Samba4. What is Samba4? ● A replacement for Active Directory ● The centre of a windows domain: – Windows domain logon server – Windows-compatible LDAP.

Slides:



Advertisements
Similar presentations
Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
James Johnson. What is it?  A system of authenticating securely over open networks  Developed by MIT in 1983  Based on Needham-Schroeder Extended to.
Active Directory: Final Solution to Enterprise System Integration
Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication.
1 Spidering the Web in Python CSC 161: The Art of Programming Prof. Henry Kautz 11/23/2009.
Introduction to Active Directory December 10th, pm Daniels 407.
Chapter 12: Additional Active Directory Server Roles
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Windows Server 2008 Chapter 4 Last Update
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
Integrating LDAP into Check Point Secure Virtual Network Yasushi Kono (ComputerLinks Germany)
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
SERVER I SLIDE: 6. SERVER I Topics: Objective 4.3: Deploy and configure the DNS service Objective 5.1: Install domain controllers.
Active Directory Windows2003 Server. Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Module 7 Active Directory and Account Management.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN.
Chris Almida Sr. Program Manager Microsoft Corporation SESSION CODE: WSV206.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
UMBC’s WebAuth Robert Banz – UMBC
Apache DS 2.0 Emmanuel Lécharny Nextury What's new ?
Microsoft Management Seminar Series SMS 2003 Change Management.
Open Solutions for a Changing World™ Copyright 2005, Data Access Worldwide June 6-9, 2005 Key Biscayne, Florida 1 Application Deployment Stephen W. Meeley.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
OpenLDAP Development Back-config –Configuration Backend Howard ODD/Wien July 18, 2003.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
QUESTION 1: Your role of Network Administrator at ABC.com includes the management of the Active Directory Domain Services (AD DS) domain named ABC.com.
Administering Windows Server 2012 Question Answer.
The Integration of Network Service Authentication Design and Implementation for Secondary and Elementary School 報告人 : 洪 志 明 洪 志 明‧楊 中 皇洪 志 明‧楊 中 皇洪 志 明‧楊.
Samba4 towards a release An update on Samba as a AD DC.
LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.
Bring on the replication The year of Replication in Samba4 Sysadmin Miniconf – Linux.conf.au 2010 Andrew Bartlett Samba Team Cisco Systems.
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
Group policy.
SmartCenter for Pointsec - MI
The Apache Directory Project - Toolchain for Developers
Shared Services with Spotfire
Microsoft - Managing Office 365 Identities and Requirements
Active Directory and Group Policy
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Exam in just 24 hours!!! Pass your exam in first attempt by the help of our latest braindumps
Real Practice Test Dumps
Deploying and Configuring SSIS Packages
Implementation and configuration of LDAP
HmailServer Karam al-sofy & Faten alhasan.
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Dynamic DNS support for EGI Federated cloud
What’s changed in the Shibboleth 1.2 Origin
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
Chapter 4: Planning the Active Directory and Security
System Management in a Windows based Control Environment
Windows Forms in Visual Studio 2005: An in-depth look at key features
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
CNT 4603: System Administration Fall 2010
Presentation transcript:

Samba4

What is Samba4? ● A replacement for Active Directory ● The centre of a windows domain: – Windows domain logon server – Windows-compatible LDAP server – Kerberos KDC, supporting Microsoft extensions ● Moving Samba beyond NT4 domains ● Also a fileserver – but not the topic here

Making life easier for sysadmins ● A focus on creating automated solutions ● Samba4 should 'just work' – Even when it needs to integrate with another package ● Generated configuration files for: – phpLDAPAdmin – BIND – Optional OpenLDAP Backend

New Samba4 Features ● Multi-master replication with OpenLDAP – Instead of local ldb, Samba4 can use OpenLDAP ● Smart-card login support ● Group Policy support ● Python as the scripting language ● NTP signing support – When patch to ntpd applied

The provision script ● Python script ● Sets up Samba4, ready to use – configuration files – DNS zones – Schema – Skeleton database ● Template driven ● Easy to extend templates and script

Provision-backend for OpenLDAP ● Samba4 can use OpenLDAP as a data store – OpenLDAP can be quite hard to configure ● Samba4 has very specific requirements – AD schema – Modules to handle linked attributes ● Python script to generate the slapd.conf and schema

Samba4 needs Sysadmins ● Sysadmins have many useful skills – Perl wrangler – Python handler – Configuration manager – Systems integrator – Wireshark sniffer – Live environment tester – and even occasional Programmer

Samba4 isn't just C anymore ● Not all Samba4 development tasks are deep C coding – There is still plenty of C coding, however ● Python Bindings – All our main libraries have some level of python binding ● Python scripts – Key tools such as 'provision' are written in python

Practical examples of assistance

Multi-master replication ● If OpenLDAP is hard, multi-master replication is harder ● Oliver Liebel extended the provision-backend – Getting a multi-master Samba4 install is now just a configuration option!

PAC Validation ● My 'russian connection' had a strange error – 'PAC Validation failed'. ● PAC: Privilage Attribute Certificate – A Microsoft extension to attach groups to a Kerberos ticket – Windows XP must check the PAC with the KDC – But only rarely – so I never saw it in my testing

Using the full AD schema ● Microsoft has provided a copy of it's schema – But in 'not quite LDIF' format – And with syntax errors ● These we can resolve... ● I asked for help writing a conversion script – Sreepathi Pai took on the – End result can be integrated into our provision script

Account expiry ● Some bugs just take time to discover ● Samba4 a hard-coded 28 day password expiry – Samba also incorrectly ignored the 'no expiry' flag – Only found once testers stopped having to re provision regularly

Dropping out of the domain ● Again, found by my Russian connection. – Windows clients would just stop working, after around a month. ● Monthly password change – To a Random byte buffer – Samba4 could not convert a random byte buffer into a UTF8 string – Samba actually set the password to “” – Fix was eventually to rework the whole password setting stack

NTP signing ● The client time at the russian install kept drifting – This breaks Kerberos quite badly ● Windows clients tried (and failed) to get time from the Samba4 DC ● Needed to implement the Microsoft-only NTP authentication extensions – MS-SNTP ● Patch now available, and well tested

Help still needed ● Testing Samba4 with other software is the remaining big challenge – For example, just how much more do we need to support Exchange? – Non-windows clients ● Developing administration tools ● Re-start the web interface – If administrators still want that kind of thing

LDAP schema mapping ● Is it a problem that Samba4 uses the AD schema? ● Do administrators want Samba4 to use a different backend schema? – Perhaps on the same server as Linux clients use? ● Can someone help me come up with a sensible mapping? – Samba3-like minimal mapping (just add kerberos) – Samba4 full schema to 'posix like' backend

The road ahead ● Domain Trusts ● Replication – Once-off (vampire) – Read-only copy – Full read-write replication

Taking it in our stride ● I've made it my aim to help Sysadmins with their deployments ● We are starting to get a community – I'm not the only one answering questions ● With the feedback from sysadmins, we can better direct Samba4 development ● I'm not asking to switch everything today – Just to tell me what stops you from using Samba4

Demo Time ● Demo of Samba's provision and a WinXP join

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.