Samba 4: Linux Active Directory Server

Linux does have directory server called OpenLDAP, but it requires good understanding and admin skills. MS-Ad has reputation for ease of use. Samba is a free software re-implementation of SMB/CIFS networking protocol mainly used by Microsoft. One of the goals of Samba version 4 is to implement an Active Directory compatible Domain Controller. Major features for Samba 4 already include:

  • support of the ‘Active Directory’ logon and administration protocols
  • new ‘full coverage’ testsuites
  • full NTFS semantics for sharing backends
  • Internal LDAP server, with AD semantics
  • Internal Kerberos server, including PAC support
  • fully asynchronous internals
  • flexible process models
  • better scalablilty from micro to very large installations
  • new RPC infrastructure (PIDL)
  • flexible database architecture (LDB)
  • embedded scripting language (ejs)
  • generic security subsystem (GENSEC)
  • over 50% auto-generated code!

Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. More information avilable at Samba 4 wiki and here.

This new implementation is not just about cost but it should provide the following benefits:

  1. An open source replacment for MS – AD
  2. Understand undocumented AD protocol by studying source code
  3. Cost saving
  4. Interoperability etc

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 14 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
14 comments… add one
  • ashwani Jan 21, 2009 @ 11:56

    Thanks Vivek for info

    So can we login to this linux server as we login to windows AD by seeing third option of domain at UI in drop down list?…nd if possible how?

    I hope you make an tutorial on it so that we all can test this out


  • Peko Jan 21, 2009 @ 14:54

    Typo here ?
    “Understand undocumented AD protocol by studding source code”
    studding => studying ?

    Keep up the good work, I enjoy your newsletter and site.

    Peko, Paris, France

  • 🐧 nixCraft Jan 21, 2009 @ 15:01


    Thanks for the heads up.

    Yes with the help configuration and Samba 4 you should able to login to AD.

  • Justin Zandbergen Jan 22, 2009 @ 6:17

    I would rather see an open source Directory implementation which is more like Novell’s eDirectory for this one is far more scalable and x509 compliant. Also the use of SLP is far more advanced then DNS imho. But of course this is not going to happen from Samba because then they would totally need to start from scratch.

    Don’t get me wrong, i really am happy that Linux will have a decent Directory Service because that is really lacking at the moment. But the world is bigger (and better) than Active Directory.

    Offtopic: I am curious how Samba4 will perform in contrast to Domain Services For Windows (DSFW) from Novell. And what Novell’s answer is going to do in respond to this.

    Offtopic2: I work a lot with Novell products and i tend to like them. So you can qualify me as a fanboy probably ;-).

  • Diabolic Preacher Jan 23, 2009 @ 15:53

    i agree with justin about why linux programs aim for 1:1 compatibility with microsoft protocols which are never well documented/open at all. Why should change always come from the software side and not from the user side? its just a bloody login, how does it matter what authentication is used for your username and password as long as you don’t mess with others’ stuff and others don’t mess with yours.

    I ain’t saying not following MS protocol would make things easy, but atleast it gives the devs a chance to iron out the rough edges in the design phase itself.
    think about it, many linux tools also suffer from unix tool design anomalies, trying to keep them compatible with the *nix standard.

  • 🐧 nixCraft Jan 23, 2009 @ 17:00


    You have some valid point there. Novell eDirectory still used by many government and educational sectors. As I said earlier OpenLDAP is good but needs too much tweaking.

    Samba 4 is not production ready yet. Personally, I stay away from AD as much as possible. AD disaster recovery is a true nightmare.

  • Kelt Dockins Nov 3, 2009 @ 21:29

    The sad truth is that so many businesses use Active Directory for managing company users and group policies. It would be nice if Microsoft would release an open source linux alternative to allow login from Linux boxes so the AD server can control users/permissions on these boxes.

  • elwarreno Aug 12, 2011 @ 16:41

    if your considering samba4, i would suggest checking out the resara management interface for it. many refinements, multi-server support, etc, free and commercial versions.

  • jetole Jan 5, 2012 @ 11:01

    This post/page was created in January 2009. As of now, January 2012, Samba 4 is still alpha. I was pretty excited when I heard about Samba 4 being a full AD compliant domain controller compatible with the new schemas implemented in Windows Server 2008 when I first read about it probably around the same time this page was written but here we are 3 years later where it’s still alpha code and at this point I have lost a lot of respect and hope that Samba will ever be the way to go for this. I’m expecting that by the time they complete this as a final, non-alpha, working piece of code, MS will have released a new version of the OS that implements a new schema that is no longer compatible with the old one and at that point we will have to wait many many more years for Samba to be able to create a compatible interface.

  • Tomas M. Feb 15, 2012 @ 20:13

    It should be released in April, 2012 together with Ubuntu Server 12.04 LTS.

  • RKcam Feb 28, 2012 @ 6:10

    Can Openldap + Samba be used as full fledged alternative to windows 2008 R2 AD server with policies and GPOs

  • Tony May 5, 2012 @ 14:15

    Don’t make up dates – It’s May 2012 now and the wiki states clearly “A date has not been set for an official release” and reiterates its alpha and unfinished state.

    I suspect it was just too ambitious – instead of just implementing kerberos and ldap they tried to rewrite everything from scratch.. and here we are 3 years later no nearer to a release than they were 3 years ago.

  • Charles Tryon Jul 13, 2012 @ 0:48

    @Tony — actually, it is officially in Beta now. I’ve been following the Samba and Samba-technical lists for some time now, and while there still isn’t a hard release date, people in the core development team have been tossing around going into Release Candidate after July, and hopefully a full 4.0 release before the end of the year.

    You really should check your facts before simply repeating what you’ve heard other people say. There has been a **LOT** of progress in the past couple of years. The biggest problem is that there has been a couple of significant changes in scope over these three years. The new NTVFS server, which was the *original* point of Samba4, has been sidelined in favor of pulling in a lot of the new file system functionality from Samba3. Instead of focusing on the file shares portion, the greatest effort has been to build up a very solid Active Directory server, complete with embedded Kerberos, LDAP, DNS 9.8, GENSEC, SMB 2.1 (working toward SMB3), replication, the ability to join an existing AD domain as a member server, and a host of other features.

    There is a huge amount of work to be done, but at least for the past 12 months, this has been by far the FASTEST moving Open Source project I’ve ever looked into.

    Take a look at the Samba Wiki at for a more up to date story.

  • simbatig Nov 27, 2013 @ 9:16

    Wow!!! Sorry…Just fell into this downloading Pear OS8! Getting tired of MS and the like. My hats off to Open Source communities as it is evolving into something really respectable since Fedora 12!!! Can’t wait for Samba 4 RC.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum