New Samba targets Active Directory
The popular Samba suite is an implementation of Microsoft's SMB (Server Message Block)/CIFS (Common Internet File System) protocol that allows other operating systems to emulate or interoperate with Windows for the purposes of sharing files or printing.
Releasing a new version of the software today in conjunction with a speech on the subject by Australia-based Samba creator Andrew Tridgell at the Linux.conf.au conference in New Zealand, the team behind the software outlined its new features.
"Samba 4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients," the group said in a statement on its Web site, noting this feature was "the main emphasis" for the new software.
"Our domain controller implementation contains our own built-in LDAP (Lightweight Directory Access Protocol) server and Kerberos key distribution centre as well as the Samba 3-like logon services provided over CIFS," the statement continued.
The Samba developers noted their implementation of Kerberos correctly dealt with the "infamous Kerberos PAC (Privilege Access Certificate)" -- a data field in the Kerberos authentication protocol which attracted controversy when critics claimed that Microsoft's version tied users into its own version of Kerberos.
Other improvements include the integration of Samba's Web-based administration tool (SWAT), a new scripting interface which allows Javascript programs to interface with Samba's "internals", and new Virtual Filesystem (VFS) features.
Also, "the Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends".
"We are aiming for Samba 4 to be a powerful front end to large directories," said the statement.
Homegrown hero?
One Linux enthusiast who saw Tridgell's Linux.conf.au speech
enthused about it on his blog soon afterwards.
"The hall was packed for one of Australia's homegrown heroes," wrote Brisbane-based Joshua Wulf.
"The Vampire migration tool [employed to shift users from Windows to Samba] now has 'longer fangs' and can take over an Active Directory domain."
"Tridge demonstrated sucking the life out a Windows 2003 PDC [primary domain controller] in one click, importing all its user and machine information using SWAT."
"He then restarted [domain server] BIND on his Samba 4 server, changed the server role to PDC ... shut down the Windows PDC and then logged into the domain with an XP client using the new Samba 4 server as the PDC."
"This elicited suitable oohs and aahs from the audience," wrote Wulf.
However, the Samba team warned system administrators to be careful with the new software, which is dubbed a "technology preview" unsuitable for use on production systems.
"There is no printing support in the current release," the group's statement said.
"We recommend against upgrading any production servers from Samba 3 to Samba 4 at this stage."
"We expect that format changes will require that the user database be rebuilt from scratch a number of times before we make a final release, losing password data each time."
In addition, they warned the technology preview was not secure.