Windows Server Trusts Samba4 Active Directory 182
Darren Ginter writes "A group of Samba v4 developers recently spent a week in Redmond to work with Microsoft on Active Directory interoperability(?!). The result? Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols. Although Samba v4 is still in the alpha stages, this is a huge step for open source. Or it could be a trap."
Trap? (Score:1, Insightful)
Proabably not. If Microsoft helped, then they'd have unclean hands.
Of course it's a trap (Score:3, Insightful)
But the supreme court may void software patents, so it might not spring.
Just Don't See How This Could Be A 'Trap' (Score:1, Insightful)
A question of trust (Score:2, Insightful)
"Microsoft Windows" and "trust", do those two even go together?
Re:It's a nice story... (Score:5, Insightful)
I'm kind of surprised you don't get what's going on here. MS sees a way to make money from open source. I doubt they'll trumpet that from the rooftops, but I think it's exactly what's happening lately. This will be a selling point for Server 2008 and another reason for MS customers to upgrade from Sever 2003 to 2008. So this potentially has the ability to increase upgrade sales to existing customers and provide possible sales to new multi-platform customers.
Everyone is so worried about the MS of 10 years ago that I think they're missing the dynamic now. Free and/or Open Source software and platforms aren't going away. If you can't make your competition leave then you might as well capitalize on them and make money. MS has far more to gain from interoperability with Linux, BSD, and other open source platforms than they do from not working together (it's just taking a long time for the boardroom to move it in that direction). FOSS on the other hand has far less to gain, in my opinion, by working together and everything to gain by not making things work together since the main business model of FOSS is support service oriented.
I think what we're seeing with this and their VM offering is to make themselves a viable player with Linux in the server arena.
Re:It's a nice story... (Score:3, Insightful)
I'm kind of surprised you don't get what's going on here. MS sees a way to make money from open source.
Get back to me in five years, and we'll see how this plays out. I'd love to see MS back away from its old policies, but they actually need to do it before I'll give them credit for it.
Re:Oh, great (Score:1, Insightful)
Hell [wikipedia.org] freezes over annually.
To all the doubters (Score:4, Insightful)
Microsoft have been working with the Samba folks for some time [zdnet.com]. I suspect this is more to shut the EU up than because they really want to, but if that's their purpose then starting to enforce patents against the Samba team would almost certainly be a most efficient foot-shooting exercise.
If I am being perfectly honest, the only frustration (and I'm sure it's got more to do with a lack of resources than a lack of talent - Samba probably needs about four times as many developers who know the protocol backwards and inside out, problem is most of them probably work for Microsoft) is the glacial speed this is all moving at. AD was introduced with Windows 2000, the Samba team have been working on getting Samba 4 out for years and it's still only alpha code. Frankly, only being able to provide something equivalent to an NT4 domain looked quaint four years ago. Today it's downright embarrassing for anyone claiming that F/OSS is functionally equivalent to Active Directory.
(note to F/OSS advocacy trolls: I am well aware that AD is little more than LDAP/Kerberos under the hood. When you compose your flames, perhaps you would be so good as to explain exactly how one can manage a network full of Windows workstations with the level of control AD policies offer using nothing but F/OSS software which has reached a reasonable level of stability. NT4 policies are a pretty lousy substitute.)
Re:EC mandate? (Score:4, Insightful)
Vendors is in quotes, as an open source project team really isn't a vendor.
True, but it also gives Microsoft the most bang for their buck, since by working with Samba developers, the information gets out there for everyone to see. If I'm not mistaken, Microsoft requires you to pay for their documentation. Samba's interoperability is documentation in a real sense (and source code is almost always better documentation than something that a technical writer came up with), and this lowers the barrier to getting that information. I think that the EU will view this favorably, which is probably why Microsoft is doing this.
As a side note-- my gut feeling is that nowadays, Microsoft's closed-off protocols are a hindrance to them. At this point in the game, the lock-in is well-known and I think that works against Microsoft with many sysadmins planning new deployments. If, on the other hand, there is a large and open software ecosystem, sysadmins will look on Microsoft products more favorably. E.g., Exchange is quite full-featured as a groupware platform, relatively scalable, and fairly easy to use, but lock-in, cost, and infrastructure requirements are problems. But if someone can set up a Samba4 AD and run Exchange on top of it-- or even better, the other way around-- now we're talking. Microsoft's attitude up to this point, though, has made many people (me included) simply work to ditch the existing Microsoft software we use.
Re:Just Don't See How This Could Be A 'Trap' (Score:0, Insightful)
The trap or catch will come further down the road when Microsoft patches something that breaks the functionality, at which point Microsoft will simply state that if you wanted something reliable you should have used genuine Windows servers. Don't believe me? The samba project is already rife with examples of this. Didn't we see Samba choke when enterprises tightening up security disabled ntlmv1?
So in essence, the 'trap' here is, when Microsoft decides to stop supporting some aging and long surpassed (version of a) protocol, and make a long-time existing (version of a) protocol the default, that just hasn't been implemented in Samba yet ? Well only the really paranoid would consider calling that a 'trap', all others would call it 'poor interoperability'.
Re:It's a nice story... (Score:5, Insightful)
I think the point here is that Microsoft's behavior is being driven by the market. The market is clearly saying that they like a lot of the FOSS solutions. If Microsoft tries to pretend like these solutions does not exist, then they will allow a software ecosystem to develop in which they have no influence. A dominant player simply cannot allow that to happen.
In the case of FOSS, there is no way to bankrupt or buyout the competition. They still try to compete with marketing FUD, but it is obvious that that is only good for trying to slow the growth of FOSS.
This isn't about Microsoft turning over a new leaf. The real story is that market acceptance of FOSS solutions has grown to the point where none of the major players (including Microsoft) can afford to ignore it. For someone like me who has used Linux seriously for 15 years, seeing this kind of growth and acceptance is amazing. Linux used to be ignored, but now it is respected.
Re:It's a nice story... (Score:5, Insightful)
In the case of FOSS, there is no way to bankrupt or buyout the competition. They still try to compete with marketing FUD, but it is obvious that that is only good for trying to slow the growth of FOSS.
That leaves the legal route, and that's what I'm worried may be employed here down the road. I hope the Samba developers obtained a rock-solid agreement allowing them to use the results of the collaboration in the Samba project, now and in the future. I'm concerned that the company may attempt, without the knowledge of the MS developers who probably had a blast doing this, to argue that anything in Samba4 written after this project having to do with AD interoperability is covered by patents relating to AD, or that it descends from MS intellectual property accessed while they were at Redmond, etc. IIRC, one of the Linux NTFS coders had to refrain from working on the functionality for some time after working at Microsoft due to contract stipulations, slowing the development of stable write capability (this was years ago, so I could be way off here).
I can see how this is a possible sign of a culture change at Microsoft (and for that company's sake, I hope the EEE culture is withering away), but I can also see a few ways this could go horribly wrong based on the company's past behaviour. Their future behaviour will determine whether this was a good idea, and that's why I remain skeptical.
people think "PC == Windows" (Score:3, Insightful)
"Choice" is anathema to Microsoft. Gates, Ballmer, Mundie, et alia want Windows on every PC in the world, and they are willing to use every means, legal or otherwise, to convince people (especially clueless executives) that there is no other system for a PC. In this, they were very successful for a long time. And, face it, a lot of people tolerate Windows in order to have computers on their desks, but how many actually like it?
Even if Microsoft were to admit openly that PC's can run other OS's, the sheer inertia Windows has today is going to take a while to overcome.
Re:Really? (Score:3, Insightful)
So a company received money from MS after negotiating and signing an agreement and it's MS's fault that they are going under because they refuse to give them more money.
As far as IBM and MS are concerned, it was always an uncomfortable alliance and it wasn't as if the larger IBM wasn't used to playing hardball in the big leagues.
Besides, it was clear that IBM didn't didn't consider OS/2 to be a priority because they were very quiet in their promotion of it. There had more ads for the PC jr (with its chicklet keyboard) than OS/2.
Re:A question of trust (Score:3, Insightful)
I have to disagree with your statement about popularity. If the majority of people didn't trust MS they wouldn't keep deploying it. That means that MS hasn't violated the trust of the majority and quite frankly, no one can please everyone.
While I agree that Microsoft shouldn't be trusted I understand that the majority of businesses out there do trust MS and only use basic functionality which in the Windows world simply works. Those of us that try to do unique things run into problems so we like flexible solutions so we ended trying alternatives and become Linux users. I think you would be hard pressed to come up with protocol busting behavior from MS beyond that of IE functionality which at the time all browsers were doing. Remember Netscape 4 and the lovely behavior it gave us? MS was just playing following the leader and since they had a nice install base surprise surprise, they came out on top. NTLM v1 was long considered a bad idea and v2 was clearly an improvement from a security standpoint. Could they have made it more interoperable? Probably but how much should they spend on it? At what point does breaking compatibility make the most sense? Apple does it just fine rather routinely and without backlash but MS seems to get blasted as untrustworthy for the exact same behavior so I say the popularity does determine trustworthiness.
Re:This is good news (Score:4, Insightful)
... but it can replace Windows on the server as Unix and Linux are designed as server operating systems.
Unix (and by extension Linux) makes for an excellent general purpose operating system. Just because it was developed before desktops and graphical user interfaces doesn't mean that it isn't fully capable for such use any more or less than Windows (which was morphed from DOS). Mac OS X is an example of a very capable desktop operating system built on Unix. A general purpose operating system like Linux is "designed for" whatever people have built on top of it, and desktops running on top of *nix and X11 are not recent occurrences. Nowadays, X11-based desktops are extremely capable, and the development gap between Windows and such desktops has essentially been closed in the minds of many users.
So, let's drop the meme that Linux is designed for servers (thereby implying that it isn't designed for desktops or something). Instead, let's acknowledge that it is a good general purpose operating system which scales well from small devices to servers to desktops, and anything in-between. It just doesn't make sense to continue saying Linux was "designed as a server operating system" when it has really been designed for much more than that.
Re:Oh, great (Score:4, Insightful)
Re:To all the doubters (Score:3, Insightful)
>I suspect this is more to shut the EU up than because they really want to
Considering pretty much all IT shops are mixed shops, Im sure every MS rep gets an earful about how about a company with a few linux-based NASs or servers dont integrate with AD. MS is now in the position where it needs to embrace a lot of OSS or their customers will revolt. I suspect the MS of the 90s is behind us. The market is just too diversified and competitive now. Fixing SAMBA is something that should have been done years ago. Hopefully, SAMBA4 will really be headache free.
Re:people think "PC == Windows" (Score:3, Insightful)
"Choice" is anathema to Microsoft.
Steve Jobs to the rescue! You can get your Macbook Pro in any color, as long as it's silver.
Re:To all the doubters (Score:3, Insightful)
As others have mentioned elsewhere in this thread, you don't have to. With a proper trust relationship now possible, you can actually use the same MS AD management tools you know so well.
Whatever the motivation for this work, I have to say it makes me feel a little more optimistic. Getting MS software to trust Samba is a decidedly non-trivial accomplishment. The other direction has been possible for some time, but it relegated Samba to a subordinate position. Now, these two implementations can interact as peers.
Bitter experience with closed source software vendors has driven more than a few of us into the arms of FOSS. But virtually all of us work in heterogeneous environments where making MS software work with FOSS continues to frustrate us to this day. The inverse can sometimes be a challenge, but at least the source was always there to diagnose these shortcomings.
Having some degree of assurance that Windows and FOSS (well, Samba, at least) will play nicely together on both sides of the fence is enough to make even die-hard Free Software supporters like me take heart. It's not the end of the war, but it's a sign that peace talks might just work.
... Might, of course, being the operative word in that last sentence.