Samba has maintained a solid capability as a file server and client but has never had the ability to function as an Active Directory Domain Controller until now. Samba 4.0 has been under development for quite a long time, and the Domain Controller functionality has been available in beta form during the later stages prior to release. Samba 4.0 delivers a stable release of this new capability but in a severely limited form.
For Samba 4.0 to be useful in large and multisite environments -- the sort that rely on Active Directory -- it will need to support cross-forest trusts and multiple domain controllers. Support for multiple domain controllers requires directory and file system replication to maintain the user database and the sysvol and netlogon shares. (The sysvol share stores the Group Policy Template along with other system templates and scripts, and the netlogon share contains system-wide logon scripts for the likes of assigning home directories and updating virus definitions.) Directory replication works reliably in this release, but the file system replication piece remains under development.
Samba 4.0 installation and setupThere are a number of ways to get Samba 4.0 installed, depending on your system and how you want to go about testing. You can download the latest release in gzip form and install it yourself. The Samba Wiki has a complete how-to detailing the process step by step. For popular distributions such as Ubuntu, there are packages available for installing using the normal methods. From a terminal window in Ubuntu 12.10, you can simply type:
apt-get install samba4
For the purposes of this review I downloaded the Excellent Samba4 Appliance, a ready-made virtual appliance based on SLES 11 SP2 64-bit and Samba4 Stable 4.0.0. The Excellent Samba4 Appliance virtual machine is available in the OVF format; in a VMware image that will work with VMware, VirtualBox, or KVM; and in a VHD file for use with Microsoft's Hyper-V. I chose the VHD file and installed it on an HP ProLiant DL385 G7 server running Windows Server 2012.
You must run a script to initialize a number of settings (IP address, domain name, admin account name, and so on) before you can actually start the Samba Domain Controller. Once you've entered the required information, the script (dcpromo.sh) will configure the appropriate DNS settings and create default DNS records. DNS is a requirement for Active Directory and must be running to enable client machines to connect to the domain.