is samba 4 ad ready for global enterprise it is with the
play

Is Samba 4 AD Ready for Global Enterprise? It is with the ONE WEIRD - PowerPoint PPT Presentation

Nov 23, 2022 •49 likes •509 views

Is Samba 4 AD Ready for Global Enterprise? It is with the ONE WEIRD TRICK click here But first... Disclaimer This presentation, the content and opinions contained within are the author's own and do not reflect the views or opinions of

  1. Is Samba 4 AD Ready for Global Enterprise?

  2. It is… with the ONE WEIRD TRICK click here

  3. But first...

  4. Disclaimer This presentation, the content and opinions contained within are the author's own and do not reflect the views or opinions of Indeed, Inc.

  5. Kevin Kunkel IT Systems, Indeed Inc.

  6. About ● Windows 95 converted me to Linux ● Software Engineering at RIT, BS CS from Mercy College ● 11 years of Systems Administration ○ Linux SysAdmin ○ Windows SysAdmin ○ B2B SMB consulting

  7. About Indeed

  9. Key Metrics

  11. But really, how about you?

  12. This is for you.

  13. You ● Samba Team ● Samba Developers ● Samba Users ● Enterprises without Active Directory willing to try Samba ● Organizations with a vested interest in Samba

  14. Why does this matter?

  15. Why Active Directory?

  16. Minimum Level of Competency ● IT Support staff familiar with RSAT ● Microsoft tools are well documented ● No command line knowledge required.

  17. Application Integration ● OneLogin ● Sophos Enterprise Console ● PacketFence ● Pretty much any application that supports external authentication

  18. MSCHAPv2 and 802.1x ● For user-based 802.1x, PEAP-EAP-MSCHAPv2 is the universally supported method, despite its insecurity ● No more Pre-Shared Key wifi! ● Ability to map username to IP

  19. Why not Microsoft?

  20. Microsoft Licensing ● Few people truly understand this black magic ● OS licensing, plus CALs ● All users that could use a DC must have a CAL, all servers must have CALs ● For example: 5000 users, 50 servers, at $16/CAL (https://www.cdw.com/shop/products/Microsoft-Windows -Server-Client-Access-License-User/488489.aspx) ○ 5000 x 50 X $16 = $4M

  21. Microsoft Client Access Licenses (CALs) https://blogs.technet.microsoft.com/volume-licensing/2014/03/10/lic ensing-how-to-when-do-i-need-a-client-access-license-cal/

  22. Indeed Culture ● Start-up mentality ● Generally Build over Buy ● No Vendor Lock-In ● Very Pro-OpenSource (http://opensource.indeedeng.io/) ○ Proctor ○ Imhotep

  23. Does it Work?

  24. Samba 4.0 to Samba 4.2

  25. Small Beginnings ● An intern project in the summer of 2013 ● Largest office with 95%+ Windows 7 clients ● 2 Domain controllers

  26. NETLOGON and GPO ● Password Complexity - No more auto-login with passwordless Windows accounts ● ScreenSaver settings ● Windows Firewall port control for Sophos ● But what else...

  27. SUCCESS! ● Minor expansion ● FreeRADIUS ● SerNet RPMs (For free!) ● Let’s scale!

  28. Expansion pains ● Fully meshed replication topology. ● “Denial of Service Distributed” ● We need help ● Who can help us?

  29. Samba 4.3 to Samba 4.5

  30. The Great Expansion ● From 12 DCs to 30+ ● Regional replication hubs ● Bridgehead servers ● Linked attribute hell ● Deleted linked attributes

  31. Samba 4.6 and beyond

  32. Scaling out ● DCs joins during business hours! ● Domain joins ~ 30-45 minutes ● 45 domain controllers on 5 continents ● 6,252 User/Group objects , 37,625 group memberships

  33. The future ● More performant replication ● Better KCC controls ● Better audit logging ● 2012 Schema ● Maybe SYSVOL replication?

  34. So is it ready?

  35. My Opinion ● It’s not a 100% complete drop-in replacement for AD ● It’s close enough, and if that’s acceptable, then it is

  36. My Suggestions ● Support Contract ● Sponsor Development ● Monitoring ○ Health Checks ○ Log aggregation

  37. Current Issues ● Documentation is shifting sand ● Joining DCs in rapid succession is still very error prone. ● KCC inconsistent

  40. All in all

  41. Active Directory is here to stay ● Widespread adoption and almost universal integration ● It really has become a standard enterprise product. ● We can’t kill off Windows client devices. ○ MS Office on Windows is preferred by power Excel users ○ Many Network Admin tools are Windows-based ● And Samba can be a viable alternative if...

  42. Your Organization: ● Can tolerate authentication system failure(s). ● Can quickly respond to outages. ● Can afford to pay for support and development.

  43. Thank you

  44. Thank you ● Catalyst ● SerNet ● Samba community ● And Indeed

  46. Q & A

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing file and

529 views • 19 slides
Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy

Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy

Principal Software Engineer, Red Hat // Samba Team SambaXP16 Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy Enterprise desktop: improving client side in the age of Samba AD and FreeIPA 2

1.33k views • 106 slides
Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat / Samba Team) About Samba and RedHat Currently 7 Samba Team members inside RedHat Creators and users of Samba technology for authentication

836 views • 45 slides
TA GLOBAL PROPOSED IPO LISTING DEMERGER OF TA ENTERPRISE BERHAD DEMERGER OF TA ENTERPRISE BERHAD

TA GLOBAL PROPOSED IPO LISTING DEMERGER OF TA ENTERPRISE BERHAD DEMERGER OF TA ENTERPRISE BERHAD

TA GLOBAL PROPOSED IPO LISTING DEMERGER OF TA ENTERPRISE BERHAD DEMERGER OF TA ENTERPRISE BERHAD Property Derivatives Hotels Stock broking Unit Trusts & Investment Asset Services Management TA GLOBAL TA ENTERPRISE TA GLOBAL TA

414 views • 27 slides
Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp ddiss@samba.org Agenda Clustered Samba Witness Protocol Demo Outlook Clustered Samba Samba File and print server SMB / CIFS, SMB2

428 views • 40 slides
Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org Agenda Reasons to move to Python3 What is supported in what release Some history of the porting effort Challenges Lessons learned

815 views • 19 slides
The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2017-05-04 https://samba.org/~metze/presentations/2017/SambaXP/ Topics Windows Domains, Forests and Trusts Netlogon Secure

497 views • 34 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May 21, 2015 We use a lot of VMs and containers for testing and building Samba. The setup and maintenance of these machines requires a lot of work. How

351 views • 20 slides
Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me Andrew Bartlett Samba T eam member since 2001 Working on the AD DC since 2006 These views are my own, but I do with to thank:

856 views • 36 slides
Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017 Introductions Introductor a t i o n a r y e s q u e n e s s e si s m Me: Samba Team Elder SMB Wizard with: The opinions expressed are my

874 views • 21 slides
Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team / SerNet 2012-09-17 Hi there! Oh ... ... please interrupt with questions! Michael Adam SMB2+ in Samba (3 / 20) SMB2 in Samba Only SMB 2.0

1.35k views • 75 slides
Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP 2017 Andrew Bartlet Samba developer since 2001 Working on the AD DC since soon afuer the start of the 4.0 branch, since 2004! Driven to

664 views • 44 slides
About Us The Welcoming Centers Global Enterprise Hub provides services to both immigrant and

About Us The Welcoming Centers Global Enterprise Hub provides services to both immigrant and

WELCOMING CENTER for NEW PENNSYLVANIANS Global Enterprise Hub Promoting U.S and International Business Development Global G Great L Lakes C Convening Pittsburgh, P PA J June 1 12, 2 2014 About Us The Welcoming Centers Global

407 views • 11 slides
A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / / June 2018 Samba is a member project of the Sofuware Freedom Conseraancy Andrew Bartlet and Catalysts Samba Team Samba Deaeloper since 2001

436 views • 30 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides
MELISSA studies of equatorial spread- F irregularities Gebreab K. Zewdie 1 Fabiano S. Rodrigues 1

MELISSA studies of equatorial spread- F irregularities Gebreab K. Zewdie 1 Fabiano S. Rodrigues 1

MELISSA studies of equatorial spread- F irregularities Gebreab K. Zewdie 1 Fabiano S. Rodrigues 1 and Eurico R. de Paula 2 1. UT Dallas 2. INPE, Brazil gkz130030@utdallas.edu May 10, 2015 Gebreab K. Zewdie (UTD) Equatorial SF May 10, 2015 1

583 views • 11 slides
IAS Program on High Energy Physics Polarization Free Methods for Beam Energy Calibration

IAS Program on High Energy Physics Polarization Free Methods for Beam Energy Calibration

IAS Program on High Energy Physics Polarization Free Methods for Beam Energy Calibration Nickolai Muchnoi Budker INP, Novosibirsk January 20, 2016 Nickolai Muchnoi IAS Program on High Energy Physics January 20, 2016 1 / 20 TALK OUTLINE

378 views • 23 slides
AAM Ecosystem Aircraft Working Group: Vehicle Safety Agenda October 29, 2020 Topic Speaker

AAM Ecosystem Aircraft Working Group: Vehicle Safety Agenda October 29, 2020 Topic Speaker

AAM Ecosystem Aircraft Working Group: Vehicle Safety Agenda October 29, 2020 Topic Speaker Time (EDT) Description Welcome and Welcome attendees, review the Carl Russell 3:00 - 3:20PM Introductions agenda, and introduce speakers

263 views • 14 slides
SOCI 210: Sociological Perspectives Oct. 13 1. Inequality & mobility 2. Social divisions and

SOCI 210: Sociological Perspectives Oct. 13 1. Inequality & mobility 2. Social divisions and

SOCI 210: Sociological Perspectives Oct. 13 1. Inequality & mobility 2. Social divisions and class 3. Global inequality 1 Roadmap 1.Foundations Methods overview Classical (European) social theory 2.The individual in society

170 views • 14 slides
Focus Area - CORAL REEF HABITAT RESTORATION Vision Summary: A restored and maintained vibrant

Focus Area - CORAL REEF HABITAT RESTORATION Vision Summary: A restored and maintained vibrant

Focus Area - CORAL REEF HABITAT RESTORATION Vision Summary: A restored and maintained vibrant ecosystem Define and establish Marine Protected Areas to allow recovery and mitigation (ample diversity) Reduce threats of overfishing, pollution

402 views • 9 slides
Open Flight Trajectories for Reproducible ANS Performance Review Enrico Spinielli, Rainer Koelle

Open Flight Trajectories for Reproducible ANS Performance Review Enrico Spinielli, Rainer Koelle

Open Flight Trajectories for Reproducible ANS Performance Review Enrico Spinielli, Rainer Koelle Ken Barker, Nicholas Korbey 6 th Dec 2018 (updated: Mon Dec 03 2018 @ 12:23:30) Context Performance review for all ANS in EUROCONTROL Member

554 views • 33 slides
What it's Like Being a Professor at a Predominantly

What it's Like Being a Professor at a Predominantly

What it's Like Being a Professor at a Predominantly Undergraduate Ins:tu:on Undergrad at UT (1989 1994) Worked with Lacy, Wheeler and Harvey

512 views • 23 slides
Tools and Behavioral Abstraction A Direction for Software Engineering K. Rustan M. Leino

Tools and Behavioral Abstraction A Direction for Software Engineering K. Rustan M. Leino

Tools and Behavioral Abstraction A Direction for Software Engineering K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Future of Software Engineering symposium ETH, Zurich, Switzerland 23 November 2010

244 views • 23 slides

More recommend