Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Server Trusts Samba4 Active Directory

Posted by timothy on from the honey-it's-not-that-you-don't-trust-me dept.

Darren Ginter writes "A group of Samba v4 developers recently spent a week in Redmond to work with Microsoft on Active Directory interoperability(?!). The result? Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols. Although Samba v4 is still in the alpha stages, this is a huge step for open source. Or it could be a trap."

15 of 182 comments (clear)

  1. Oh, great by HangingChad · · Score: 5, Funny

    Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols.

    Now I have to get ready for the 4 horsemen, rain of fire and the end of time.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:Oh, great by rcolbert · · Score: 4, Funny

      ...might I also recommend heating up a pot of chocolate fondue in preparation for the locust swarm?

  2. It's a nice story... by rcolbert · · Score: 5, Interesting

    ...and good to know the hard working Samba team came away from Redmond feeling positive about the progress that was made. I don't think it's an earth moving change in the relationship between MS and the free world, but it's better than a sharp stick in the eye.

    1. Re:It's a nice story... by Platinum+Dragon · · Score: 4, Interesting

      I don't think it's an earth moving change in the relationship between MS and the free world, but it's better than a sharp stick in the eye.

      I'll breathe easier if this doesn't result in legal trouble for Linux distributions and the *BSDs down the road. MS has a long, long way to go before I could ever trust them to do something with the open source community for any purpose other than to, eventually, obliterate it as a threat.

      Publicly recanting the Halloween Documents, and particularly "embrace, extend, and extinguish" would be a start, if only a start.

      OK, it's an MS-created protocol anyway, but I'm still very suspicious about MS management's ultimate motives in allowing this collaboration to take place.

      --

      Someday, you're going to die. Get over it.
    2. Re:It's a nice story... by rliden · · Score: 5, Insightful

      I'm kind of surprised you don't get what's going on here. MS sees a way to make money from open source. I doubt they'll trumpet that from the rooftops, but I think it's exactly what's happening lately. This will be a selling point for Server 2008 and another reason for MS customers to upgrade from Sever 2003 to 2008. So this potentially has the ability to increase upgrade sales to existing customers and provide possible sales to new multi-platform customers.

      Everyone is so worried about the MS of 10 years ago that I think they're missing the dynamic now. Free and/or Open Source software and platforms aren't going away. If you can't make your competition leave then you might as well capitalize on them and make money. MS has far more to gain from interoperability with Linux, BSD, and other open source platforms than they do from not working together (it's just taking a long time for the boardroom to move it in that direction). FOSS on the other hand has far less to gain, in my opinion, by working together and everything to gain by not making things work together since the main business model of FOSS is support service oriented.

      I think what we're seeing with this and their VM offering is to make themselves a viable player with Linux in the server arena.

      --
      Don't think of it as a flame, more like an argument that does 3d6 fire damage.
    3. Re:It's a nice story... by cetialphav · · Score: 5, Insightful

      I think the point here is that Microsoft's behavior is being driven by the market. The market is clearly saying that they like a lot of the FOSS solutions. If Microsoft tries to pretend like these solutions does not exist, then they will allow a software ecosystem to develop in which they have no influence. A dominant player simply cannot allow that to happen.

      In the case of FOSS, there is no way to bankrupt or buyout the competition. They still try to compete with marketing FUD, but it is obvious that that is only good for trying to slow the growth of FOSS.

      This isn't about Microsoft turning over a new leaf. The real story is that market acceptance of FOSS solutions has grown to the point where none of the major players (including Microsoft) can afford to ignore it. For someone like me who has used Linux seriously for 15 years, seeing this kind of growth and acceptance is amazing. Linux used to be ignored, but now it is respected.

    4. Re:It's a nice story... by Platinum+Dragon · · Score: 4, Insightful

      In the case of FOSS, there is no way to bankrupt or buyout the competition. They still try to compete with marketing FUD, but it is obvious that that is only good for trying to slow the growth of FOSS.

