Author Topic: Status of the Samba 4.0 integration in Zentyal 3.0  (Read 16162 times)

J. A. Calvo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1986
  • Karma: +67/-3
    • View Profile
    • http://blogs.zentyal.org/jacalvo
Status of the Samba 4.0 integration in Zentyal 3.0
« on: December 13, 2012, 10:37:19 am »
As you may already know, when we started the Zentyal 2.3 development, we took the decision of integrating Samba4, which was about to enter the beta phase. This sounded risky and was questioned by some, but as we have the ambitious goal of being a full Active Directory replacement, and improve the migration processes from Windows server environments we decided to go for Samba4 integration and we do not regret it.

During the whole year Samba4 has been evolving really fast and we were confident that at some point around the release date of Zentyal 3.0, or not too late, there would be a final Samba 4.0 stable version solving the problems of the first beta versions. We can also say that during this development we have tried to contribute as much as possible with the Samba team, by giving feedback, coding and sending patches.

The thing is that Samba 4.0 stable has been released already and sadly, as you can see in the official announcement, it has been released still with known issues that affect some scenarios that Zentyal aims to provide.

So, how to solve this situation in these scenarios? To start with, we have written a brief list of the current known issues. In the next days we are going to detail them, provide as much documentation as possible about the different scenarios, what works and what doesn’t, and what can be done, including best practices for deployments. The documentation will be ready during next week. We also plan to implement more checks in the Zentyal Samba module to avoid common configuration mistakes, and add the possibility to recover from them, for example, allowing easy reconfiguration if Samba has been provisioned with a wrong domain name.

We can assure you that we will keep working hard making Zentyal a full Active Directory replacement and you should expect clear information about the current issues and the updates on the zentyal-samba packages.

Thanks for using Zentyal and keep the feedback coming so that we can all make it the best Linux alternative to Windows Server!

Update: More detailed documentation about some Zentyal scenarios with Samba4 can be now found at http://trac.zentyal.org/wiki/Documentation/Community/Development/SambaScenario
« Last Edit: December 23, 2012, 04:48:40 pm by J. A. Calvo »
Zentyal Server Lead Developer

christian

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #1 on: December 13, 2012, 10:51:56 am »
Thank a lot for this clarification.

I though it was more complex because I had, wrongly, another view in mind that was to provide SMB "general" platform.
Restricting this to Windows is another game.

If as you state, goal is to provide full AD replacement and Linux alternative to Windows server, this is "just" (if I can say so) a matter of making Samba4 one of your core component (get rid of the extra LDAP, DNS Kerberos), extend Samba schema to your specific needs and here you are.
Still some limitations exist but as your roadmap will be from there mapped to Samba4, as soon as Samba4 will evolve, you will benefit from it.

BTW, it will make your installation process much easier as there is no more need for options to install or not users & groups, NTP, DNS, file sharing plus perhaps some other modules.

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #2 on: December 13, 2012, 04:33:29 pm »
We also plan to implement more checks in the Zentyal Samba module to avoid common configuration mistakes, and add the possibility to recover from them, for example, allowing easy reconfiguration if Samba has been provisioned with a wrong domain name.
Any idea when this might be implemented and released?

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #3 on: December 13, 2012, 04:41:22 pm »
@christian,   when / if this happens ill be forced to leave zentyal behind,  as a valuable buisyness alternative,  as for me most of the value-add  is not in replacing a few licences with a few others,  but with replacing and supporting the  network,  its desktops,  and to some extent  its buissiness aplications (mostly build on top of ms office). 

not being able to also replace the desktops,  and  supporting the move to webbased aplications, or  native code,   hardly saves anything in terms of TCO

so instead of extending samba,   i would rather have it,   that  a native  sync solution would be added to samba,    so that  external services (for example  openldap)  can bind against  it  in a regular master slave senairo..    this should happen (obviously) before  we incoporate more of samba's ldap specifics, into zentyal...
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

christian

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #4 on: December 13, 2012, 05:13:26 pm »
If you do not extend Samba LDAP, you will have to live with 2 LDAP servers, which doesn't make sense if goal is, as stated above, to be AD centric.
I can't see what would, using Samba LDAP server, prevent you to bind against it.
What is your point exactly?

Quote
Native sync solution
What do you mean here ?

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #5 on: December 14, 2012, 03:44:46 am »
@christian,   when / if this happens ill be forced to leave zentyal behind,  as a valuable buisyness alternative,  as for me most of the value-add  is not in replacing a few licences with a few others,  but with replacing and supporting the  network,  its desktops,  and to some extent  its buissiness aplications (mostly build on top of ms office). 

not being able to also replace the desktops,  and  supporting the move to webbased aplications, or  native code,   hardly saves anything in terms of TCO

so instead of extending samba,   i would rather have it,   that  a native  sync solution would be added to samba,    so that  external services (for example  openldap)  can bind against  it  in a regular master slave senairo..    this should happen (obviously) before  we incoporate more of samba's ldap specifics, into zentyal...

I don't quite understand your position ichat.  Are you saying that AD stops you from using linux in your environment?  AD has its warts but in general gets the job done.  Likewise brings the linux deskops into the fold  though I imagine it could be done directly with samba4.  The 4-5$k that the typical small company shells out on a repeating basis for licensing is a strong motivator for the company and hence Zentyal to move in this direction.  I see AD and the new lowest common denominator to handle this task.

 The tools available today that are platform agnostic  truly make the IT professionals job much easier.  I sat down Monday with a Java based (Tomcat Server) RAD tool.  Truthfully I haven't worked with anything like this before.  This afternoon  I had a working prototype that was accessing a mysql database.  I estimate a two week investment in a finished product. This will probably reside on the Zentyal server when complete. My point here is that Zentyal 3 and beyond will incorporate well into my existing ecosystem.  My secondary point is making tools for this new world order is getting easier all the time.

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #6 on: December 14, 2012, 03:49:18 am »
If you do not extend Samba LDAP, you will have to live with 2 LDAP servers, which doesn't make sense if goal is, as stated above, to be AD centric.
I can't see what would, using Samba LDAP server, prevent you to bind against it.
What is your point exactly?

Quote
Native sync solution
What do you mean here ?

I am with you on this christian.  Fewer moving parts equal less broken pieces.  Samba must have ldap so let it handle the whole works.  I know Samba handles ldap replication for its own uses.  Does that extend to any information held in the directory?  I haven't had enough time with the docs to really get a handle on how the internals work yet.

christian

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #7 on: December 14, 2012, 07:20:49 am »
What I realized, thanks to J. A. Calvo announcement, it that Zentyal goal is "SMB targeting or already using Windows".
From business standpoint, it does make sense and will permit to address these companies already running Windows environment but wiling, for whatever reason, to get rid of Microsoft server or companies wiling to deploy, for reasons I don't really understand except workstation OS choice (but this is off-topic) Microsoft like environment.

So what's the impact aside deployment easiness (which is already a good point) ?

- It can't address, at least today, medium to large organisations or IT landscape (furthermore, in such landscape, targeting "all-in-one" design is meaningless)
- Do not expect to customize "your" LDAP server because it's now tightly linked (like in real Microsoft world) to Samba requirements. Zentyal design will be dictated, from LDAP standpoint, to what Samba will permit. Same for Kerberos and DNS although this has less impact in real life.
- "Light" Zentyal deployment will not exist anymore: if you thought about deploying Zentyal as internet gateway only (meaning without office related components), drop this idea as Samba will be required as core component. No criticism here: with "all-in-one" design choice, this makes sense. But medium to large organisations will most of the time not go in this direction.

So far so good. From business standpoint, this is, for what I understand, consistent.
From technical and intellectual standpoint, this is not my own choice. Yes AD does the job but with so many drawbacks that it kills any capability to design and deploy something that has not been "Microsoft approved". Samba is taking same direction... Why, starting from scratch, would you want to reproduce same behaviour?  Well, to be able to integrate into existing landscape and take market share. I do respect this but this is not my own job.

I've no personal interest in deploying Microsoft infrastructure  :-X  but I do understand it has some efficiency. At least you don't need any IT architect and sysadmin ;D

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #8 on: December 14, 2012, 08:44:28 am »
Well, most of what you guys are talking about sounds like Chinese to me.
The way I see it, Linux is attacking MS on it's own soil.
That means, it may be a necessary move to behave "MS like" and once accomplished, it opens the door for other Linux based solutions and eventually it will transform the once MS only landscape. That's my n00b view on things - I may be wrong.

As for my current Zentyal setups, I do not need nor want to get involved with the AD stuff and such. Just like Christian, I'm not interested in deploying MS infrastructure.
Having said that, I'm feeling a bit lost with Zentyal at the moment because of the mandatory Samba stuff, it is just too much for what I need / want.
It also seems to me that double LDAP, DNS or Kerberos services is something to avoid, but due to my n00b state I can't think of any alternatives.   
   
I just wish that Zentyal can be used simply the way it always was, basic filesharing, gateway, users and voip stuff. Nothing fancy, but perhaps we have no choice but to go the fancy way.

Cheers. 
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

Sam Graf

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #9 on: December 14, 2012, 03:05:29 pm »
I just wish that Zentyal can be used simply the way it always was, basic filesharing, gateway, users and voip stuff. Nothing fancy, but perhaps we have no choice but to go the fancy way.

In trying to decipher the Chinese I've gotten a little lost in understanding how the changes would impact the setup you describe. Since this sounds to me, more or less, like a mainstream small business scenario, maybe one of the geeks can comment on the differences?

christian

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #10 on: December 14, 2012, 04:15:54 pm »
I don't think question is directly on the end-user view (although it would be interesting to compare mainstream SMB scenario with expectation from medium and large organization).
From end-user standpoint, this is obviously basic internet gateway, file sharing plus some other stuff (the "some other" covering potentially a lot of different requests but this doesn't really matter yet :)).

What I feel interesting to discuss or at least interesting to understand is how Zentyal is going to provide this. Why do I care? because if solution to provide this simple basic scenario is built (as it is currently with 3.0) stacking various components requiring complex synchronization, alignment or control, then reaching stable situation is not going to happen soon. And as end-user, having something reliable when to be used in prod does matter.

The other way around, if design is simplified (with only one LDAP, one DNS, one Kerberos) then it should be easier but, like within real Microsoft world, with some potentially strong constraints in term of evolution if not taken in account and supported by Samba4. This mean less flexibilty for Zentyal to provide evolutions or changes.

That's what I try to understand from Zentyal with my silly question  ;)

Sam Graf

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #11 on: December 14, 2012, 04:31:59 pm »
What I feel interesting to discuss or at least interesting to understand is how Zentyal is going to provide this.

Agreed, and I (think I) understand why you care. I was mainly wondering if Escorpiom, as an end user, will find 3.0 as discouraging to use at he fears in the scenario he has described. My instinct (from my limited testing experience) is that 3.0 is not going to be that different, in a negative way. But I'm not always the sharpest tool in the shed. :-[

Since major architecture changes will not happen to Zentyal, apparently, until 3.2, we seem to be in a difficult spot in terms of what you're interested in--arriving at a stable situation in a reasonable amount of time. I mentioned earlier that some small business people likely will find 2.2 the better solution short term. I still think that's true, though I remian interested in seeing if 3.0 can achieve (or has achieved?) stability in situations like Escorpiom described.

kernevil

  • Zen Apprentice
  • *
  • Posts: 31
  • Karma: +10/-0
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #12 on: December 18, 2012, 11:41:55 am »
After reading various forums posts I think that the most challenging part of the 3.2 release will be to fulfill all the different requirements for the different scenarios, taking away technical details on how implement that. There are two sides, some desire to maintain simplicity to deploy just infrastructure services and others desire full AD integration. We must be able to provide a solution that fit in the most common cases.

Thinking loudly, I think this can be accomplish using Samba4 as our main LDAP. It has a modular design and you can "shutdown" services that you don't need. For example, you can disable all kerberos, file sharing, etc and the samba daemon will provide just the LDAP backend for Zentyal. This is an approach that we need to test, validate and discuss before beginning 3.2 development.

My personal opinion, and after see the problems of the current solution, is that we have to simplify Zental architecture because maintain duplicated services and keep them synchronized is a source for problems. It should fit also for simple deployments where just LDAP is required, disabling everything is not needed. But, as I said before, this must be validated before consider a valid solution.

christian

  • Guest
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #13 on: December 18, 2012, 11:46:09 am »
My personal opinion, and after see the problems of the current solution, is that we have to simplify Zental architecture because maintain duplicated services and keep them synchronized is a source for problems

+1  8)
It also fits better with your Zarafa + AD replacement strategy, although this is not my own personal choice.

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Status of the Samba 4.0 integration in Zentyal 3.0
« Reply #14 on: December 18, 2012, 01:37:53 pm »
+2  :)
Yes! Please try to do that, a lot of people would agree!

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...