January 25, 2006 12:30 PM PST

New Samba beta targets Active Directory

A next-generation test version of the open-source Samba file-sharing software has been made available, with features emulating Microsoft's Active Directory ID management software.

The popular Samba suite is an implementation of Microsoft's SMB (Server Message Block)/CIFS (Common Internet File System) protocol that allows other operating systems to emulate or interoperate with Windows for the purposes of sharing files or printing.

The new version of the software was released Wednesday in conjunction with a speech on the subject by Australia-based Samba creator Andrew Tridgell at the Linux.conf.au conference in New Zealand. The team behind the software outlined its new features.

"Samba 4 supports the server-side of the Active Directory log-on environment used by Windows 2000 and later, so we can do full domain join and domain log-on operations with these clients," the group said in a statement on its Web site, noting this feature was "the main emphasis" for the new software.

"Our domain controller implementation contains our own built-in LDAP (Lightweight Directory Access Protocol) server and Kerberos key distribution center as well as the Samba 3-like log-on services provided over CIFS," the statement continued.

The Samba developers noted their implementation of Kerberos correctly dealt with the "infamous Kerberos PAC (Privilege Access Certificate)"--a data field in the Kerberos authentication protocol which attracted controversy when critics claimed that Microsoft's version tied users into its own version of Kerberos.

Other improvements include the integration of Samba's Web-based administration tool (SWAT), a new scripting interface that allows Javascript programs to interface with Samba's "internals," and new Virtual Filesystem (VFS) features.

"We are aiming for Samba 4 to be a powerful front end to large directories," according to the statement.

One Linux enthusiast who saw Tridgell's Linux.conf.au speech enthused about it on his blog soon afterwards.

"The hall was packed for one of Australia's homegrown heroes," wrote Brisbane-based Joshua Wulf. "The Vampire migration tool (employed to shift users from Windows to Samba) now has 'longer fangs' and can take over an Active Directory domain."

"Tridge demonstrated sucking the life out of a Windows 2003 PDC (primary domain controller) in one click, importing all its user and machine information using SWAT."

"He then restarted (domain server) BIND on his Samba 4 server, changed the server role to PDC...shut down the Windows PDC and then logged into the domain with an XP client using the new Samba 4 server as the PDC."

"This elicited suitable oohs and aahs from the audience," Wulf wrote in his blog.

However, the Samba team warned system administrators to be careful with the new software, which is dubbed a "technology preview" unsuitable for use on production systems.

"There is no printing support in the current release," the group's statement said. "We recommend against upgrading any production servers from Samba 3 to Samba 4 at this stage.

"We expect that format changes will require that the user database be rebuilt from scratch a number of times before we make a final release, losing password data each time."

In addition, they warned that the technology preview was not secure.

Renai LeMay of ZDNet Australia reported from Sydney.


Join the conversation!
Add your comment
samba who?
What kind of support is provided? What would happen if MS releases and update/critical patch which obviously wouldnt get tested with third party sideline products like this and isnt compatible for some reason with this AD clone and all hell breaks loss? Nothing much the sys admin would likely have to stay at home next day ;) ?
Posted by FutureGuy (742 comments )
Reply Link Flag
The support comes from the high paid sysadmin who is being paid to support the network, from the large user base of the application, and from the developers, who for a fee, would gladly support you. Since you saved so much on the initial cost this isnt so hard to swallow.

Also any sys admin that would be using it in a production environment would disable automatic windows updates on the client machines and always test them on a test system before rolling them out to the office. Infact thats a good practice to follow in ANY windows network when you are using business level applications that could have a conflict with an update.

I could see this as being very helpful to setup remote AD's in small branch offices without having to purchase another overpriced windows server license. Anytime they find a way to break a link in the vendor tie in chain of MS I am glad to see it.
Posted by devrdander (10 comments )
Link Flag
Don't worry about compatibility
The Samba team's compatibility tools are so good that Microsoft
engineers have admitted they use them to test new builds of
Posted by rcrusoe (1305 comments )
Link Flag
What would happen...
if Microsoft decided to standardize and work toward not breaking other software, open source or supported third party venders, and not release patches or updates that just mess everything up.
Posted by System Tyrant (1453 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.