Zentyal Forum, Linux Small Business Server
News and Announcements => News and Announcements => Topic started by: J. A. Calvo on December 13, 2012, 10:37:19 am
-
As you may already know, when we started the Zentyal 2.3 development, we took the decision of integrating Samba4, which was about to enter the beta phase. This sounded risky and was questioned by some, but as we have the ambitious goal of being a full Active Directory replacement, and improve the migration processes from Windows server environments we decided to go for Samba4 integration and we do not regret it.
During the whole year Samba4 has been evolving really fast and we were confident that at some point around the release date of Zentyal 3.0, or not too late, there would be a final Samba 4.0 stable version solving the problems of the first beta versions. We can also say that during this development we have tried to contribute as much as possible with the Samba team, by giving feedback, coding and sending patches.
The thing is that Samba 4.0 stable has been released already and sadly, as you can see in the official announcement (https://lists.samba.org/archive/samba-announce/2012/000283.html), it has been released still with known issues that affect some scenarios that Zentyal aims to provide.
So, how to solve this situation in these scenarios? To start with, we have written a brief list of the current known issues (http://trac.zentyal.org/wiki/Document/Samba4KnownIssues). In the next days we are going to detail them, provide as much documentation as possible about the different scenarios, what works and what doesn’t, and what can be done, including best practices for deployments. The documentation will be ready during next week. We also plan to implement more checks in the Zentyal Samba module to avoid common configuration mistakes, and add the possibility to recover from them, for example, allowing easy reconfiguration if Samba has been provisioned with a wrong domain name.
We can assure you that we will keep working hard making Zentyal a full Active Directory replacement and you should expect clear information about the current issues and the updates on the zentyal-samba packages.
Thanks for using Zentyal and keep the feedback coming so that we can all make it the best Linux alternative to Windows Server!
Update: More detailed documentation about some Zentyal scenarios with Samba4 can be now found at http://trac.zentyal.org/wiki/Documentation/Community/Development/SambaScenario
-
Thank a lot for this clarification.
I though it was more complex because I had, wrongly, another view in mind that was to provide SMB "general" platform.
Restricting this to Windows is another game.
If as you state, goal is to provide full AD replacement and Linux alternative to Windows server, this is "just" (if I can say so) a matter of making Samba4 one of your core component (get rid of the extra LDAP, DNS Kerberos), extend Samba schema to your specific needs and here you are.
Still some limitations exist but as your roadmap will be from there mapped to Samba4, as soon as Samba4 will evolve, you will benefit from it.
BTW, it will make your installation process much easier as there is no more need for options to install or not users & groups, NTP, DNS, file sharing plus perhaps some other modules.
-
We also plan to implement more checks in the Zentyal Samba module to avoid common configuration mistakes, and add the possibility to recover from them, for example, allowing easy reconfiguration if Samba has been provisioned with a wrong domain name.
Any idea when this might be implemented and released?
-
@christian, when / if this happens ill be forced to leave zentyal behind, as a valuable buisyness alternative, as for me most of the value-add is not in replacing a few licences with a few others, but with replacing and supporting the network, its desktops, and to some extent its buissiness aplications (mostly build on top of ms office).
not being able to also replace the desktops, and supporting the move to webbased aplications, or native code, hardly saves anything in terms of TCO
so instead of extending samba, i would rather have it, that a native sync solution would be added to samba, so that external services (for example openldap) can bind against it in a regular master slave senairo.. this should happen (obviously) before we incoporate more of samba's ldap specifics, into zentyal...
-
If you do not extend Samba LDAP, you will have to live with 2 LDAP servers, which doesn't make sense if goal is, as stated above, to be AD centric.
I can't see what would, using Samba LDAP server, prevent you to bind against it.
What is your point exactly?
Native sync solution
What do you mean here ?
