Recent Features
| |||||||||||||
Releasing Samba 4Releasing Samba 4Posted Dec 1, 2011 8:25 UTC (Thu) by myllynen (subscriber, #55412)Parent article: Releasing Samba 4
> the current 3.x versions lack many of the features that enterprise users require (Active Directory support in particular)
I think this needs a bit of clarification.
Already with Samba 3.x a Linux/Unix system can be a domain *member* in an AD domain. When a system running Samba 3.x is a domain member it enables user id/authentication with Samba's Winbind component from AD domain(s), different Winbind idmap backends are available depending whether AD has IdM for UNIX role service enabled or not. And when you have set up user id/auth from AD you can turn your system into a server providing Kerberos based single sign-on (SSO) login, file shares, and printers for AD users (so both Windows/Linux users who just have a Kerberos ticket from AD are able to access those SSO services). And if wanted you can use the Samba net(8) tool to generate additional Kerberos principals, for example for additional services like httpd which are then also available as SSO services for AD users.
As later made clearer in the article the missing piece in Active Directory support is the AD domain *controller* functionality. However, how many enterprises are eagerly awaiting to be able to start introducing Samba DCs into their domains which often provide the most crucial pieces of infrastructure for an organization and might easily have tens of thousands of users, groups, and systems around the globe, I don't know.
(Log in to post comments)
Releasing Samba 4 Posted Dec 1, 2011 16:33 UTC (Thu) by drag (subscriber, #31333) [Link]
Trying to administrate a large number of Windows machines without Active Directory controller support is like trying to ride a bicycle with no wheels, no crank, no sprockets, no chain, and a spike for a seat..
One example;
Active Directory supports making RPC calls to Windows. This is used as part of group policies. The RPC calls are used to make edits to the registry and other things on the Windows node.
Using Samba 4 utilities and this feature a administrator on the Samba box should be able to run a virus scanner or other such thing to check the registry settings of any system that is a member of the domain.
Lots of fun stuff like that.
AD is file server, print server, configuration management system, kerberos single sign on, ldap server, and a bunch of other stuff.
Releasing Samba 4 Posted Dec 2, 2011 9:59 UTC (Fri) by myllynen (subscriber, #55412) [Link]
> Trying to administrate a large number of Windows machines without Active
> Directory controller support is like trying to ride a bicycle with no > wheels, no crank, no sprockets, no chain, and a spike for a seat.. > > Using Samba 4 utilities and this feature a administrator on the Samba box > should be able to run a virus scanner or other such thing to check the > registry settings of any system that is a member of the domain.
I think we are looking at this from slightly different angles. I was talking about enterprises where they definitely have AD DCs in production for administrating their thousands of Windows systems and users, and they do run virus scanners and much more with Windows/AD tools. But Samba 3.x nicely allows providing the aforementioned SSO services in those enterprise environments already today.
Wrt Samba DC in those environments, apart from organizational issues (like convincing AD admin teams and CIO to investigate and invest to Samba DCs), you'd also need to check with your Microsoft account manager what would happen support-wise to your Windows/AD systems if you'd add Samba DCs to an existing AD domain.
|
|||||||||||||