Follow Slashdot stories on Twitter


Forgot your password?
Microsoft Networking Windows Linux IT

Ask Slashdot: Is Samba4 a Viable Alternative To Active Directory? 388

First time accepted submitter BluPhenix316 writes "I'm currently in school for Network Administration. I was discussing Linux with my instructor and he said the problem he has with Linux is he doesn't know of a good alternative to Active Directory. I did some research and from what I've read Samba4 seems very promising. What are your thoughts?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Is Samba4 a Viable Alternative To Active Directory?

Comments Filter:
  • by rtfa-troll ( 1340807 ) on Sunday November 04, 2012 @03:25PM (#41874027)

    It's important to realise that Active Directory has a bunch of overlapping different features. Samba4 is a great for part of it. Puppet is great for a different part of it (the ability to configure systems - like a superset of Active Directory Group Policies) LDAP covers some other parts etc. etc. You need to be really careful with this question because it is already loaded. Essentially, if the answer is "Active Directory" you are asking the wrong question. Your overall system administration story with Linux will be much better than Windows but you need to start thinking more from the beginning since it isn't always as obvious which tool is the right tool.

  • Not yet. (Score:5, Insightful)

    by phoenix_V ( 16542 ) on Sunday November 04, 2012 @03:26PM (#41874035)

    Samba 4 is in it's Alpha release stage and is not recommended for production. That said it's a remains to be seen thing if it will be.
    It also depends a great deal on how and what you use AD for. For simple authentication you can use samba 3 + LDAP for that now.
    For programs that require AD not so much with either.

  • Re:No (Score:5, Insightful)

    by Hylandr ( 813770 ) on Sunday November 04, 2012 @03:50PM (#41874215)

    Samba has been around literally for decades and has seen constant reliable use.

    You're suggestion that the software is new and poorly designed is invalid.

    There are good admins and bad admins. If software that has been successfully deployed for multitudes of years has been a problem then bad admins are far more likely to blame.

    - Dan.

  • NOT Recommended. (Score:3, Insightful)

    by Anonymous Coward on Sunday November 04, 2012 @03:53PM (#41874231)

    Samba may be able to do some of the windows file and printer sharing... even acting as a domain controller. BUT. Trust me. It will be hell to administer. For what you pay for Windows 2012 standard... with Hyper-V, and all the roles and services you just get... I dont see how you can compete with the ease of use and administrations. In the other-hand, if you are hard core UNIX/Linux and you need to support a few windows boxen in your environment.. then this is a great fit for you. Otherwise, stay away... far away. Anything you save in dollars you will spend in time... ten times over.

  • The real world (Score:5, Insightful)

    by Billly Gates ( 198444 ) on Sunday November 04, 2012 @03:55PM (#41874249) Journal

    Ask yourself why?

    I used to be like you when I was 20 a decade ago. Here is what I have learned. Your enterprise hates change and looks at you as a financial burden and unnecessary cost unless you work for an IT company. If they have AD why switch? If what they have works don't mess with it.

    I saw this pop up last week on slashdot when Microsoft suggested business users stop using XP. Shockingly a decade ago on slashdot people would be laughing at everyone using a 11 year old platform who refuses change all based on Microsoft. Fast forward today you see folks under 35 freak out and DEMAND XP BE SUPPORTED FOREVER because changing is something you never ever do! Those over 35 got modded down saying upgrading is part of your job. The point is to put SAMBA 4 in you have to fight such people. They hate change and will cling to obsolete products as their behaviors in the last decade taught htem to lock versions with no updates and view everything as a cost center. Even a free product like Samba as such.

    If it breaks who do you sue? Who do you call for support? Will you be handed a pink slip with a boot up your ass out of the door if something breaks? AD is standard, it is used by everyone else, other products like SQL Server, Sharepoint, and Exchange use it. It is part of the proprietary eco system at work and even though slashdotters breathe down Linux as the end all for everything it is not in an already established enterprise environment.

    Just stick with AD. It is what you will be quizzed on and expected to know in your first job interview. If you do not know it they will find someone else who will. It is that simple.

  • Re:No (Score:5, Insightful)

    by localman57 ( 1340533 ) on Sunday November 04, 2012 @03:56PM (#41874253)
    Is it fair, to say, then, that Samba4 and AD are both good choices for people with strong admin background, but perhaps AD is a beter choice for someone who, for instance, administers the server in addition to other business tasks? Not everybody has the time to become a good admin. They tell their boss that, but the boss also doesn't have funding to go and hire one.
  • Re:No (Score:5, Insightful)

    by Revotron ( 1115029 ) on Sunday November 04, 2012 @03:58PM (#41874265)
    Software being around for decades doesn't magically cure all the bugs.

    The OP stated that there were too many small glitches with the features they were trying to use, to which your response was that these glitches were imaginary and he just wasn't using it right. That sounds like something Steve Jobs would say.

    You're suggesting that Samba is absolutely perfect and has nothing wrong with it at all just because people have been using it for 20 years. I doubt that. Would you like to take that logic and apply it to Windows and see where that gets us?
  • by HerculesMO ( 693085 ) on Sunday November 04, 2012 @04:06PM (#41874331)

    Look at the use case.

    I know too many Windows and Linux folks who try to shoehorn one way of doing things so it runs the way they want them to. This post reeks of that.

    Find the best business reason to use one thing or another. I don't disqualify MS because it's not open source, or Linux because it's free. There are costs to doing everything, and usually made up outside of what infrastructure you decide on.

    That said, Windows is best on the desktop because of Group Policy, its extension into things like System Center, IT Asset Management systems, reporting, workflow, automation, etc. I know it "can be done" with Linux but the process is usually smushed together and kludgy. Windows is simpler because of the software that supports it, many of them made by MS themselves.

    I will stick with *nix for my backend requirements, and Windows for my front end. Until something changes drastically, I don't see much point in trying Linux on the desktop -- it's clearly not its strong suit.

  • Re:Nein. (Score:1, Insightful)

    by doubledown00 ( 2767069 ) on Sunday November 04, 2012 @04:32PM (#41874493)
    No, not out of date. Just got tired of Samba 3 not fulfilling my clients' needs and said fuck it.

    On a broader level your assertion is absurd. You're prepared to say Samba 4 does AD and call it good based on an RC. Slashdot rightfully doesn't give Microsoft a pass on something like that, I don't see why an open source project should be any different.
  • Re:No (Score:5, Insightful)

    by Mike Buddha ( 10734 ) on Sunday November 04, 2012 @04:38PM (#41874515)

    If Samba is difficult to administer, that's a problem. That makes it inferior to the competition.

  • Re:No (Score:2, Insightful)

    by Anonymous Coward on Sunday November 04, 2012 @05:16PM (#41874691)

    The real question is does AD work better than Samba4 and if so is it significant enough that the costs are lower after taking into consideration time, expertise (after some time with the technology), and license costs, etc. It may be Samba4 is easier to setup and get working than AD although there are potential bugs that you will need to spend money on to get fixed.

  • Re:No (Score:3, Insightful)

    by interval1066 ( 668936 ) on Sunday November 04, 2012 @05:31PM (#41874749) Homepage Journal
    Agreed. You whiny bitches appear to be expecting a drop-in replacement for Active Directory. If that's the expectation I think you're gonna be very disappointed. For sundry and basic AD duties Samba4 is great contender. If you want all the bells and whistles your gonna need to fork up that license fee.
  • Re:No (Score:4, Insightful)

    by rtfa-troll ( 1340807 ) on Sunday November 04, 2012 @05:41PM (#41874817)

    Our samba box would have random drop outs where it would deny access unless you restarted the file server.

    You probably had a minor misconfiguration. Would have happened whichever box you had it on. What did your support company say? [....] Oh; you set up a system without a support company? You thought that "Open Source" was a magic word which meant "fixes its self without any support company" ; you thought that Red Hat stood for "nice company that fixes everything for free even if we install a clone distro" and forgot that it actually means "fixes stuff their paying customers care about".

    Okay, I might be wrong in this case, but 98% of the time when asked it turns out that the people have spent thousands on Microsoft, Cisco and so on certificates. They have support contracts coming out of their ears for Oracle. Then they install an open source load balancer or database or something and suddenly the fact they saved money on the software license means they want to save even more money on the support. This is a bad mistake; everyone should look for competent support and if they can't find it then they should find a way to set it up themselves. If there's nothing, then you can probably employ some of the people who wrote the project really cheap and get a bunch of good developers in the price.

  • Re:No (Score:5, Insightful)

    by sjames ( 1099 ) on Sunday November 04, 2012 @05:47PM (#41874849) Homepage Journal

    No, but successful use for decades does indicate that it works.

  • Re:No (Score:1, Insightful)

    by Anonymous Coward on Sunday November 04, 2012 @05:48PM (#41874855)

    > You whiny bitches appear to be expecting a drop-in replacement for Active Directory.

    Yea, can Samba4 do that?

  • by tokencode ( 1952944 ) on Sunday November 04, 2012 @06:09PM (#41874971)
    Oh really? I ran multiple data centers and managed over 3,000 Windows Servers on 150 independent AD domains, Windows server is every bit as capable as Linux for almost all functions. In some, it excels at far beyond linux, such as managing enterprise networks via Active Directory. As with anything, it's about selecting the right tool for the job. Your statement "only case where I would consider using Windows Server in place of a Linux Server is if I could only hire grade 10 IT nerds who have no idea what there doing" simply goes to show that you are the grade 10 IT nerd who has no idea what he is doing.
  • Re:No (Score:5, Insightful)

    by jythie ( 914043 ) on Sunday November 04, 2012 @06:24PM (#41875057)
    Yeah, I never understood the whole 'tools that require more training to use are better!'. If two tools do similar jobs in the same use case, but one can be administered by someone who isn't a dedicated professional, and the other one requires a specialist, then within that use case, the easier to use tool is better. Additional complexity without additional benefit is not superior.
  • Re:No (Score:2, Insightful)

    by Tough Love ( 215404 ) on Sunday November 04, 2012 @06:36PM (#41875121)

    We have a couple file servers running Small Business Server and a couple that were running Samba. The SBSs required no administration. We turned them on and they just kept trucking. Our samba box would have random drop outs where it would deny access unless you restarted the file server.

    Funny, that sounds more like my experience with AD. Are you sure you actually did this? Samba version please, and more background information than the nebulous sounding "random dropouts... deny access". This is the sort of patter I would expect from a troll. Surely you realized that without credible details, you would likely be regarded as a troll?

  • Re:No (Score:5, Insightful)

    by Jane Q. Public ( 1010737 ) on Sunday November 04, 2012 @08:55PM (#41876181)
    Not to mention that since Linux has no direct analogue to a "Domain Controller", searching for a substitute for Active Directory on Linux is kind of like searching for BBQ ribs at the local ice cream parlor.

    If you grew up in an MS world and you just can't get over it, by all means try to find an Active Directory replacement. If not, brush off your Linux skills and learn how to do it right.
  • Re:No (Score:4, Insightful)

    by hairyfeet ( 841228 ) <> on Sunday November 04, 2012 @09:40PM (#41876421) Journal
    That is like saying WinRT has been around for decades since Windows 1.0 came out 30 years ago. I draw you to the very first line of TFA: " Samba4 is an ambitious, yet achievable, reworking of the Samba code." Whenever you hear the words "ambitious and reworking" the words that SHOULD pop into your mind immediately is "buggy as fuck" and I don't give a damned WHO wrote the code you NEVER use words like ambitious unless you are doing some serious flying without a net and are trying to warn folks things aren't gonna be business as usual.
  • Re:No (Score:2, Insightful)

    by Anonymous Coward on Sunday November 04, 2012 @11:11PM (#41876937)

    You are missing a library, this is a basic linux admin issue when it comes to installing software. I mainly deal with Red Hat boxes which comes with YUM, in distros using "yum whatprovides '*/'" would let you know which package contains the file you are missing. In Ubuntu with Aptitude you can run something like "apt-file update; apt-file search".

  • Re:No (Score:4, Insightful)

    by cyber-vandal ( 148830 ) on Monday November 05, 2012 @06:22AM (#41878725) Homepage

    An Apple/Microsoft site? What fucking planet are you on?

  • Linux-based shares (Score:5, Insightful)

    by Compaqt ( 1758360 ) on Monday November 05, 2012 @12:09PM (#41881417) Homepage

    Well, OK, granted for personal machines.

    But you should at least be able to browse the available servers, right? What I see is the community will continue to put out buggy Windows interop software because M$ can't just hand over the AD source.

    Anyway, like I said in another place in the discussion, the Linux community seems to have went about this wrong.

    It would have been better to come up with a networking addon for Windows clients to allow them to easily browse and connect to resources provided by Linux servers in a hierarchical domain arrangement (basically, Domain Name System). So:,,,, etc.

    Auth handed by OpenLDAP and Kerberos. Remote login by RADIUS.

    Some of that stuff would need some polishing around the edges plus integration, but again, writing your own Windows client DLL should seem to be much easier than divining and decoding messages passed around an AD network.

    Also: it would have been nice to really think outside the box. Like, how about allowing users to browse resources instead of being concerned with which server a resource happens to reside on?

  • Re:No (Score:3, Insightful)

    by Lev Lafayette ( 625897 ) on Wednesday November 07, 2012 @02:55AM (#41904459) Homepage
    There is a degree that this comment is fair however. With FOSS if there is a problem, the admin can fix it even if it is poorly written. So if the admin *doesn't* fix it, or *can't*, yes, they do have to shoulder that responsibility. With proprietary software however, the admin can't make these changes. So if the software is bad, even if the user knows what is wrong there is little that they can do. Ultimately it *is* bad software, because software that you can't fix is a damaged good.

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington