samba s ad dc samba 4 2 and beyond
play

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of - PowerPoint PPT Presentation

Aug 02, 2023 •476 likes •856 views

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me Andrew Bartlett Samba T eam member since 2001 Working on the AD DC since 2006 These views are my own, but I do with to thank:

  1. Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09

  2. About me Andrew Bartlett ● Samba T eam member since 2001 ● Working on the AD DC since 2006 ● These views are my own, but I do with to thank: ● My employer: Catalyst – My fellow Samba T eam members –

  3. Open Source Technologies

  4. Samba's AD DC The combination of many years work ● File server – Print server – Active Directory Domain controller – (and many other features) – First Release Dec 2012 ● Now on the road to Samba 4.2 ● Due for RC1 on Monday Sep 22 –

  5. Re-opening the heart of the network Samba's AD DC brings open source to the heart of the ● network again Samba has long provided a Domain Controller ● But without support for Group Policy and other AD – features like Kerberos Organizations again have a practical choice other than ● Microsoft Windows

  6. The fmexibility to innovate Open Source lets you do more ● Just as Samba is in many NAS devices, including NETGEAR's ● ReadyNAS Samba inside Catalyst's print server ● No CALs, multi-device access – Imagine ● What if was also an AD DC? – Instant branch offjce solution – Perhaps managed from the cloud? –

  7. Breaking vendor lock in Samba can migrate to and from Microsoft Windows based ● AD domains Without loss of data – Without password resets or domain joins – Samba 4.0 can upgrade existing Samba 3.x domains to AD ● And you can even migrate that to a Microsoft Windows – AD if you want to We won't hold you against your will! –

  8. Uses Native Microsoft Admin tools Microsoft Management Console snap-ins ● In general, fully supported by Samba 4.0 AD DC – Are the recommended GUI tool – Down-loadable from Microsoft for running on Windows – desktops joined to the domain

  9. Or our command line tools Samba-tool ● Our primary commandline tool for the AD DC – LDB tools ● Directly access the underlying database using LDAP-like – syntax Python bindings ● Create powerful scripts calling our python API –

  10. Easy to set up samba-tool domain provisoin ● Follow the prompts – Then just run: ● samba – And then join a Windows client to the domain! ● Ensure it is using the Samba server for DNS –

  11. Group Policy Fully supported on the AD client ● Not yet supported on Linux clients or Samba servers – Google Summer of Code project last year – ● Still needs to be cleaned up Single most requested feature for Samba domains ● Group Policy administration is done on a windows client ●

  12. Read Only Domain Controller We support both being and hosting RODCs ● Ideal for remote offjces ● Don't store all the passwords for the company – everywhere Ideal way to start with Samba as an AD DC ● As we can't break what we can't change! –

  13. Replication – multiple DCs Replication between multiple Samba and Windows Domain ● Controllers works With some limitations – Dense mesh replication in 4.0 and 4.1 – No site optimization – Schema changes not recommended – Still best option for redundancy ● Let Samba do it's own replication ● Don't use an OS level replication service under our databases –

  14. Status of the Samba AD DC What is new in Samba 4.2 ● Where are we headed beyond Samba 4.2 ●

  15. What is new in Samba 4.2? Finally a single winbindd ● Domain trusts (in progress) ● Improved DRS replication stability ● Improved DNS behaviour ●

  16. Improved, single winbind Making it easier to build a single 'everything' box. ● Support winbindd features ● Caching – Consistent behaviour on template parameters – RFC2307 support for homeDirectory and posixShell – Still started from 'samba' ● All AD DC features, regardless of code origin start the – same way

  17. Domain Trusts and multi-domain forests Active efgort to fjnish the work here ● Developers working at the plugfest to fjnd the low- – hanging fruit Merged winbindd a key step in this process – Samba can now join Windows as a subdomain – Stalled to allow us room to release Samba 4.0 and 4.1 ● Support for both NTLM and Kerberos cross-trust ● authentication

  18. Improved stability of DRS replication From the experience of production deployments ● Dbcheck tools and runtime checks to detect partial record ● replication Improvements back-ported to later Samba 4.1 releases ●

  19. Improved DNS behaviour Ensuring we delete records for interfaces that go away ● Avoiding the 100,000 record DB issue ● A 4.1 regression in the internal DNS server – Added unit tests for bind9 DLZ module ●

  20. Direction: Where to for the Open Source DC? Samba 4.1 ● Consolidation of the DC code – Most fjxes backported to 4.0 – Samba 4.2 ● Current development series –

  21. Improved KCC Written before 4.0, not yet enabled ● Python ● Easier to modify than C – Implements a proper (non-dense) replication graph – Still needs some work –

  22. Sysvol replication An area of continued interest ● T wo replication protocols: ● FRS – DFS-R –

  23. Group Policy application on the DC Password policy in particular ● Allowing use of Microsoft tools to set password policy – Google 'Summer of Code' project ●

  24. OpenLDAP backend A great example of Samba's fmexibility ● First attempted during early AD DC development – Put aside while we worked on to get our 4.0 release – Now being revived! ● NOT connecting to existing LDAP servers – A new efgort to build a combined OL/Samba DC with AD – semantics

  25. Using Samba's AD DC Many existing, production users ● As a product ● As a platform ● In the cloud ●

  26. Users of the Samba 4.x AD DC Schools, NGOs, Companies, Cities ● I've seen admins from all of these using Samba 4.0 AD – DC even pre-beta! Incredibly enthusiastic user base ● We know folks are trying it all the time, as if we make a – mistake, we hear about it fast!

  27. Samba AD DC as a product Use Samba out of the box as an AD DC ● Bundle it with our fjle server for a small business server ● Find it in better Linux distributions ● Debian backports – Ubuntu 14.04 – Not RHEL or Fedora yet – Download it from enterprisesamba.org ● Buid it yourself ●

  28. Samba AD DC as a platform The platform for these products: ● Zentyal combines it with OpenChange for an MS Exchange – replacement Univention combines it with OpenLDAP and a web UI for Univention – Corporate Server Build your own product or service on Samba's AD DC ● NAS – ● Small Buisness Server device Cluster – ● Fast, local RODC for reliable directory access

  29. Samba in the Cloud Platform Not just in the cloud, part of the cloud platform ● Samba already part of Manila (fjle server as a service) ● The 'Generic' driver is Samba and NFS on Linux – Samba's AD DC should be the same ● Perhaps in Murano – Perhaps as something more specialised –

  30. The opportunity of the cloud In the cloud, the questions of brand go away ● Clients trust the provider to provide a service – Already Azure AD is a difgerent implementation – Flexible service ofgerings ● Choose trade-ofgs you can't do in general – Perhaps fast LDAP instead of DRS replication? – Link or sync to another identity system –

  31. Use cases for Samba in the cloud The ideal cloud identity provider for: ● Windows servers – Windows Desktop as a service – Sync back to the corporate domain with our RODC – The ideal fjle server for: ● Image hosting – export ceph, GlusterFS to clients – The ideal partner to OpenStack ● Integrate Samba 4.x as the cloud IDM? –

  32. What could you do with Samba? Are you a cloud provider based on OpenStack? ● Do you or your customers use a lot of Windows? ● Would you like an integrated directory with LDAP and ● Kerberos?

  33. A private DC for your NAS? Isolate your NAS from the shared customer DC ● Keep user data close to the NAS that needs it ● Informed on change, not cache timeout ●

  34. Innovative Directory Solutions Samba 4.0 as an AD DC fjrstly works just like Windows AD ● LDAP / Kerberos / NTLM all integrated into a 'just works' – package But being open source, some have taken it further ● Univention Corporate Server installs modules into – Samba 4.0 for to sync passwords with OpenLDAP Samba provides access to the previously unreadable ● password hashes I've seen integration tools both read and write these –

  35. Conclusion Samba 4.x brings the world's fjrst Open Source AD Domain ● Controller Already deployed in production in a variety of settings ● Provides equal-footing inter-operability with Windows DCs. ● A key project to watch as the ID Management space ● changes, particularly with the cloud Development continuing on new features. ●

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing file and

529 views • 19 slides
Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat / Samba Team) About Samba and RedHat Currently 7 Samba Team members inside RedHat Creators and users of Samba technology for authentication

836 views • 45 slides
Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp ddiss@samba.org Agenda Clustered Samba Witness Protocol Demo Outlook Clustered Samba Samba File and print server SMB / CIFS, SMB2

428 views • 40 slides
Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org Agenda Reasons to move to Python3 What is supported in what release Some history of the porting effort Challenges Lessons learned

815 views • 19 slides
The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2017-05-04 https://samba.org/~metze/presentations/2017/SambaXP/ Topics Windows Domains, Forests and Trusts Netlogon Secure

497 views • 34 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May 21, 2015 We use a lot of VMs and containers for testing and building Samba. The setup and maintenance of these machines requires a lot of work. How

351 views • 20 slides
Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017 Introductions Introductor a t i o n a r y e s q u e n e s s e si s m Me: Samba Team Elder SMB Wizard with: The opinions expressed are my

874 views • 21 slides
Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team / SerNet 2012-09-17 Hi there! Oh ... ... please interrupt with questions! Michael Adam SMB2+ in Samba (3 / 20) SMB2 in Samba Only SMB 2.0

1.35k views • 75 slides
Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP 2017 Andrew Bartlet Samba developer since 2001 Working on the AD DC since soon afuer the start of the 4.0 branch, since 2004! Driven to

664 views • 44 slides
A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / / June 2018 Samba is a member project of the Sofuware Freedom Conseraancy Andrew Bartlet and Catalysts Samba Team Samba Deaeloper since 2001

436 views • 30 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides
MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDB Design Ongoing development Remaining bits Heimdal sacrifices MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner <gd@samba.org> Red Hat May 21th, 2015 Andreas Schneider <asn@samba.org> G

1.17k views • 29 slides
New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087

New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087

New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087 RPRN and PAR PAR support detection Print Driver Packages Driver Signing Core Printer Drivers Current state of PAR in

579 views • 45 slides
THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who

THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who

THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who am I? The Selftest Suite Running tests Writing tests ABOUT ME I'm a Free and Open Source Software developer working on: Samba - The domain

383 views • 25 slides
Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP 2017 2017-05-03 Intro M.Sc. in Computational Biology Ph.D. in Microbiology Samba Team member 2/45 Overview Programming

776 views • 45 slides
Securing Digital Assets on Hybrid Platforms Business Development Jeremie Francois Discover

Securing Digital Assets on Hybrid Platforms Business Development Jeremie Francois Discover

Securing Digital Assets on Hybrid Platforms Business Development Jeremie Francois Discover Troubleshooting Issues We know Synology better than anyone else Synology Active Insight Predict. Notify. Resolve Customer Partners Support

1.08k views • 73 slides
Mirror File System A Multiple Server File System John Wong CTO John.Wong@TwinPeakSoft.com Twin

Mirror File System A Multiple Server File System John Wong CTO John.Wong@TwinPeakSoft.com Twin

Mirror File System A Multiple Server File System John Wong CTO John.Wong@TwinPeakSoft.com Twin Peaks Software Inc. Page 1 of Multiple Server File System Conventional File System EXT3/UFS and NFS Manage files on a single server

1.24k views • 32 slides
TLBs 3 one or two pages in each area? small areas of memory active at a time Code + Constants

TLBs 3 one or two pages in each area? small areas of memory active at a time Code + Constants

TLBs 3 one or two pages in each area? small areas of memory active at a time Code + Constants Writable data Heap / other dynamic Stack Used by OS 0x0000 0000 0040 0000 0x7F 0xFFFF 8000 0000 0000 0xFFFF FFFF FFFF FFFF program memory

704 views • 24 slides
puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys

puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys

puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys Juha Erkkil a (thats me!) free software hobbyist since 1999 working at Opinsys since 2008 to develop and deploy Linux desktops in

840 views • 20 slides
ALICE Installation Procedure ALICE: Active Learning Interface for Circuits and Electronics

ALICE Installation Procedure ALICE: Active Learning Interface for Circuits and Electronics

ALICE Installation Procedure ALICE: Active Learning Interface for Circuits and Electronics ADALM1000 (M1K) Software Application M. A. Hameed ECSE Department Rensselaer Polytechnic Institute Intro to ECSE Software Required to run ALICE on

495 views • 6 slides
Cost-Benefit Analysis of Cloud Computing versus Desktop Grids Derrick Kondo, Bahman Javadi, Paul

Cost-Benefit Analysis of Cloud Computing versus Desktop Grids Derrick Kondo, Bahman Javadi, Paul

Cost-Benefit Analysis of Cloud Computing versus Desktop Grids Derrick Kondo, Bahman Javadi, Paul Malcot, Franck Cappello INRIA, France David P. Anderson UC Berkeley, USA Cloud Background Vision Hide complexity of hardware and

1.16k views • 69 slides
The Long, Long Road to True Single Sign On at Fermilab Al Lilianstrom and Dr. Olga Terlyga NLIT

The Long, Long Road to True Single Sign On at Fermilab Al Lilianstrom and Dr. Olga Terlyga NLIT

FERMILAB-SLIDES-18-123-CD The Long, Long Road to True Single Sign On at Fermilab Al Lilianstrom and Dr. Olga Terlyga NLIT 2018 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S.

558 views • 30 slides
The Processor: Datapath and Control 3/ 24/ 2016 1 A single-cycle MIPS processor An

The Processor: Datapath and Control 3/ 24/ 2016 1 A single-cycle MIPS processor An

The Processor: Datapath and Control 3/ 24/ 2016 1 A single-cycle MIPS processor An instruction set architecture is an int erf ace that defines the hardware operations which are available to software. Any instruction set can be

714 views • 24 slides

More recommend