      That leaves the legal route, and that's what I'm worried may be employed here down the road. I hope the Samba developers obtained a rock-solid agreement allowing them to use the results of the collaboration in the Samba project, now and in the future. I'm concerned that the company may attempt, without the knowledge of the MS developers who probably had a blast doing this, to argue that anything in Samba4 written after this project having to do with AD interoperability is covered by patents relating to AD, or that it descends from MS intellectual property accessed while they were at Redmond, etc. IIRC, one of the Linux NTFS coders had to refrain from working on the functionality for some time after working at Microsoft due to contract stipulations, slowing the development of stable write capability (this was years ago, so I could be way off here).

      I can see how this is a possible sign of a culture change at Microsoft (and for that company's sake, I hope the EEE culture is withering away), but I can also see a few ways this could go horribly wrong based on the company's past behaviour. Their future behaviour will determine whether this was a good idea, and that's why I remain skeptical.

      --

      Someday, you're going to die. Get over it.
  3. Re:A question of trust by gbjbaanb · · Score: 5, Funny

    "Microsoft Windows" and "trust", do those two even go together?

    only when joined together with the word 'anti'.

  4. Re:I look forward... by value_added · · Score: 4, Informative

    to being able to implement this at home and at work to word towards replacing Windows Server 2003.

    For home or small office use, this might be an interesting read. It's the slideshow from Kai Blin's Samba ARMed and Ready: Running an Active Directory DC on 2 Watts talk on an embedded Samba4 DC.

  5. Re:Just Don't See How This Could Be A 'Trap' by fluffy99 · · Score: 4, Interesting

    Folks interested in saving a buck will start using Samba servers to either completely host or participate in Active Directory domains. The trap or catch will come further down the road when Microsoft patches something that breaks the functionality, at which point Microsoft will simply state that if you wanted something reliable you should have used genuine Windows servers. Don't believe me? The samba project is already rife with examples of this. Didn't we see Samba choke when enterprises tightening up security disabled ntlmv1?

    I seriously doubt Samba-based AD servers will be fully functional anyway, just like Samba emulating an NT4 domain was just barely functional. Microsoft helped them figure out how to use the native Microsoft protocols to replicate the AD database instead of having to rely on the semi-functional openldap hack they had been using (actually be be more accurate, MS confirmed and correct their reverse engineering of the protocols).

    Being able to replicating the AD database/ldap and form working trusts does not make Samba a good substitute for AD. It simply gives it an ability to co-exist with a real AD infrastructure. GPOs and most of the other desirable features of Active Directory are not implemented in Samba. Big businesses will still use MS boxes to ensure all the features work and its stable, since the cost of the software is not the driving factor.

  6. This is good news by Orion+Blastar · · Score: 4, Interesting

    back in 1995 I ran a small business that did Linux installs for companies to replace Windows NT Server systems with Linux plus Samba. We used Slackware Linux and then later Red Hat, but it did Windows file and printer sharing for Windows clients and saved those businesses thousands in Windows Server licenses.

    But when Active Directory came out, companies switched back to Windows Server, because Linux and Samba lacked that. Exchange can be done via OpenExchange and use MySQL or PostgreSQL instead of SQL Server.

    Linux has to match Windows Server feature by feature in order to compete with it, and be used. Linux might never replace Windows on the desktop, but it can replace Windows on the server as Unix and Linux are designed as server operating systems.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
    1. Re:This is good news by cbhacking · · Score: 4, Informative

      Windows (in the modern sense) has nothing at all to do with DOS aside from including a 16-bit virtualization layer (in the 32-bit versions) and R/W support for its filesystem (not that you'll see many FAT16 volumes these days).

      Windows, or more correctly NT, was designed from the ground up to be 32-bit, multi-user, preemptive multitasking, support multiple APIs and/or ABIs (DOS, Win16, Win32, OS/2, and POSIX), be portable (the DOS-based Windows versions used assembly heavily, which made them fast and lightweight, but prone to bugs and impossible to port; NT is almost entirely C and has been ported to several completely different architectures), and be suitable for servers and workstations (not, initially, home computers). The lead designer of NT (and author of much of its kernel), Dave Cutler, used to be one of the leaders on VAX/VMS and other projects by DEC. http://en.wikipedia.org/wiki/Dave_Cutler

      Claiming that Windows was "morphed from DOS" indicates either a stunning lack of knowledge about the modern software world (the last Windows version in any way based on DOS was ME, which was quickly replaced with the NT-based 2000 and XP), or that you are simply a troll.

      --
      There's no place I could be, since I've found Serenity...
  7. Re:Just Don't See How This Could Be A 'Trap' by Cyberax · · Score: 4, Informative

    "Yes, Samba4 can emulate an AD server, if you don't mind having to maintain two sets of user and group accounts. Samba4 still requires either usermapping, or managing the linux users and groups separately. "

    Wrong! It's certainly possible to use trivial mapping for Unix and Windows groups and accounts. It was possible to do this since the early days of Samba.

    Samba4 even supports the full mapping of Windows ACLs which was the main missing feature in Samba3.

    "It simply lacks the nice seamless integration of AD, and does not fully implement GPOs inheritances, etc."

    Again, wrong. You can actually use Microsoft's tools to manage GPOs in Samba4.

    "If you read the article, you'd see they barely got it to the point where a Win2008 server would talk to it enough to join the domain (not just replicate the LDAP database). That's a far cry full full interoperability."

    Wrong. Win2008 server not just joined the Samba4 domain as a member. It has established a _trust_ _relationship_ with it. So members of Win2008 domain could now access resources in Samba4 domain with correct cross-authentication. And this is not a small task.

    Samba4 is about >this close to the full AD replacement.

    The main missing feature is printing, there's no support for it in Samba4. This task is being tackled in the 'Frankie' project which tries to use parts of Samba3 for printing.

  8. Re:Of course it's a trap by grcumb · · Score: 4, Funny

    Anyway - you can't be too sure about anything these days, but if Microsoft doesn't cooperate they will have an even lower respect from the open source community than they have today.

    Well, that explains the move to 64-bit. We were at risk of over-running the lower bound of the signed long integer that would have been required to express this new depth of loathing. Now, they're good until at least 2038. 8^)

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  9. Re:Why can't Microsoft be a business too? by bernywork · · Score: 4, Informative

    WTF? How can you possibly justify your position?

    Lets just a quick "Lets get the facts straight campaign":

    A 2003 license is $429.99 US ex tax (Euro pricing, I am sure that the US is cheaper) and that includes 5 CALs. Datacentre runs well and truly above your $3,000 figure, try doubling it if you want Hyper-V.

    A 2008 CAL is about $30, but it's not just that you are probably going to want, it's sharepoint and everything else. So really, you just haven't done any research.

    Lets run with your understanding about using Linux to connect to Windows, it's wrong.

    If you aren't using their software, why would you have to pay for a Client Access License? I am sure you could make a donation to the Samba Foundation, and I am sure that they would appreciate it. Aside from that though, why would the protocols need a license? They have publicly posted the protocols, they got forced to by the EU as part of their anti-trust investigation. This was part of their settlement. They have also posted the protocols for Exchange and a number of other protocols; they had to.

    Really, this is the whole point of Jeremy Allison going tot he EU hearings and testifying and everything else, to MAKE Microsoft go through the interoperate with everyone else. Take a look here: http://www.samba.org/samba/PFIF/PFIF_history.html

    Disclaimer: I am not an apologist, I am a Linux advocate but I still use a lot of MS products in my day to day business

    --
    Curiosity was framed; ignorance killed the cat. -- Author unknown