Samba 4: Linux Active Directory Server

by on January 20, 2009 · 14 comments· LAST UPDATED January 21, 2009

in , ,

Linux does have directory server called OpenLDAP, but it requires good understanding and admin skills. MS-Ad has reputation for ease of use. Samba is a free software re-implementation of SMB/CIFS networking protocol mainly used by Microsoft. One of the goals of Samba version 4 is to implement an Active Directory compatible Domain Controller. Major features for Samba 4 already include:

  • support of the 'Active Directory' logon and administration protocols
  • new 'full coverage' testsuites
  • full NTFS semantics for sharing backends
  • Internal LDAP server, with AD semantics
  • Internal Kerberos server, including PAC support
  • fully asynchronous internals
  • flexible process models
  • better scalablilty from micro to very large installations
  • new RPC infrastructure (PIDL)
  • flexible database architecture (LDB)
  • embedded scripting language (ejs)
  • generic security subsystem (GENSEC)
  • over 50% auto-generated code!

Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. More information avilable at Samba 4 wiki and here.

This new implementation is not just about cost but it should provide the following benefits:

  1. An open source replacment for MS - AD
  2. Understand undocumented AD protocol by studying source code
  3. Cost saving
  4. Interoperability etc
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 14 comments… read them below or add one }

1 ashwani January 21, 2009 at 11:56 am

Thanks Vivek for info

So can we login to this linux server as we login to windows AD by seeing third option of domain at UI in drop down list?…nd if possible how?

I hope you make an tutorial on it so that we all can test this out

Thanks
Ashu

Reply

2 Peko January 21, 2009 at 2:54 pm

Typo here ?
“Understand undocumented AD protocol by studding source code”
studding => studying ?

Keep up the good work, I enjoy your newsletter and site.

Peko, Paris, France

Reply

3 nixCraft January 21, 2009 at 3:01 pm

@Peko,

Thanks for the heads up.

@Ashwani,
Yes with the help configuration and Samba 4 you should able to login to AD.

Reply

4 Justin Zandbergen January 22, 2009 at 6:17 am

I would rather see an open source Directory implementation which is more like Novell’s eDirectory for this one is far more scalable and x509 compliant. Also the use of SLP is far more advanced then DNS imho. But of course this is not going to happen from Samba because then they would totally need to start from scratch.

Don’t get me wrong, i really am happy that Linux will have a decent Directory Service because that is really lacking at the moment. But the world is bigger (and better) than Active Directory.

Offtopic: I am curious how Samba4 will perform in contrast to Domain Services For Windows (DSFW) from Novell. And what Novell’s answer is going to do in respond to this.

Offtopic2: I work a lot with Novell products and i tend to like them. So you can qualify me as a fanboy probably ;-).

Reply

5 Diabolic Preacher January 23, 2009 at 3:53 pm

i agree with justin about why linux programs aim for 1:1 compatibility with microsoft protocols which are never well documented/open at all. Why should change always come from the software side and not from the user side? its just a bloody login, how does it matter what authentication is used for your username and password as long as you don’t mess with others’ stuff and others don’t mess with yours.

I ain’t saying not following MS protocol would make things easy, but atleast it gives the devs a chance to iron out the rough edges in the design phase itself.
think about it, many linux tools also suffer from unix tool design anomalies, trying to keep them compatible with the *nix standard.

Reply

6 nixCraft January 23, 2009 at 5:00 pm

Justin,

You have some valid point there. Novell eDirectory still used by many government and educational sectors. As I said earlier OpenLDAP is good but needs too much tweaking.

Samba 4 is not production ready yet. Personally, I stay away from AD as much as possible. AD disaster recovery is a true nightmare.

Reply

7 Kelt Dockins November 3, 2009 at 9:29 pm

The sad truth is that so many businesses use Active Directory for managing company users and group policies. It would be nice if Microsoft would release an open source linux alternative to allow login from Linux boxes so the AD server can control users/permissions on these boxes.

Reply

8 elwarreno August 12, 2011 at 4:41 pm

if your considering samba4, i would suggest checking out the resara management interface for it. many refinements, multi-server support, etc, free and commercial versions.

Reply

9 jetole January 5, 2012 at 11:01 am

This post/page was created in January 2009. As of now, January 2012, Samba 4 is still alpha. I was pretty excited when I heard about Samba 4 being a full AD compliant domain controller compatible with the new schemas implemented in Windows Server 2008 when I first read about it probably around the same time this page was written but here we are 3 years later where it’s still alpha code and at this point I have lost a lot of respect and hope that Samba will ever be the way to go for this. I’m expecting that by the time they complete this as a final, non-alpha, working piece of code, MS will have released a new version of the OS that implements a new schema that is no longer compatible with the old one and at that point we will have to wait many many more years for Samba to be able to create a compatible interface.

Reply

10 Tomas M. February 15, 2012 at 8:13 pm

It should be released in April, 2012 together with Ubuntu Server 12.04 LTS.

Reply

11 RKcam February 28, 2012 at 6:10 am

Can Openldap + Samba be used as full fledged alternative to windows 2008 R2 AD server with policies and GPOs

Reply

12 Tony May 5, 2012 at 2:15 pm

Don’t make up dates – It’s May 2012 now and the wiki states clearly “A date has not been set for an official release” and reiterates its alpha and unfinished state.

I suspect it was just too ambitious – instead of just implementing kerberos and ldap they tried to rewrite everything from scratch.. and here we are 3 years later no nearer to a release than they were 3 years ago.

Reply

13 Charles Tryon July 13, 2012 at 12:48 am

@Tony — actually, it is officially in Beta now. I’ve been following the Samba and Samba-technical lists for some time now, and while there still isn’t a hard release date, people in the core development team have been tossing around going into Release Candidate after July, and hopefully a full 4.0 release before the end of the year.

You really should check your facts before simply repeating what you’ve heard other people say. There has been a **LOT** of progress in the past couple of years. The biggest problem is that there has been a couple of significant changes in scope over these three years. The new NTVFS server, which was the *original* point of Samba4, has been sidelined in favor of pulling in a lot of the new file system functionality from Samba3. Instead of focusing on the file shares portion, the greatest effort has been to build up a very solid Active Directory server, complete with embedded Kerberos, LDAP, DNS 9.8, GENSEC, SMB 2.1 (working toward SMB3), replication, the ability to join an existing AD domain as a member server, and a host of other features.

There is a huge amount of work to be done, but at least for the past 12 months, this has been by far the FASTEST moving Open Source project I’ve ever looked into.

Take a look at the Samba Wiki at https://wiki.samba.org/index.php/Samba4 for a more up to date story.

Reply

14 simbatig November 27, 2013 at 9:16 am

Wow!!! Sorry…Just fell into this downloading Pear OS8! Getting tired of MS and the like. My hats off to Open Source communities as it is evolving into something really respectable since Fedora 12!!! Can’t wait for Samba 4 RC.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous post:

Next post: