

Samba 4.0 released  - zdw
https://www.samba.org/samba/news/releases/4.0.0.html

======
sk5t
As probably one of the more AD-focused participants on HN, I have to approach
this with a good dose of skepticism w.r.t. large companies adopting Samba for
complex AD environments. AD + DFSN + (DFSR|NTFRS) + LDAP + SSL + RPC + NTP +
GPO + CIFS + NTFS + SDDL + WMI + ADWS + etc., is an extremely complex set of
stuff to implement, and the cost of supporting a third-party version could,
IMHO, easily dwarf the cost of a few Windows licenses to run the domain
controllers.

So many examples come to mind that it is hard to pick just one or two...
consider an organization that configures access to Windows event logs (audit
trails) and SMB signing requirements via GPO; will Samba 4 Domain Controllers
honor that? What does it even mean to have access to modify the security
auditing policy on a Samba DC without totally reimplementing the eventing
system (syslog is not even close)?

In other words, AD sits on top of a _ton_ of mature but sophisticated Windows
services, the failure of any of which could be a critical problem, and make
for a tough sell unless one has a pathological hatred of Microsoft yet still
wishes to use AD anyway.

~~~
rufugee
It's not the cost of a few domain controllers...it's the $50-60/user cost of
client access license (CALS). I have 2500 users...that's quite a pricey
(approx. $62K) system for directory services.

I personally am going to give Samba 4 a look.

~~~
sk5t
If getting AD Domain Services off of Windows will actually avoid the need to
buy any Windows Server CALs, then it certainly makes the proposition more
interesting. But, this presumes that nearly all the other services (file
sharing, http, etc.) are also not Windows.

~~~
rufugee
We use Windows Server for three things:

1\. Directory services/DC

2\. Windows file shares

3\. Exchange

I have to buy user CALs for #1 and #2. One CAL gives me the right to connect
that user to any of our file shares and to AD. IIRC, that cost when we last
purchased was around $50/user.

We also have to buy a separate CAL for Exchange.

I would _love_ to replace AD and our Windows file shares with Samba 4,
_provided_ that it was a stable, viable replacement which didn't add a lot of
overhead for our admins. Exchange is a separate issue, and one we're currently
exploring Zimbra as a possibility. It's early days yet there.

Almost everything else in our environment is Linux.

~~~
cryptomilk
For 3. you should take a look at OpenChange. It implements Exchange using
Samba 4.0 libraries.

~~~
rufugee
Do you know of any success stories with OpenChange? Thanks for the info.

------
Osmium
Any news on if Samba 4.0 is still single-threaded? (the page isn't loading for
me) I recently wanted to use Samba, but was limited by performance on a low-
end dual core processor: it'd max out one core, and be unable to use the
other. I'm sure they have (or have had) good reasons for not doing this, but
with so many low-power multicore processors out there now it seems a shame...

~~~
cryptomilk
Samba has a flexible process model so you can choose what you want: forking,
preforking, threading (bad) or a single (for debuging) process model.

------
josemariaruiz
Duke Nukem forever... Samba 4.0... what's the next? A GNU/Hurd competitor to
Ubuntu? Space travels to Pluto? Time machines?

~~~
jf
> A GNU/Hurd competitor to Ubuntu?

Well, there is this: <http://www.debian.org/ports/hurd/>

~~~
duskwuff
HURD can largely be regarded as a cruel joke. It's been under development for
over twenty years (since 1990!) without yet producing a usable product. Pretty
much every operating system kernel that's in use today (Linux, the BSD family,
Windows NT, and XNU) is _younger_ than HURD, and yet far more mature.

~~~
papsosouid
If you are measuring the current hurd kernel's age as starting from 1990, then
the BSD kernels are far older, not younger. The initial release was in 1977,
and obviously development started before that.

That said, hurd is essentially abandoned at this point. Even RMS has accepted
that it will never be completed, and has said that it really doesn't matter
since there's already a free kernel available (linux).

------
RyanZAG
One more stake in Microsoft's coffin? With their Win8 tablet/mobile strategy
not doing too great and rapidly improving office alternatives... Is the MS
legendary lock-in cracking apart?

