Samba 4.0 Released: the First Free Software Active Directory Compatible Server

Jeremy Allison - Sam writes "We released Samba 4.0 today, containing the first compatible Free Software implementation of Microsoft's Active Directory protocols. 'Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0 provides everything needed to serve as an Active Directory Compatible Domain Controller for all versions of Microsoft Windows clients currently supported by Microsoft, including the recently released Windows 8. The Samba 4.0 Active Directory Compatible Server provides support for features such as Group Policy, Roaming Profiles, Windows Administration tools and integrates with Microsoft Exchange and Free Software compatible services such as OpenChange.'" Full release notes are available, and you grab the files from the download page.

fsck yeah!

[Netdoctor]

Oh My Gawd.

I have been waiting literally *years* for this.

This just made up for an otherwise very crappy day. No, this just fixed my whole year.

Wow

[Anonymous Coward]

I'll be interested to see the reviews on this over the next several months. I'm interested to see how well this performs under different levels of load, and how it utilized group policy. Kind of exciting in an extremely nerdy sort of way.

Re:First post

[Jerslan]

Because Windows isn't always the best tool for the job? Because having a diverse ecosystem of IT appliances that can all share authentication and other such services is a VERY valuable thing?

Re:GPLv3

[Jeremy Allison - Sam]

Oh you mean corporations like IBM, EMC, Netgear, WDC,Google ? Yeah, the GPLv3 really scared them :-).

Listen to my presentation here:

http://www.softwarefreedom.org/podcast/2011/may/10/why-samba-switched-to-GPLv3/ [softwarefreedom.org]

to explain why GPLv3 is a *better* license for commercial use the GPLv2.

Jeremy.

Re:No more licensing fees :)

[bigstrat2003]

I'd still wait 1/2 a year to put it into a test environment...

Why? Isn't the whole point of a test environment to find out if something has issues? I think that interested parties should put it into a test environment immediately, cause that's why they have a test environment. But yes, wait some time to put it into production.

Re:No more licensing fees :)

[erroneus]

Sorry, but no. There are bunches and bunches of PHBs out there who will perpetually doubt that anyone can make a Microsoft server as good as Microsoft and would be more than a little afraid that by doing this, they would be in violation of some sort of license requirement. At the very least, it would void any support services if an exchange server were to connect to a Samba 4 AD domain. PHBs care a lot about stuff like that even if people rarely if ever use Microsoft's support.

For that dream to become a reality, a big player out there would have to step up and put their branding and reputation behind it. For example, IBM might be a great candidate for that. PHBs still know who IBM is. RedHat might not get the reception Linux users might think they deserve. Oracle, as much as I would like to see them die in a fire, might also be able to pull it off.

For now, the IT world is ruled by PHBs and one must always consider what things they might believe regardless of how ridiculous it may actually be.

Re:How does Microsoft feel about this?

[Anonymous Coward]

Not really. Integrated Linux clients into an AD authentication framework is a bit of a pain in the bum, because ADs view of the world is different to the POSIX view of the view, so any implementation (I.e. nslcd/pam_ldapd) goes to a lot of effort to map Microsoft-y concepts to POSIX-y concepts.

If you need a centralised authentication framework for POSIX clients, OpenLDAP or NIS+ is a better bet. The only real reason to use AD for POSIX clients is because the AAA in AD is miles above anything like OpenLDAP: I use AD for several thousand Linux clients because the auditors would never sign off on OpenLDAP, for example. Samba4 doesn't solve the AAA problem (as far as I am aware) so it's still not a drop in replacement for lots of places where AD is used for POSIX clients.

Re:How does Microsoft feel about this?

[abartlet]

I do have to say, the AD interop labs were some of the most fun I've had in IT. And yes, it was great having the food brought in as we worked late into the night, night after night.

The best bits were being able to work side-by-side with their engineers solving some of the trickiest parts of the puzzle, or working over the results of running their testsuite. These things made Samba much better, and I'm happy to say how much we appreciate these opportunities.

Andrew Bartlett
Samba Team