Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Server Trusts Samba4 Active Directory

Posted by timothy on from the honey-it's-not-that-you-don't-trust-me dept.

Darren Ginter writes "A group of Samba v4 developers recently spent a week in Redmond to work with Microsoft on Active Directory interoperability(?!). The result? Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols. Although Samba v4 is still in the alpha stages, this is a huge step for open source. Or it could be a trap."

1 of 182 comments (clear)

  1. Re:Just Don't See How This Could Be A 'Trap' by fluffy99 · · Score: 1, Troll

    Samba 3 emulated the archaic NT4 domain and later scabbed on support for Kerberos and emulating a Win2k domain. It never fully implemented all the little features and protocols, but it was essentially functional. I could never get NTLMv2 to work consistently, and it broke several times after Microsoft patches. Management frequently required command-line work. I gave up even trying to get pki or integration with Exchange to work. Forget even trying to get file permissions to work seamlessly, including letting your users set granular file permissions.

    From a business perspective, you can either pony up the money to buy the MS product and not worry whether it will work consistently, or you pay it in the long run with higher labor maintaining a Linux based solution that is guaranteed to have some speedbumps down the road..

    Yes, Samba4 can emulate an AD server, if you don't mind having to maintain two sets of user and group accounts. Samba4 still requires either usermapping, or managing the linux users and groups separately. It simply lacks the nice seamless integration of AD, and does not fully implement GPOs inheritances, etc.

    If you read the article, you'd see they barely got it to the point where a Win2008 server would talk to it enough to join the domain (not just replicate the LDAP database). That's a far cry full full interoperability.

    If you want to go Linux simply because you don't like Microsoft, or think you might save money in the long runs (doubt it), then Samba is an option. It works fine for many uses. Just don't expect to have all of the features of a true AD server or guaranteed long term compatibility with Microsoft servers. Personally, I would never try to mix the two in a corp environment as it only takes one issue to kill the entire AD and I wouldn't want my ass being out there taking the blame for introducing the Linux box that was responsible.