-
@christian, when / if this happens ill be forced to leave zentyal behind, as a valuable buisyness alternative, as for me most of the value-add is not in replacing a few licences with a few others, but with replacing and supporting the network, its desktops, and to some extent its buissiness aplications (mostly build on top of ms office).
not being able to also replace the desktops, and supporting the move to webbased aplications, or native code, hardly saves anything in terms of TCO
so instead of extending samba, i would rather have it, that a native sync solution would be added to samba, so that external services (for example openldap) can bind against it in a regular master slave senairo.. this should happen (obviously) before we incoporate more of samba's ldap specifics, into zentyal...
I don't quite understand your position ichat. Are you saying that AD stops you from using linux in your environment? AD has its warts but in general gets the job done. Likewise brings the linux deskops into the fold though I imagine it could be done directly with samba4. The 4-5$k that the typical small company shells out on a repeating basis for licensing is a strong motivator for the company and hence Zentyal to move in this direction. I see AD and the new lowest common denominator to handle this task.
The tools available today that are platform agnostic truly make the IT professionals job much easier. I sat down Monday with a Java based (Tomcat Server) RAD tool. Truthfully I haven't worked with anything like this before. This afternoon I had a working prototype that was accessing a mysql database. I estimate a two week investment in a finished product. This will probably reside on the Zentyal server when complete. My point here is that Zentyal 3 and beyond will incorporate well into my existing ecosystem. My secondary point is making tools for this new world order is getting easier all the time.
-
If you do not extend Samba LDAP, you will have to live with 2 LDAP servers, which doesn't make sense if goal is, as stated above, to be AD centric.
I can't see what would, using Samba LDAP server, prevent you to bind against it.
What is your point exactly?
Native sync solution
What do you mean here ?
I am with you on this christian. Fewer moving parts equal less broken pieces. Samba must have ldap so let it handle the whole works. I know Samba handles ldap replication for its own uses. Does that extend to any information held in the directory? I haven't had enough time with the docs to really get a handle on how the internals work yet.
-
What I realized, thanks to J. A. Calvo announcement, it that Zentyal goal is "SMB targeting or already using Windows".
From business standpoint, it does make sense and will permit to address these companies already running Windows environment but wiling, for whatever reason, to get rid of Microsoft server or companies wiling to deploy, for reasons I don't really understand except workstation OS choice (but this is off-topic) Microsoft like environment.
So what's the impact aside deployment easiness (which is already a good point) ?
- It can't address, at least today, medium to large organisations or IT landscape (furthermore, in such landscape, targeting "all-in-one" design is meaningless)
- Do not expect to customize "your" LDAP server because it's now tightly linked (like in real Microsoft world) to Samba requirements. Zentyal design will be dictated, from LDAP standpoint, to what Samba will permit. Same for Kerberos and DNS although this has less impact in real life.
- "Light" Zentyal deployment will not exist anymore: if you thought about deploying Zentyal as internet gateway only (meaning without office related components), drop this idea as Samba will be required as core component. No criticism here: with "all-in-one" design choice, this makes sense. But medium to large organisations will most of the time not go in this direction.
So far so good. From business standpoint, this is, for what I understand, consistent.
From technical and intellectual standpoint, this is not my own choice. Yes AD does the job but with so many drawbacks that it kills any capability to design and deploy something that has not been "Microsoft approved". Samba is taking same direction... Why, starting from scratch, would you want to reproduce same behaviour? Well, to be able to integrate into existing landscape and take market share. I do respect this but this is not my own job.
I've no personal interest in deploying Microsoft infrastructure :-X but I do understand it has some efficiency. At least you don't need any IT architect and sysadmin ;D
-
Well, most of what you guys are talking about sounds like Chinese to me.
The way I see it, Linux is attacking MS on it's own soil.
That means, it may be a necessary move to behave "MS like" and once accomplished, it opens the door for other Linux based solutions and eventually it will transform the once MS only landscape. That's my n00b view on things - I may be wrong.
As for my current Zentyal setups, I do not need nor want to get involved with the AD stuff and such. Just like Christian, I'm not interested in deploying MS infrastructure.
Having said that, I'm feeling a bit lost with Zentyal at the moment because of the mandatory Samba stuff, it is just too much for what I need / want.
It also seems to me that double LDAP, DNS or Kerberos services is something to avoid, but due to my n00b state I can't think of any alternatives.
I just wish that Zentyal can be used simply the way it always was, basic filesharing, gateway, users and voip stuff. Nothing fancy, but perhaps we have no choice but to go the fancy way.
Cheers.
-
I just wish that Zentyal can be used simply the way it always was, basic filesharing, gateway, users and voip stuff. Nothing fancy, but perhaps we have no choice but to go the fancy way.
In trying to decipher the Chinese I've gotten a little lost in understanding how the changes would impact the setup you describe. Since this sounds to me, more or less, like a mainstream small business scenario, maybe one of the geeks can comment on the differences?
-
I don't think question is directly on the end-user view (although it would be interesting to compare mainstream SMB scenario with expectation from medium and large organization).
From end-user standpoint, this is obviously basic internet gateway, file sharing plus some other stuff (the "some other" covering potentially a lot of different requests but this doesn't really matter yet :)).
What I feel interesting to discuss or at least interesting to understand is how Zentyal is going to provide this. Why do I care? because if solution to provide this simple basic scenario is built (as it is currently with 3.0) stacking various components requiring complex synchronization, alignment or control, then reaching stable situation is not going to happen soon. And as end-user, having something reliable when to be used in prod does matter.
The other way around, if design is simplified (with only one LDAP, one DNS, one Kerberos) then it should be easier but, like within real Microsoft world, with some potentially strong constraints in term of evolution if not taken in account and supported by Samba4. This mean less flexibilty for Zentyal to provide evolutions or changes.
That's what I try to understand from Zentyal with my silly question ;)
-
What I feel interesting to discuss or at least interesting to understand is how Zentyal is going to provide this.
Agreed, and I (think I) understand why you care. I was mainly wondering if Escorpiom, as an end user, will find 3.0 as discouraging to use at he fears in the scenario he has described. My instinct (from my limited testing experience) is that 3.0 is not going to be that different, in a negative way. But I'm not always the sharpest tool in the shed. :-[
Since major architecture changes will not happen to Zentyal, apparently, until 3.2, we seem to be in a difficult spot in terms of what you're interested in--arriving at a stable situation in a reasonable amount of time. I mentioned earlier that some small business people likely will find 2.2 the better solution short term. I still think that's true, though I remian interested in seeing if 3.0 can achieve (or has achieved?) stability in situations like Escorpiom described.
-
After reading various forums posts I think that the most challenging part of the 3.2 release will be to fulfill all the different requirements for the different scenarios, taking away technical details on how implement that. There are two sides, some desire to maintain simplicity to deploy just infrastructure services and others desire full AD integration. We must be able to provide a solution that fit in the most common cases.
Thinking loudly, I think this can be accomplish using Samba4 as our main LDAP. It has a modular design and you can "shutdown" services that you don't need. For example, you can disable all kerberos, file sharing, etc and the samba daemon will provide just the LDAP backend for Zentyal. This is an approach that we need to test, validate and discuss before beginning 3.2 development.
My personal opinion, and after see the problems of the current solution, is that we have to simplify Zental architecture because maintain duplicated services and keep them synchronized is a source for problems. It should fit also for simple deployments where just LDAP is required, disabling everything is not needed. But, as I said before, this must be validated before consider a valid solution.
-
My personal opinion, and after see the problems of the current solution, is that we have to simplify Zental architecture because maintain duplicated services and keep them synchronized is a source for problems
+1 8)
It also fits better with your Zarafa + AD replacement strategy, although this is not my own personal choice.
