Posted by: ITKE
Administration, interoperability and integration, Samba
A Samba4 update from Andrew Bartlett hit my Inbox this morning with an overview of all the new features.
Samba4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.
Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.
The new VFS features in Samba 4 adapts the filesystem on the server to match the Windows client semantics, allowing Samba 4 to better match windows behaviour and application expectations. This includes file annotation information (in streams) and NT ACLs in particular. The VFS is backed with an extensive automated test suite.
The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports standards compliant LDAP servers (including OpenLDAP), and we are working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large directories.
There’s also a warning to read, because this is NOT a production level release!
Samba4 alpha1 is not a final Samba release. That is more a reference to Samba4′s lack of the features we expect you will need than a statement of code quality, but clearly it hasn’t seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find many things work, but that other key features you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller: (This is where we have done most of the research and development).
While Samba4 is subjected to an awesome battery of tests on an automated basis, and we have found Samba4 to be very stable in it’s behaviour, we have to recommend against upgrading production servers from Samba 3 to Samba 4 at this stage. If you are upgrading an experimental server, or looking to develop and test Samba, you should backup all configuration and data.
You can check out an interview I did with Samba’a release manager Jerry Carter (who actually works more on Samba 3.025, fyi) about how Samba4 is making Active Directory “Linux friendlier.”