~~~
shmerl
You can the deterioration of DirectX domination in the gaming market.

~~~
flyinRyan
What has overtaken it? Open GL? Got any citations on that because that wasn't
my impression at all.

~~~
shmerl
The rise of mobile gaming and more interest in MacOSX and Linux brought more
attention to OpenGL, SDL and etc. It definitely threatened the dominance of
DirectX.

Practical example: [http://en.thewitcher.com/forum/index.php?/topic/33183-red-
en...](http://en.thewitcher.com/forum/index.php?/topic/33183-red-engine-and-
opengl-support/page__p__897129)

------
jiggy2011
I'm not much a Windows guy, but is this really a full drop in replacement for
all AD features?

------
molf
This is fantastic. Microsoft Active Directory is truly awesome, but a
replacement that is both free and runs on Linux? Yes please.

------
japaget
Link is down; here is an alternative:

<http://www.samba.org/samba/history/samba-4.0.0.html>

~~~
thyrsus
Thanks for that. The error I get when attempting to go to the original URL (
<https://www.samba.org/samba/news/releases/4.0.0.html> ) is

    
    
        Cannot communicate securely with peer: no common encryption algorithm(s).
    
        (Error code: ssl_error_no_cypher_overlap)
    

I went to about:config and turned on all the default-disabled ssl ciphers (per
<https://support.mozilla.org/es/questions/818578> ) but it didn't resolve the
trouble.

UPDATE: I tried restarting my browser, and then it worked BUT after trying to
do a binary search on which cipher setting was the "fix", I got to where
everything was back to default, and the site _still_ works. Probably there was
a site problem that was fixed in the interim.

------
dsr_
There are few people running Windows AD who are going to view this as their
next step, largely because they've already become used to running those
Windows boxes.

For groups who aren't fully invested in AD, or need compatibility with those
who are, this is a major win.

~~~
vy8vWJlco
Never underestimate the power of "free, as in cheap." :)

~~~
axusgrad
How are the GUIs for Samba 4.0 AD features? I usually prefer nice
configuration files, but the Windows Server features were very easy to learn.
Another nice thing about Windows Server, updates are "free" after a high up-
front cost.

~~~
bennysaurus
The windows ones apparently work with this version of Samba.

~~~
rbanffy
I bet the next patch Tuesday will solve that.

------
madao
When people start mentioning price for these sorts of things I get a little
confused, volume licensing for a bunch of hyper-v servers running 20-30
windows guests is actually quite cheap (you only have to pay for each licensed
host server) I also have seen mention of a per user cost for ad? not sure
where you got that from... I think exchange goes for about 6 bucks a user or
so.. the next office setup ill be looking at will be three beefy hyper-v
servers and running most applications on windows core... windows is now
getting to the point where the only time I need to do any work is for weekly
windows updates.

~~~
theatrus2
A 5-user CAL pack for Exchange is ~$400, about $75 per user.

[http://www.amazon.com/Exchange-Standard-2010-English-
User/dp...](http://www.amazon.com/Exchange-Standard-2010-English-
User/dp/B002NWWR5Y)

A Windows server CAL is about $20 per device.

[http://www.newegg.com/Product/Product.aspx?Item=N82E16832416...](http://www.newegg.com/Product/Product.aspx?Item=N82E16832416558)

Windows licensing is somewhat a mess, between user CALs, device CALs,
processor CALs, or combinations thereof. You can see why Google's
$50/user/year price is attractive - no hardware to buy, no CALs to buy, no
client software to buy.

------
obituary_latte
Well, if the current version is any indication...

Fortuitously for this article, I've spent the entire day today trying to get
samba sharing with AD. Oh, NT_USER_NOT_PERMITTED? Bbbut, the user is there; I
even have it working on another server!

I'm sure it's my fault, but still, as of this moment, I hate samba more than
almost everything.

At any rate, congrats.

------
polarix
Last time I tried to use Samba 4, earlier this year, most of the config
directives I was trying to use weren't supported. Has that changed?

~~~
mrb
Yes. Except the one you had on line 42.

Seriously, how do you expect someone to give you a useful reply?

~~~
buster
I, for one,am extremely glad that i'm not the only one with the line 42
problem!

~~~
jussij
To fix the issue on line 42 just reboot Deep Thought.

