Active Directory comes to Linux with Samba 4

2 comments | 11I like it!
January 21, 2009, 01:59 PM —  Techworld Australia — 

Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett.

Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols.

Because AD is "far more than LDAP and Kerberos", Bartlett said, Samba 4 is not only about developing with Microsoft's customisation of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager.

"I've been working on Samba 4 for four years to try and provide a way to not run Microsoft servers at the centre of the network, which then leads to the clients," he said. "But I am a realist and we have implemented the logon server for Samba 4."

Bartlett admitted Samba has a "nasty" reputation for being "impossible to configure" and believes Samba 4 should "just work" without administrators needing to read through documentation first.

"For example, in Samba 4 we generate the DNS configuration and have an optional OpenLDAP backend and we have configured this as we know how Samba needs this setup."

Over the past year Samba 4 has added multi-master replication leveraging OpenLDAP, making Samba no longer a single-server implementation.

"Our users have also demonstrated how smart card logins work. I barely had to do anything in Samba 4 to get this to work. There is support for group policy as Windows clients are impossible to manage without it."

Samba also changed its scripting language to Python which Bartlett says should be easier for administrators, and there are bindings for other tools.

Also new is NTP signing support which allows Windows clients to accept a valid time from a linux server, which is needed for Kerberos authentication to work. Microsoft's own NTP signing protocol is non-standard and uses AD. This has been implemented in Samba 4 and "to say the NTP community was not happy is an understatement".

Bartlett said Samba 4 has had a lot of input from system administrators, but still needs more help.

"Samba is not just C anymore and we are doing more in scripting languages to make it more flexible," he said, adding some new features in Windows are easy to add to Samba via scripting.

"My Russian connection has had Samba 4 running in production since last June and has discovered a few missing features. They also discovered that machines would stop working after 28 days which was something to do with password expiry. We spent a week at Microsoft and discovered Windows would use a call with a string and fill it with random crap. Samba just sent a password of zero to the string and this is probably not the best for security!

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Close

On Twitter now

active directory

Powered by Twitter
You are logged in | Sign out
Sign in and post to Twitter

What are you thinking?

Cancel Tweet sent

On Twitter now

Comments

And any schedules or roadmap

And any schedules or roadmap in general are available for developers?

It is ridiculous in 2009:
"We have made something. What is this thing we do not know. There can be people will tell to us for what this thing is necessary?"
| reply

バッテリー

大阪でバッテリー販売。 セルモーターリビルト。 オルタネーターリビルト。リビルト在庫多数。大阪で電装品販売。リンク品在庫多数。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。
| reply
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace