×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Active Directory Comes To Linux With Samba 4

kdawson posted more than 5 years ago | from the hyper-active dept.

Networking 276

Da Massive writes in with another possible answer to a recent Ask Slashdot about FOSS replacements for Microsoft AD server. "Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols. Because AD is 'far more than LDAP and Kerberos,' Bartlett said, Samba 4 is not only about developing with Microsoft's customization of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

276 comments

About Time... (2, Insightful)

Mydnight (817141) | more than 5 years ago | (#26513349)

After the headaches Active Directory has caused the company I work at over the last couple weeks (things like Windows telling the backup software that it wasn't allowed to backup anything to do with AD except the transaction logs), I can't wait!

Ubuntu Bug Development (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26513443)

Cracks are visible on the exterior of a settled suburban house in a lower middle-class neighborhood outside of Detroit. During the day, the house is mostly quiet save the occasional noise of babies' cries competing with shrill, high-pitched female voices. At night, the music of a handful of artists known as the "Three T's" - Tupac Shakur, Too Short, and Trick Daddy - blares from the domicile with aging blue-gray paint and bars on all of its windows. It is impossible to see into the house from outside because all of the windows are covered with aluminum foil. One window was broken but promptly taped together with the duct tape in the distinctive tell-tale pattern of brownian motion.

The interior of the house is barren save the sparse arrangement of old, unmatched furniture purchased(or, more likely, stolen) from an inner-city thrift shop; the centerpiece of it all being the stained, chintzy sofa peppered with the burns of marijuana and tobacco cigarettes. The place as a whole appears to be only a temporary living space, yet its inhabitants have lived here consistently for about ten years. The stench of dirty diapers, burned cooking oil, and the by-products of a metabolism so powerful it could fuel the outrunning of gazelles or a successful fistfight against 4 police officers at once permeates the entire home.

It may be mentioned in passing that this house's inhabitants are an assortment of African men, women, and children who live and sleep in intervals diametrically opposite to those of each other so that each inhabitant's productivity is maximized -- everybody in the house has their own role in a setup strikingly similar to the Smurfs' villiage or some other Socialist paradise.

A circular design of red, yellow, and brown was painted on the wall -- "Krylon on drywall" being the medium -- by the teenage male who is but one part of the small collective known as the Ubuntu developers.

The adult males do the brunt of the work. One bedroom of the house, the master bedroom, is the development studio. The whole outfit is the brainchild of Marcus Ubuntu, first-generation African immigrant who studied computer science at the university of Zimbabwe before fleeing the armed rebellion. At his left sit Reggie Omoko, associate programmer; and at his right sit Shawn James, graphic designer(it should be noted here that Shawn is the one who designed and painted the Ubuntu logo, reportedly gleaning Ubuntu's artistic inspiration from the color scheme and the shape of various public toilets).

The 2 women of the house serve as breeders and foragers, collecting the welfare and child support money and then buying copious amounts of food, drink, and dope in support of operations. The children of the house, in turn, support the women, though it is difficult to determine how exactly many children are in the house as they come and go as they please with some leaving permanently, some returning days or even years later.

The primary tools of this trade are an assortment of cutting-edge but stolen laptop and desktop computers. The Ubuntu operating system is coded in object-oriented C, a language Marcus developed at university because he didn't know that somebody had already invented C++. Years of crack and malt liquor-fueled hard work have transformed Ubuntu from a meager startup into the world's most popular open-source operating system.

Re:About Time... (4, Informative)

Z00L00K (682162) | more than 5 years ago | (#26513569)

Actually - the AD support in Samba is a bit of old news, since that has been promoted before.

But it's still good news, especially since lately the configuration of Microsoft's softwares and platforms has started to get incredibly complex and very hard to penetrate - as well as configure in a secure way.

Re:About Time... (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26513735)

They still haven't fixed its biggest issue, though. Seriously, this is 2009. We're a couple days away from formally confirming a half-black man as President of the United States. Do you really want to use software named after a racist slur?

Re:About Time... (0, Insightful)

Anonymous Coward | more than 5 years ago | (#26513773)

Ummmm... I've never seen any KKK member/skinhead/run-of-the-mill racist (in a movie or otherwise) use the term "Active Directory" as a pejorative. Did you mean "Samba" is a racist term? It's a kind of dance, and a portmanteau of SMB (Server Message Block). How is it racist?

If this is a new type of troll, it's a weird one. I'm not enraged, just a little confused.

Re:About Time... (3, Informative)

retyurecvb (1442035) | more than 5 years ago | (#26513805)

He has Samba confused with Sambo. [wikipedia.org] Somebody(same person?) made a post just like this a couple of days ago.

Re:About Time... (0, Troll)

Anonymous Coward | more than 5 years ago | (#26514333)

The two national black events in a row must really irk the racists. How come they aren't talking about Martin Nigga King Day and the Inigguration?

Re:About Time... (0)

Anonymous Coward | more than 5 years ago | (#26513823)

They still haven't fixed its biggest issue, though. Seriously, this is 2009. We're a couple days away from formally confirming a half-black man as President of the United States. Do you really want to use software named after a racist slur?

The Samba is, amongst other things, a dance. It is also the name of a large west-African tree, and a form of the card game canasta.

http://www.google.com.au/search?q=define%3A+samba&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a

How on earth is the name Samba racist in any way, shape or form?

Re:About Time... (0)

Anonymous Coward | more than 5 years ago | (#26513929)

The guy [slashdot.org] is deliberately confusing Samba with Sambo [wikipedia.org] because he is a troll [slashdot.org]. At least this time he posted as Anonymous Coward

Re:About Time... (2, Insightful)

Klootzak (824076) | more than 5 years ago | (#26513961)

But it's still good news,

Why is it good news? Is the Open-Source community embracing the concept "If you can't beat 'em join 'em?".

Pish-Posh, Linux can have, and has its own "Directory" functionality, and the members of the OS community are more than capable of implementing their own standards.
My opinion of this is that it's good for cross-compatibility, but not so much that it advances the concept that OSS products can compete in their own right.

I will be more impressed when Microsoft adds standards compatibility for integration with Open-Source standards and not the other way around.

Re:About Time... (5, Insightful)

Architect_sasyr (938685) | more than 5 years ago | (#26514097)

Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office. It's "big news" here when we find a government organisation or a school going with a Linux installation, and until it stops being so we can never consider Linux *as good* as MS or OS X, purely because of usage base. This functionality is an excellent step in the right direction for the office software, because we (as sysadmin's) can build a server that silently integrates with all the XP/Vista machines on a network, without "telling" anybody about it. After a few months of having a stable linux server in place, we can start pushing stable Linux onto the less-than-important PC's - like the receptionist (who can/should be trained) or the marketing department. Slowly (but surely) bringing across all the machines possible we can to Linux. Having AD functionality is definitely the first step. Getting a decent-free Exchange-replacement will be the next (and I mean free in the same way that Debian is free, unrestricted as much as possible) in the chain. Simply put, any OSS supporter needs to make some compromises to get their software into the enterprise. People grow up on Windows, or on OS X (as a rule it is one or the other) not (necessarly) on Linux, so we need to ease them in.

Oh and Linux has its own Directory functionality, it's OpenLDAP. It's just not necessarily as easy to maintain as Open/Active Directory.

My $0.02 AU.

Re:About Time... (2, Insightful)

Klootzak (824076) | more than 5 years ago | (#26514329)

Perhaps Linux is used ALOT more than you think, you're just not aware of the installations ;)

I know of at least 2 places which are very large and influential organizations that run ALOT of Linux and other Open-Source Systems - in one of the organizations I'm thinking of I implemented Linux in combination with MRTG, PHP and MYSQL for an application I wrote for the purposes of systems monitoring and server inventory, something I whipped up because Tivoli [ibm.com], a large, expensive "enterprise" product was proving too cumbersome and taking too long to implement and my Management needed something RealSoonNow(tm) to do the job.
Unfortunately though, Non-Disclosure, and fear of being publicly identified prevents me from citing the organization(s) by name.

Linux is used in quite a number of places, but it doesn't get the big "The Department of xyz for the pqr Government is installing Linux" publicity.

Don't despair, Linux is making waves, you just can't see the ripples ;)

Oh and Linux has its own Directory functionality, it's OpenLDAP. It's just not necessarily as easy to maintain as Open/Active Directory.

No offense intended... but I did say that in my original post ;)

Re:About Time... (4, Insightful)

Kjella (173770) | more than 5 years ago | (#26514553)

Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office.

Honestly? Gaming does not count. There was a nice market breakdown I saw not that long ago from AMD, breaking it down into laptop/desktop/server and low-end/mainstream/enthusiast and the gaming segments are honestly not that large. Replacing every Windows/MS Office with a Linux/OpenOffice solution would be 1000x greater than turning LAN parties into LUGs. Nor is it easy fruit - a game requires a lot of software infrastructure, it's got limited actuality (Linux support two years after is a big meh) and is full of bleeding edge performance optimizations. Just to take that college drop-out article we had recently - the school could have said "MS Office or OpenOffice". The DSL installation disc could have said "For Linux do steps X instead". Lots of things in that article was her fault but it's quite clear that Linux could be a lot more supported in ways that would matter a lot more to the masses that a few FPS junkies.

Do you know what SAMBA is about? (1)

Anonymous Coward | more than 5 years ago | (#26514147)

It's about replacing Windows Shares and networking.

LDAP and Kerberos are the "AD" of the OSS world (in fact, the rest of the world, really).

But SAMBA isn't aiming for that. It's aiming for MS SMB compatibility. Which includes AD.

Yes, I do. (1)

Anonymous Coward | more than 5 years ago | (#26514375)

What makes you automatically assume I haven't installed several Linux Systems running Samba+Sendmail&Postfix+Squid with IP_MASQ enabled for several clients I've serviced?

I've had to diagnose Samba issues for other clue(minus) Linux "Zealots" when they haven't realized you ALSO need +w enabled on the filesystem for the share to be writeable... Don't assume that because I'm not a Zealot I'm not fond of Open Source Systems my friend ;)

Well then (0)

Anonymous Coward | more than 5 years ago | (#26514567)

why did you ask why Samba had AD support? If it doesn't support AD, it isn't an MS SMB compatible product, is it.

I didn't ask that... (1)

Klootzak (824076) | more than 5 years ago | (#26514641)

I didn't ask if Samba had AD support... I asked why the PP thought this was a "Good Thing"... Because an Open-Source product was integrating itself with a Non-Standard one that Microsoft produces?

Not that I mind really, I just think it's not that great of a leap ahead for Open Source Software, just more Integration with Commercial Closed-Source software that already exists.

Do you understand that a "Directory" [wikipedia.org] and SMB [wikipedia.org] are two different things?

Re:Yes, I do. (1)

Ash-Fox (726320) | more than 5 years ago | (#26514571)

Note, I am not the original responder.

What makes you automatically assume I haven't installed several Linux Systems running Samba+Sendmail&Postfix+Squid with IP_MASQ enabled for several clients I've serviced?

Easy. You're "Anonymous Coward". You're anyone and no one.

I've had to diagnose Samba issues for other clue(minus) Linux "Zealots" when they haven't realized you ALSO need +w enabled on the filesystem for the share to be writeable...

A novice administrator would know this. I think you've been talking to the average joeish end users.

Don't assume that because I'm not a Zealot I'm not fond of Open Source Systems my friend ;)

Still can't tell if you're the same person.

Apologies for the AC post. (2, Insightful)

Klootzak (824076) | more than 5 years ago | (#26514715)

Easy. You're "Anonymous Coward". You're anyone and no one.

Well, even posting under my Slashdot "handle" I could be everyone and no-one too ;)

A novice administrator would know this. I think you've been talking to the average joeish end users.

No, the person I had to correct that issue for considered himself an "experienced" Linux Administrator (and Zealot - "Linux should be used for EVERYTHING"), having worked with various distros for 3 or 4 years. He was also employed by the Victorian Department of Education [vic.gov.au] at the time - the problem he was having was at a client he was moonlighting for. I was the poor Bastard who had to drive on-site when he eventually called me for help at 8pm on Saturday after he'd spent a good 10 hours working on the issue (mind you, I walked away with $100 in cash for typing 'chmod -R ug+w [directory]', so it was inconvenient, but lucrative).

The assumption you're making is that just because someone uses Linux, they also understand the underlying design of the technology that it is integrated with... not everyone understands filesystem permissions, you'd probably be surprised, like I always say... Computers/Operating-Systems/Applications are a "tool" - to be the most effective, you need to understand the function of the tool in addition to it's application.

Re:About Time... (2, Insightful)

Skrapion (955066) | more than 5 years ago | (#26514153)

I'm sorry, I missed the part where the GP was talking about OSS.

Look, I'm an OSS fan too, but not everything is about OSS. The fact that a good product is being released would be good news even if it wasn't OSS.

Re:About Time... (3, Informative)

rmallico (831443) | more than 5 years ago | (#26513585)

headache of AD? uh.. backing up? are you serious? there are command line tools, 3rd part tools as well that handle backing up of AD as well as full forest recovery (and even restoring a single attribute for one use to ALL users in minutes... google is your friend..

Re:About Time... (2, Insightful)

afidel (530433) | more than 5 years ago | (#26513733)

Um, you DO realize that you need a VSS aware backup program to get a usable backup of the domain controller, correct? Backing up the AD database files will do you zero good, and in fact if you could somehow get them to restore you would cause all sorts of problems.

This will be great! (0)

Anonymous Coward | more than 5 years ago | (#26513353)

Just can't wait! AD for linux. I honestly am surprised it's taken this long.

I love the OSS community!

Re:This will be great! (-1, Offtopic)

linhares (1241614) | more than 5 years ago | (#26513403)

I honestly am surprised it's taken this long.

That's what she said.

Re:This will be great! (0)

Anonymous Coward | more than 5 years ago | (#26513467)

I honestly am surprised it's taken this long.

That's what she said.

Well, after the first few orgasms women do eventually start to get sore ...

Waiting for samba (2, Insightful)

CarpetShark (865376) | more than 5 years ago | (#26513667)

Just can't wait! AD for linux. I honestly am surprised it's taken this long.

I'm also surprised it has taken this long. Which is why I'm not waiting.

Finally..an alternative (2, Interesting)

Darkk (1296127) | more than 5 years ago | (#26513361)

Finally an alternative to Microsoft's insane licensing model.

It brings one step closer for those who want to move to linux or least convert some windows to linux.

Re:Finally..an alternative (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26513581)

Finally an incomplete and imperfect alternative to Microsoft's insane licensing model.

There, fixed this for ya.

Re:Finally..an alternative (5, Funny)

cencithomas (721581) | more than 5 years ago | (#26513627)

If you're calling an imperfect alternative to insanity "fixed"...

...why, you must be a Windows 7 developer. ;)

Re:Finally..an alternative (5, Funny)

symbolset (646467) | more than 5 years ago | (#26513821)

What's wrong with Micosoft's licensing model? You pay either per server or per seat. If you license some servers per server, and some per seat their monitoring software tells you how often you need to "true up", and if their software fails to do its math correctly they get to sue you and seize all your computers [cnet.com]. That makes a lot more sense than Linux or BSD's licensing model where no matter how many clients or servers you have you don't have to pay. That's just anarchy.

Re:Finally..an alternative (0, Offtopic)

Jezza (39441) | more than 5 years ago | (#26513969)

The parent post is "Funny" - not a troll, it's called irony. (Technically irony is seldom "funny" as such... but I digress)

Re:Finally..an alternative (1, Offtopic)

symbolset (646467) | more than 5 years ago | (#26514049)

Jezza, while I appreciate your interest, "funny" doesn't get karma but "troll" costs karma, so all the folks who moderated that "troll" get to dig my karma, and now the folks who would have moderated it "interesting" or "informative" are clicking the "funny" button.

And if they're really sharp, the astroturfers now can "funny troll" me into negative karma.

Please. Don't help.

Re:Finally..an alternative (0)

Anonymous Coward | more than 5 years ago | (#26514305)

How about this? ...
If you don't want Funny mods then don't post jokes.

Re:Finally..an alternative (1)

jimicus (737525) | more than 5 years ago | (#26514195)

All joking aside, you ever looked at software auditing packages?

With few exceptions, most of them have substantially more obnoxious licenses than the software you'd be wanting to audit in the first place.

Re:Finally..an alternative (1)

symbolset (646467) | more than 5 years ago | (#26514359)

With few exceptions, most of them have substantially more obnoxious licenses than the software you'd be wanting to audit in the first place.

Of course they do. They couldn't set the bad example of being the least obnoxious, could they? Their customers might not think they were serious about enforcing their quite reasonable terms, if the enforcer didn't have less reasonable terms. See MPAA, etc.

Just waiting the release... (2, Interesting)

8282now (583198) | more than 5 years ago | (#26513365)

I've got a line of outfits that can benefit from this!

There are so many companies I know that have little to know real dependence upon AD other than the fact that it's all they're really known...

AD licensing (3, Interesting)

ani23 (899493) | more than 5 years ago | (#26513393)

Can someone tell me how AD is licensed? I thought it was a part of server 2003 and once you buy that there should be no additional costs right? Our Sys Admin is planning to install ad for our office (we used never had AD before) and I am trying to figure out what if any the advantages of getting AD will be.

Re:AD licensing (2, Funny)

Anonymous Coward | more than 5 years ago | (#26513415)

You are correct.

Re:AD licensing (0, Redundant)

Lingerance (1117761) | more than 5 years ago | (#26513423)

Can someone tell me how AD is licensed?

Afiak it is just a subsystem of Windows Server thus requires no additional licenses. But there is some bizarre ass license subsystem (of Windows Server) that the summary refers to. I'd suggest reading the ToS.

IANA Windows SA.

Re:AD licensing (2, Informative)

Anonymous Coward | more than 5 years ago | (#26513447)

You need a CAL for every user in the AD.

Gets expensive. Wait for samba4

Re:AD licensing (5, Informative)

Darkk (1296127) | more than 5 years ago | (#26513489)

Exactly. You need CALs for stuff like:

AD
Exchange
Terminal Server
etc.

It adds up pretty quickly.

It's really a nightmare for IT Depts as they have to keep track of the CALs and ensure they have enough licenses to cover the number of users.

Re:AD licensing (5, Informative)

betacha (1388285) | more than 5 years ago | (#26514369)

I had the pleasure of formatting our Windows 2003 server this summer and completely replacing it with an Ubuntu Samba OpenLDAP Domain server using this tutorial... http://ubuntuforums.org/showthread.php?t=640760 [ubuntuforums.org] The server has been working flawlessly at our school since September! We ran out of CAL's and our school is expanding very quickly. It didn't make sense to purchase more and continue paying the micro$oft tax..

Re:AD licensing (1)

Darkk (1296127) | more than 5 years ago | (#26514607)

Thanks for the link to the tutorial and glad to see the school is able to benefit from it.

I think what made Samba daunting in the first place is lack of GUI-like tools for those been in the window shop for a long time. Now there are tools like Webmin which makes it a breeze to maintain a linux server. A seasoned linux user would modify the scripts directly but for those who have little experience with linux's inner workings the GUI helps. They should, however, learn how to modify the scripts so they have a better understanding how it really works under the hood.

Re:AD licensing (2, Informative)

El Lobo (994537) | more than 5 years ago | (#26513603)

The CAL has NOTHING to do with active directory at all. If you don't use active directory you need to buy a cal license anyway to access the server's resources.

Re:AD licensing (1, Informative)

Anonymous Coward | more than 5 years ago | (#26513847)

The CAL has NOTHING to do with active directory at all. If you don't use active directory you need to buy a cal license anyway to access the server's resources.

If you do want to use active directory, then now you don't need to buy a cal license to access the server's resources, because the server would be running Samba 4 under Linux.

There, fixed it for you.

Re:AD licensing (5, Informative)

Anonymous Coward | more than 5 years ago | (#26513519)

A careful reading of the TOS says that it is licensed via user or device CALs based on authenticated users..

They actually have an example if you use AD as back end authentication on a web site you have to buy a CAL for ever user, or magic uber-CALs for the web server.

Really, it is just a tax. A MS shop typically has to pay:
  - For a OEM license on windows
  - For a volume license upgrade on windows
  - For a device or user CAL for the windows machine/user
  - For a windows server license (per VM!)
  - For exchange server (and a windows server license)
  - Per user exchange CALs (yay!)
  - Office CALs for outlook

It used to be a CAL came along with NT4 so you didn't need a separate one, but that is not the case anymore. MS said their customers wanted the simpler model of paying more for the same thing.

Of course, CALs and VLK upgrades are locked to specific versions so you have to keep buying them again and again to keep the additional rights.

The only happy area is that the CALs apply to all servers at once, so if you have a thousand users and a thousand servers you only need a thousand CALs.

No software checks this, but these are the terms.

It is really quite insane, but maximizes MS's profits.

See http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx
And keep in mind that MS thinks performing an authentication against AD is accessing the server.

Re:AD licensing (5, Informative)

gallwapa (909389) | more than 5 years ago | (#26513583)

No...no...no

There are "per device" or "per user" licenses.
If you have 5000 computers but 40,000 users, it is probably cheaper to buy device licenses...so you can do that.

In addition, each server DOES require a server license (which is different than a CAL).

Windows is licensed like so

Standard edition license includes 1 phys server + 1 VM (on the same server)
Enterprise includes 1 phys server + 4 VM (again on the same server)
Datacenter includes unlimited server licenses of any type

Users with enterprise agreements or software assurance don't have to repurchase - they're covered under their contract.

Re:AD licensing (2, Interesting)

symbolset (646467) | more than 5 years ago | (#26513909)

Windows is licensed like so....

Yeah, that makes a lot of sense compared to the completely irrational "use all the copies you want, but if you make changes you have to share them back" model.

Who would take a completely insane deal like "use all you want. We'll make more." rather than the more rational "pay us per seat or per user, but no changes are possible and if you overdeploy, we'll sue you." Or the even more rational "Pay us per seat and per server, annually, and you get the right to update to our latest software... if we ever do update our software - oh, and if you overdeploy, we'll sue you" model.

That's just crazy talk. It's like choosing to not be sued. Who in their right mind would choose to not be sued even if choosing not to be sued would save them tons of cash? Especially when the alternative is free and contains no lawsuit exposure? Please, please don't throw me in that briar patch [wikipedia.org].

Re:AD licensing (1, Troll)

timmarhy (659436) | more than 5 years ago | (#26514083)

"Especially when the alternative is free and contains no lawsuit exposure"

bullshit. there's no such thing as no lawsuit exposure. hell if anything SAMBA is hellish risky in comparison since you use it at your own risk and there is no way of knowing what submarine patent trolling asshole might popup eg. SCO. And it's pretty far fetched to claim MS is going to sue if you over deploy (i'd like to see documented example of it) most likely.. they will make you buy the extra licenses. the evil bastards.

Re:AD licensing (3, Informative)

symbolset (646467) | more than 5 years ago | (#26514169)

SCO is dead. They'll convert to liquidation any day now. At least one would hope so. Nobody knows how long that zombie has to shamble.

there's no such thing as no lawsuit exposure.

That [arstechnica.com] is [bbc.co.uk] true [eolas.com] enough [cnet.com] but to accept that as a premise is to refuse to do business. There is some middle ground where businesses can still operate in where the risk is acceptible. Limiting your exposure by avoiding licensing agreements that include the right to sue you if you overdeploy seems wise, and licensing agreements that include the right to audit you more so. Especially when there are options available that include terms like "use all you want for free".

(i'd like to see documented example of it)

Meet Ernie Ball [slashdot.org]. But wait... that wasn't Microsoft... that was their representatives, the Business Software Alliance! Same same. Evil by proxy is still evil.

Re:AD licensing (5, Insightful)

symbolset (646467) | more than 5 years ago | (#26514323)

Look, you seem like the average unbiased poster so I'm going to give you a few tips even though I'm going to be modded off topic.

If you're going to defend Microsoft or one of their products on /., you need to observe a few simple rules:

Don't ask for proof of Microsoft malfeasance. You'll just get proof, and that doesn't serve your goal. Read the series of Halloween documents [wikipedia.org] for an introduction to how much we know. It's scary.

Don't ask questions you don't know the answer to. That's good guidance for lawyers, too. You'll get answers you don't want.

Don't ask about someone else's experience. Their experience isn't going to help your cause, and you'll get replies from the least helpful people.

Do brag features, but do it with some understanding of the features. Don't just list the marketing babble. Don't brag more than three features at a time because it's then obvious you're typing them from a list. Do brag features that seem important to the parent poster.

If you must employ "anecdotes are not proof" be prepared for a swarm of people who confirm the anecdote. Nearly a billion people use MS software. Given enough experience, every failure mode is common. Every anecdote is common here and you would be surprised how selection bias draws people with shared anecdotes to slashdot just in time to skew the replies.

If it's allowed in your contract, do be specific: What platform worked well on Vista, how much RAM did you have? What video card? If you must avoid vendor bias, split the vendors by market share and let the astroturfers brag up proportionate systems - if they work. And if they don't work, leave it alone.

Slashdot has a grand bullshit detector, so don't lie. If you lie, the lie is not just going to be modded down - the responses to the lie are going to be modded up and be the only thing that people see, so the lie does more damage than silence would.

There are more rules, but this should help quite a bit for now.

Re:AD licensing (0)

Anonymous Coward | more than 5 years ago | (#26514643)

Well, you completely missed the point of his argument. Go ahead an pay the money. It is a stupidity tax after all.

Re:AD licensing (3, Funny)

Anonymous Coward | more than 5 years ago | (#26513889)

Really, it is just a tax. A MS shop typically has to pay:
    - For a OEM license on windows
    - For a volume license upgrade on windows
    - For a device or user CAL for the windows machine/user
    - For a windows server license (per VM!)
    - For exchange server (and a windows server license)
    - Per user exchange CALs (yay!)
    - Office CALs for outlook

In comparison, a Linux shop typically has to pay:
  - Nothing for a volume license for Ubuntu Linux,
  - Nothing for license upgrades,
  - Nothing for the Linux client machine/user,
  - Nothing for a Linux server license (also nothing per VM),
  - Nothing for Openchange or Citadel on a server
  - Nothing per Openchange or Citadel user
  - Nothing for copies of Thunderbird or Evolution or Akonadi or Kontact

That is a lot of zeroes ... fortunately there is no "1" at the beginning though.

Re:AD licensing (4, Informative)

Jezza (39441) | more than 5 years ago | (#26514087)

Well really they probably pay for "service".

Now some think this is a total waste of money and the whole point of Linux is you don't pay for anything. While it's true you can do this, if you're multi-million wonga business is relying on your IT that may not be too smart.

But buying "service" isn't some nasty con, you're actually getting something. Also you can shop around for it, and even switch suppliers.

Now the "free" aspect of Linux really helps you (as a business) as all your "computer wonks" can have a copy (for free) and take it home, use it outside the office (so they learn the product inside out). It does work out cheaper than Microsoft. The product evolves quicker, but you're not forced on some insane upgrade cycle.

You can get lots of certified hardware (which is important) and you're not alone (lots of other businesses have done the same).

Business get very twitchy when Linux advocates talk about "free" and the reason is they want to know: "Who's accountable if this stops working". A word of advice if you're trying to get your employer to consider Linux, keep the talk about "free" to a minimum (even "cheap" has negative connotations) instead talk about:

Lower Total Cost of Ownership
Competition in the market for Linux Support
No vendor lock-in
Hardware support from all major suppliers
Plenty of success stories

Oh and don't forget Sun make great Linux kit (not just Solaris)

Re:AD licensing (0)

Anonymous Coward | more than 5 years ago | (#26514583)

Business get very twitchy when Linux advocates talk about "free" and the reason is they want to know: "Who's accountable if this stops working".

Who is accountable if your Windows shop gets a virus through it, and it stops working?

Who is accountable if a worker of yours imports a malware onto your business LAN via a USB key?

Who is accountable for the long waits every time a Windows machine must reboot, and who is accountable for the 15% or so of CPU (on a fast system) that Vista consumes for whatever it is that Vista does (DRM perhaps?) that makes it so slow?

Who is accountable for the licence compliance checking and auditing that must be undertaken if you run a Vista shop, under the threat of even more costly lawsuits if found to be non-compliant?

Who is accountable for the myriad unproductive hours trying to work around file format incompatibilities deliberately invoked by Microsoft in order for Microsoft to try to keep its lock-in?

Who is accountable for the ongoing heavy (and avoidable) expenses involved in the Microsoft upgrade treadmill?

Who is accountable if your web server gets hacked and all your machines become botnet zombies, and your organisation starts emitting copious spam, or worse still, it starts compromising any other people who visit your site using IE?

Read the Microsoft EULA, and that will tell you how much Microsoft believes it is responsible. Basically, Microsoft claims it is not responsible at all.

Re:AD licensing (1)

bernywork (57298) | more than 5 years ago | (#26514061)

I was about to correct you on the Outlook CAL requirement for Exchange, but nope, your right. All versions prior to Exchange 2007 included Outlook CALs so that you had some software to connect to the server. Apparently, this isn't correct any longer unless you had Software Assurance on your Exchange server.

Now, normally any larger client has an EA (Enterprise Agreement) and negotiates a standard per user CAL which would include whatever of the backoffice components are required (SQL server, Exchange, Host Access Server, Windows, Terminal Services etc) as well as any office components (Sharepoint, Office 2007, Communicator) but still, for smaller shops who just use Exchange and Windows server to run it on, it's a bit nuts. Quite ridiculous actually. I know a few businesses that don't use Office, as their business doesn't use it, they use web interfaces. One who I think of doesn't have office at all, they again use web interfaces to order entry and customer management, Oracle apps for their workflow, accounting and picking lines, and Outlook for their email.

They have Open Office for the odd time that they have to open stuff, but for 90% of their users, they don't go near it.

Customers like this, with a couple of hundred employees would have just been screwed by this one.

Re:AD licensing (2, Interesting)

blincoln (592401) | more than 5 years ago | (#26514601)

They actually have an example if you use AD as back end authentication on a web site you have to buy a CAL for ever user, or magic uber-CALs for the web server.

Not only that, but it gets more complicated depending on how many MS server products you use.

For example, if you have a SharePoint system accessible on the internet that users can log into, you need a SharePoint CAL, a SQL Server CAL, and a Windows CAL for each of the users.

I've even read a Gartner paper that claims it's not just AD users, but users who log in using credentials of any kind. IE if you run an online store on IIS, you need to purchase a user CAL for each of your customers (assuming they can log in), whether you write your own auth system or give them AD accounts. Alternately, you can purchase a very expensive blanket CAL that covers them all. Either way, those CALs are going to cost more than most small businesses ever make off of single transactions from casual customers.

Re:AD licensing (1)

pmarini (989354) | more than 5 years ago | (#26514669)

in reply to this (and below to gallwapa): while it's true that the software assurance "avoids" you from having to purchase a whole new set of licences when a new version comes out, it's also true that its typical duration is for 3 years and a "new family release" now happens every 4-5 years with Microsoft:
- XP to Vista = 5y
- Server 2003 to 2008 = 5y
- SQL Server 2000 to 2005 5y
- SQL Server 2005 to 2008 = 3y
- MSOffice/SharePoint 2003 to 2007 = 3y

in reality you end-up paying almost two "cycles" of SA instead of just one "round" of upgrades...

Do the math !

(also to gallwapa: how exactly do you then plan to have 80 users on each box ? 40000/5000)

Re:AD licensing (0)

Anonymous Coward | more than 5 years ago | (#26513533)

Every computer or device! that connects to a windows 2003 server,requires a Client access licence.

Windows XP professional comes with one CAL to connect to a server.
Windows Server connection that requires a CAL
access File shares, access Printer Shares, AD/Domain Logon request (uses file shares)

Remote Desktop /Terminal Services Windows 2003 come with 3 licences beyond that you must purchase a Terminal CAL per user to connect siml

Re:AD licensing (1)

CAIMLAS (41445) | more than 5 years ago | (#26513633)

You need a CAL for either every device or every user, which would depend on what kind of environment you're in and what the machine/user ratio is.

Re:AD licensing (1)

Jezza (39441) | more than 5 years ago | (#26513997)

Err, "CALs"?

Microsoft don't just charge "per server", you also buy "CALs". All server products come with some, but that can be as few as five. That means you can't connect more than five clients to the server.

You buy them in blocks. Seriously, if this looks like it might be a problem you might like to look at getting a MOLP which often works out "cheaper". (Some would argue that this "rental" agreement isn't cheaper than buying as you pay the "rental" forever. In reality it often is, because you don't pay for upgrades.)

So while you're right AD is part of server, you do need to buy connection licences. Think about it this way, if you only wanted to run Server on a system (maybe to avoid Vista... yes, people do this) then you'd never need to buy any extra CALs, but if you're planning to use AD then you're probably wanting to connect a number of clients - then CALs come into play.

Please note, I'm no expert in MS licensing (it's complex).

Re:AD licensing (1)

jimicus (737525) | more than 5 years ago | (#26514039)

On its own? The same login details work for each PC, if your PC is replaced you don't need to mess around with setting up local user accounts.

You can also do quite a lot of management centrally.

To be fair, you could do most of this with Samba 3.x as an NT-4 type domain but it's not as refined.

AD is also a prerequisite for Exchange.

This is good for industry, what about end user? (3, Interesting)

plasmacutter (901737) | more than 5 years ago | (#26513421)

My last tussle with samba was yet another try with ubuntu on this old macbook.

Samba refused to accept proper config messages through gnome's graphical tools, I had to go in and edit the config manually, and samba did not respond properly to the config.

Why not just create a front end for samba and distribute it with the server and client software rather than depend on distributors?

Re:This is good for industry, what about end user? (-1, Flamebait)

timmarhy (659436) | more than 5 years ago | (#26513441)

because everyone should waste hours learning config files or command switches FOOL!

Re:This is good for industry, what about end user? (0, Flamebait)

ustolemyname (1301665) | more than 5 years ago | (#26513455)

because everyone should utilize hours learning config files and command switches FOOL!

Fixed that for you.

Re:This is good for industry, what about end user? (0, Flamebait)

timmarhy (659436) | more than 5 years ago | (#26513499)

it's a waste when a proper GUI would do the job.

Re:This is good for industry, what about end user? (2, Informative)

SanityInAnarchy (655584) | more than 5 years ago | (#26513511)

Why not just create a front end for samba and distribute it with the server and client software rather than depend on distributors?

I think SWAT was meant to be that, and it kind of sucked.

Re:This is good for industry, what about end user? (1)

Bert64 (520050) | more than 5 years ago | (#26513999)

Samba comes with SWAT, which is a web based admin tool... Not sure how good it is.

Jumping the Gun (5, Informative)

TechForensics (944258) | more than 5 years ago | (#26513431)

According to TFA FOSS AD is not here yet by a long shot, in early alpha, many missing features. Summary is *terrible* in suggesting non-M$ AD is already here.

Re:Jumping the Gun (5, Interesting)

Darkk (1296127) | more than 5 years ago | (#26513471)

One thing I find it interesting in the article is that Microsoft been working with Samba developers to provide them the inner workings of AD. Hell, even Samba developers discovered a bug about random passwords in AD and told Microsoft about it.

AD in it's present form is still closed source project so I find it interesting Microsoft team is willing to provide them some of the secrets knowing that eventually it'll take away some of their profits like they'll miss it anyway.

So what exactly the direction is Microsoft taking?

Re:Jumping the Gun (5, Informative)

b4dc0d3r (1268512) | more than 5 years ago | (#26513527)

I'm just guessing here, but there was something about interoperability in, what was it, oh, every monopoly-related judgment they ever lost. Otherwise they wouldn't be helping.

Re:Jumping the Gun (1)

Yvanhoe (564877) | more than 5 years ago | (#26514003)

I also begin to think that management has become more and more incompetent these years at Microsoft. That means a lot of teams having rogue behaviors like this one which are aligned with what most team members want and that ignore any secret-strategic-world-domination order they could receive from higher management.

Re:Jumping the Gun (4, Informative)

shutdown -p now (807394) | more than 5 years ago | (#26513563)

Ever since the EU antitrust/monopoly judgement and fines, MS has significantly increased the emphasis on open standards. It's still NIH syndrome more often than note, but at least the results are now documented, and usually come with a no-patent-enforcing pledge ("Open Specification Promise" - this covers e.g. OOXML and older Office formats, XPS, Silverlight, and so on). Also, I recall that EU specifically named SMB/CIFS & AD as something that should be opened up, and Samba as the beneficiary.

Whether it's just a coincidence or one followed from another is up for you to judge.

just 4 more years and it'll be stable. (1, Flamebait)

timmarhy (659436) | more than 5 years ago | (#26513433)

mark my words, it'll have bugs which will result in 1000's of "RTFM n00b" or "it's ms's protocol that sucks" responses.

Re:just 4 more years and it'll be stable. (1)

CAIMLAS (41445) | more than 5 years ago | (#26513643)

and why would it have those problems? Samba has been very stale for quite a while, v3 took a long time to get here, and they seem to be spending quite a lot of time this time around for version 4 to assure it works right.

Re:just 4 more years and it'll be stable. (1)

jimicus (737525) | more than 5 years ago | (#26513817)

and why would it have those problems? Samba has been very stale for quite a while, v3 took a long time to get here, and they seem to be spending quite a lot of time this time around for version 4 to assure it works right.

Yes, and the differences between NT4 and Active Directory are so huge that large chunks of Samba have had to be rewritten.

It's fantastic to see the project hasn't died but it's taken oh-so-long to get from 3.x to 4 alpha that I'm not holding my breath for 4 stable.

Re:just 4 more years and it'll be stable. (1)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#26513673)

mark my words, it'll have bugs

It's an alpha release you goddamn fool - if you'd bothered to read the article rather than rushing to try & get first post you'd know that.

Re:just 4 more years and it'll be stable. (3, Interesting)

stephenpeters (576955) | more than 5 years ago | (#26514233)

mark my words, it'll have bugs which will result in 1000's of "RTFM n00b" or "it's ms's protocol that sucks" responses.

Just as Slashdot is full of trolls and OT comments help forums often have people posting unhelpful comments. Just ignore them. Life is too short for arguing with idiots.

I find the Samba help forums are generally excellent if you take the time to ask a sensible question instead of just posting the first problem that comes up. Often the task of formulating a sensible question solves a problem without actually having to ask on the forums at all. I also generally find my query has already been answered in the forum and all I need to do is search.

The Samba documentation is an excellent resource and generally answers most of the questions you may have. Try starting with John Terpstra's Samba 3 by example [samba.org] which is a practical guide to implementing Samba 3. I don't know if John is working on a Samba 4 update to the book, but there is a WIKI [samba.org], HowTO [samba.org] and a FAQ [samba.org] available. If you are risk averse you may not want to use Samba 4 in production just yet :)

Wow... /.'s contextual ad for this page is fitting (3, Interesting)

Doug52392 (1094585) | more than 5 years ago | (#26513493)

"A new year... A new hope?" "Let us know your predictions for 2009".

And, right on par with my hope of seeing Half-Life 2 Episode 3 in "early 2009", my hope of seeing a fully working, easy to set up and maintain, "it just works" Active Directory server for Linux this year has diminished due to the fact that this same exact story was posted here over 3 years ago. (or on Digg)

Re:Wow... /.'s contextual ad for this page is fitt (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26513539)

You don't block ads?

Re:Wow... /.'s contextual ad for this page is fitt (0)

Anonymous Coward | more than 5 years ago | (#26514377)

Yeah, that's pretty bizarre on Slashdot. Some early versions of Adblock/Filterset.G would screw up page layout when blocking ads. But it's all been groovy for years, and I can't imagine going back.

Re:Wow... /.'s contextual ad for this page is fitt (0)

Anonymous Coward | more than 5 years ago | (#26514393)

That may be, but they are a lot closer now. The most interesting article I've seen so far is in this thesis [samba.org].

err... (0)

Anonymous Coward | more than 5 years ago | (#26513675)

This spells the end of all things good.

Alternative? (0)

Anonymous Coward | more than 5 years ago | (#26513781)

Did you read your own post?
It is not an alternative.
SAMBA is not an AD alternative for the real world.

THERE IS NO ALTERNATIVE (1)

n1_111 (597775) | more than 5 years ago | (#26513783)

If there was it would be it. nope, there is only one active directory, monkey freetard clowns, better recognize :)

Security (2, Insightful)

RiotingPacifist (1228016) | more than 5 years ago | (#26513793)

While i appreciate that this will be very usefull, I'd rather they worked on not requiring samba to run as root (or at least not the networked part) as it seams to be the victim of an increasing number of attacks because of this. Perhaps SELINUX and apparmour have me protected but seeing a network demon running as root always seams like a dumb idea to me.

Re:Security (2, Interesting)

Bert64 (520050) | more than 5 years ago | (#26514209)

The windows counterpart to samba also runs as SYSTEM...
Not sure if samba needs root for anything other than binding to the ports it uses and accessing files as specific users... I wonder how hard it would be to make it run as a normal user, losing filesystem permissions in the process ofcourse.

SAMBA does not support basic SMB protocols (1)

Anonymous Coward | more than 5 years ago | (#26513851)

SAMBA does not yet support basic aspects of the SMB protocol, like multiplexing.

I have integrated SAMBA in enterprise products and this was a serious downfall. This has been a constant issue that has never been addressed.

Stubborness on the SAMBA teams behalf, not to use a thread pool, has prevented this from happening.

How many times have you seen ERROR_NETWOR_NAME_NOT_FOUND while copying a file to a SAMBA server while trying to access another resource on the same server?

Re:SAMBA does not support basic SMB protocols (1)

Ash-Fox (726320) | more than 5 years ago | (#26514489)

How many times have you seen ERROR_NETWOR_NAME_NOT_FOUND while copying a file to a SAMBA server while trying to access another resource on the same server?

Having setup a lot of AD intergrated Samba servers and solo Samba servers - honestly, never.

Favorite tweaks (1)

jlebrech (810586) | more than 5 years ago | (#26514047)

Does this mean I could have an Linux AD server at home that would force whatever machine I connect to it to install my favourite set of applications and themes and wallpapers automatically.

Or is this just for windows? does gnome/kde need AD support? or would this be implemented as a daemon?

XServe (1)

krischik (781389) | more than 5 years ago | (#26514149)

Well everybody here says "Linux" but let me point out that Apples Xserve uses Samba as well.

So there will be even more interesting alternatives ahead.

Martin

Re:XServe (2, Informative)

Ash-Fox (726320) | more than 5 years ago | (#26514479)

Well everybody here says "Linux" but let me point out that Apples Xserve uses Samba as well.

Wait, you're referring to the Apple, whom ships broken stuff and trying to fix it during only major versions for their server OSes?

Past examples of things which were not fixed until the next major version:
Samba (numerous times, numerous issues)
Apache (first few kb of files would only be sent)
Squirel mail that was shipped with OS X server being incompatible with the shipped version of PHP with OS X server
Apple's VNC server (numerous issues)
Numerous exploits in daemons (sshd, apache, samba, bind etc.)

This is unacceptable for a server operating system. No, you can't spin this, having to wait for a entire major release after just getting a major release for a fix is completely unacceptable.

So there will be even more interesting alternatives ahead.

Here is the reason why I would use Linux over Windows for some domain usage:
Faster file servers
Cheaper licensing
Offering FUSE access though Samba to certain remote data.

Does OS X fit any of these scenarios?
OS X server from my past experiments is not faster than Linux or Windows on the same hardware for file server usage.
OS X server is not cost effective against Windows and certainly not against Linux.
OS X server is unpredictable with FUSE support.

If the version of OS X server you're using has some AD intergration issues (even though the issue is not located in the official Samba version), Apple will likely not fix the issue until next major release - before you even mention that they will, I will remind you that they have not in the past and have showed no better behaviour towards fixes recently either.

So I can't even recommend OS X for AD intergration.

Mark my words... (-1, Troll)

jskline (301574) | more than 5 years ago | (#26514185)

Mr Ballmer himself will absolutely not sit still for this to happen. The "method" will be disclosed as being copyright by Microsoft and that Samba is infringing on Microsofts patented trademark of "Active Directory". You watch. A Quash order will be forthcoming.

Not very realistic (3, Informative)

Krokant (956646) | more than 5 years ago | (#26514321)

It is not very comforting to read the following statement:

"My Russian connection has had Samba 4 running in production since last June and has discovered a few missing features. They also discovered that machines would stop working after 28 days which was something to do with password expiry."

"Something to do with...". This is in every AD 101 book (machine accounts, password renewal, ... thing). I would at least expect that the Samba developers have experience in installing, running and maintaining a "realistic" Active Directory environment (read: more than 1000 client machines) before delving into the real messy details. I am not sure I even want to know how they are going to handle disaster recovery (one of the fun parts of AD, rest assured).

Honestly, I cannot imagine why anyone would want to run a FOSS equivalent Active Directory. After having spent months in setting up a full mixed Windows/Linux environment (OpenLDAP, Kerberos, Samba, the works), I can say that setting up AD is a breeze: for me, it is a prime example where Microsoft took existing technologies (LDAP, DNS, Kerberos) and actually turned it into something useful without the typically associated configuration nightmares. And it works very stable indeed.

And please, cost is not a reason for not going with Active Directory. The cost of a single Windows Server license is absolutely peanuts compared to what *you* cost your employer. The operational costs are what matter in long term and I am pretty confident that Microsoft's AD will do much better than that for the years to come.

Re:Not very realistic (4, Insightful)

jonwil (467024) | more than 5 years ago | (#26514609)

Clearly you havent priced the full costs of a full set of servers (and addons) for Exchange. AD etc. Not to mention all the client licenses you need (CALs or whatever they are).

I am sure there are quite a lot of people who would LOVE to be able to replace a windows server machine with a linux machine running Samba + OpenChange + whatever else

Now count how many posts.... (1)

Tomsk70 (984457) | more than 5 years ago | (#26514631)

...are from disgruntled Linux bods being forced to acknowledge that a system they don't like (and generally pretend doesn't exist) is actually being used happily by the majority of the rest of the world... ..so far so Apple, but they were like this when AD was first released ('Why not just use LDAP?' was the cry).

And what did they fail to do? Provide a popular, useable alternative for work and home. Just like Linux, really (hehehe)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...