-
+2 :)
Yes! Please try to do that, a lot of people would agree!
Cheers.
-
What I realized, thanks to J. A. Calvo announcement, it that Zentyal goal is "SMB targeting or already using Windows".
From business standpoint, it does make sense
does it??
in the same time i see lack of a Buisyness case, regarding non windows client networks. where is the 'all linux approach'
and will permit to address these companies already running Windows environment but wiling, for whatever reason, to get rid of Microsoft server or companies wiling to deploy, for reasons I don't really understand except workstation OS choice (but this is off-topic) Microsoft like environment.
So what's the impact aside deployment easiness (which is already a good point) ?
- It can't address, at least today, medium to large organisations or IT landscape (furthermore, in such landscape, targeting "all-in-one" design is meaningless)
- Do not expect to customize "your" LDAP server because it's now tightly linked (like in real Microsoft world) to Samba requirements. Zentyal design will be dictated, from LDAP standpoint, to what Samba will permit. Same for Kerberos and DNS although this has less impact in real life.
- "Light" Zentyal deployment will not exist anymore: if you thought about deploying Zentyal as internet gateway only (meaning without office related components), drop this idea as Samba will be required as core component. No criticism here: with "all-in-one" design choice, this makes sense. But medium to large organisations will most of the time not go in this direction.
This is also a really interesting point can zentyal exist without samba in the near future?
so that is why i dont understand your next point, so far so good, because its not JUST about business its also about technical choices.
So far so good. From business standpoint, this is, for what I understand, consistent.
From technical and intellectual standpoint, this is not my own choice. Yes AD does the job but with so many drawbacks that it kills any capability to design and deploy something that has not been "Microsoft approved". Samba is taking same direction... Why, starting from scratch, would you want to reproduce same behaviour? Well, to be able to integrate into existing landscape and take market share. I do respect this but this is not my own job.
I've no personal interest in deploying Microsoft infrastructure :-X but I do understand it has some efficiency. At least you don't need any IT architect and sysadmin ;D
-
Ichat,
I think the answer is within Zentyal's hands but this is how I see it:
If we were dealing only with open source without any commercial version, I share that priority would be technical choices first. If you don't need to sell your product but do it for fun only, you can focus on technical choice and have the best intellectual approach, even if your market is very small as it has not impact.
If, on the other hand, you provide community version but also standard and professional versions and need to sell service in order to survive, then you look at what market is made off and priority is not technical choices but solution that will permit to take market shares. And this market is, today, almost 90% Microsoft.
Look at Zentyal home page (http://www.zentyal.com/) Next webinar is "bye bye SBS..." jointly with Canonical and Zarafa.
This is why I said that, although I do not share the technical choice, I do understand why this is made this way and acknowledge this is perhaps the best short term solution.
Non-Windows clients are very few. And, look at this forum, even those targeting Linux only clients and servers are asking for Windows like features ;D
I never saw one asking for NIS or NIS+ equivalent domain or anything similar to this (hopefully BTW :)) but some wondering how they could apply GPOs to their Ubuntu clients joining Samba (Windows) domain. Is there anyone asking for NFS instead of CIFS ? I don't think so...
So, this confirms that Zentyal strategy, at least for SMBs, is the right one, from marketing standpoint.
Medium to large organizations is a very different debate isn't it?
-
Update: More detailed documentation about some Zentyal scenarios with Samba4 can be now found at http://trac.zentyal.org/wiki/Documentation/Community/Development/SambaScenario
I thought I would report that I am getting a blank page whenever I follow that link
EDIT
Actually there is a small "plain text" link that leads to a "Corrupted Content Error" page
EDIT 2
OK I am going blind. Didn't see the "See Documentation/Community/Document/SambaScenario". However I am still getting the corrupted error...
__________
Free hosting (http://hostinghood.com)
-
It's working for me, probably a brief service interruption related to the migration to the new .org
Regards,