Samba 4 alpha 4: ainda longe do AD

Saiu a versão alpha 4 do Samba 4, que, apesar dos mais de 4 anos de desenvolvimento, o produto ainda deve demorar para chegar à versão final, em virtude dos desafios enfrentados no suporte aos protocolos proprietários da Microsoft. Para quem quiser testar e tirar suas próprias conclusões, seguem links para download e para mais informações, no site oficial do Samba e no Linux-Watch. Via lista Ubuntu-br.

Destaco abaixo alguns trechos importantes do whatsnew.txt:


Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations.  This includes file
annotation information (in streams) and NT ACLs in particular.  The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends.  One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large


In the time since Samba4 Alpha2 was released in December 2007, Samba has
continued to evolve, but you may particularly notice these areas:

  SWAT Remains Disabled: Due to a lack of developer time and without a
  long-term web developer to maintain it, the SWAT web UI remains been
  disabled (and would need to be rewritten in python in any case).

  Registry: Samba4's registry library has continued to improve.

  ID mapping: Samba4 uses the internal ID mapping in winbind for all
  but a few core users.  Samba users should not appear in /etc/passwd,
  as Samba will generate new user and group IDs regradless.

  NTP: Samba4 can act as a signing server for the NTP deamon,
  allowing NTPd to reply using Microsoft's non-standard signing
  scheme.  A patch to make NTPd talk to Samba for this purpose has
  been submitted to the project.

  CLDAP: Users should experience less arbitary delays and more success with
  group policy, domain joins and logons due to an improved
  implementation of CLDAP and the 'netlogon' mailslot datagrams.

  Secure DNS update: Configuration for GSS-TSIG updates of DNS records
  is now generated by the provision script.


- Domain member support is in it's infancy, and is not comparable to
  the support found in Samba3.

- There is no printing support in the current release.

- There is no netbios browsing support in the current release

- The Samba4 port of the CTDB clustering support is not yet complete

- Clock Synchronisation is critical.  Many 'wrong password' errors are
  actually due to Kerberos objecting to a clock skew between client
  and server.  (The NTP work is partly to assist with this problem).

- Samba4 alpha4 is currently only portable to recent Linux
  distributions.  Work to return support for other Unix varients is
  expected during the next alpha cycle

- Samba4 alpha4 is incompatible with GnuTLS 2.0, found in Fedora 9 and
  recent Ubuntu releases.  Please remove the
  gnutls-devel/libgnutls-dev package before compiling (otherwise 'make
  test' and LDAPS operations will hang).

Christian Guerreiro

Professor por vocação, blogueiro e servidor público por opção, amante da tecnologia e viciado em informação.

Ensino a distância em Bitcoin & Criptomoedas, além de Tecnologia da Informação: Virtualização com VMware, Big Data com Hadoop, Certificação ITIL 2011 Foundations e muito mais.

Suporte o Tecnologia que Interessa!

Você acha que as informações compartilhadas aqui são úteis?
Então me ajude a produzir ainda mais e melhores conteúdos!

É muito fácil. Basta divulgar nossos treinamentos pra alguém que conheça!

E se for de Salvador, podemos estruturar um curso presencial para sua empresa!

Eu vou ficar muito grato (e quem fizer os curso também :)!