANT. So of course he did. It said "The stupid boss thinks this is an NT server. Keep your mouth shut and everything will be fine. Dave". He of course choked on his coffee laughing, upgraded the RAM(which the PHB authorized) and soon after left the company. He said "it was too damned much like Dilbert."
ACs don't waste your time replying, your posts are never seen by me.