Samba: A history and evolution towards an Active Directory
- The birth of the Samba project.
- The first features of the Samba project.
- The transformation of Samba to an Active Directory.
- The evolutions since Samba 4.0.
- What’s new in version 4.10.
You’ll see within this article, we’ll pull on the nostalgia string for some and curiosity for others. But before going back to the last century, let’s go back to the basics:
What is Samba Active Directory?
At a time when securing sensitive data and limiting access is a major challenge for companies, an Active Directory allows you to centralize, manage and authenticate users and computers in a domain. Its objective is then to list all the information present on your network to allow you to manage the authentications and rights (to make a long story short). It is therefore essential for organizations to set up an Identity and Access Management tool (IAM).
And now, you’re probably thinking: “Great, if only it was possible to simply implement this solution”. Spoiler: It’s possible!
At Tranquil IT, when it comes to Active Directories, we can’t help but talk about Samba AD. Indeed, Samba AD is the Open Source equivalent of Microsoft Active Directory. The same features without the license fees. The little extra of Samba AD is that we can recommend a great company (with a nice name like Tranquil IT) to help you with your migrations, train you on Samba AD or even provide you with documentation to do it all by yourself! That’s it, the presentations are done.
So if you’re still wondering why we appreciate this tool so much or if you’re just curious about the origin of the name Samba (no, not the Brazilian dance…), let’s get into the DeLoreane of Tranquil IT and go back in time to 1980!
File sharing and mutual authentication
In 1980, the world of computing experienced a revolution with the arrival of microcomputing. The computers at the time acquired more power and gained in utility since they were able to run programs locally and directly on the machine. Despite the obvious advantage of this revolution, new challenges had to be taken into account before exploiting the power of these machines:
- File sharing: It is necessary to ensure that users of different machines can access the same document.
- Mutual authentication: Managing user rights and ensuring that the user is connected to the right machine becomes essential.
NetBIOS Protocol: Facilitating communication between machines
It was not until 1983 that Sytek developed the NetBIOS protocol to facilitate communication between the machines. This protocol allows to have an abstraction layer between the application layer and the transport layer.
IBM followed the movement shortly thereafter, launching its resource sharing protocol in 1985. SMB operates through a client/server structure, so the server responds to requests sent by the client. Although the protocol is quickly becoming a standard, it faces stiff competition, particularly from Novell and its NetWare product. LAN Manager integrated into OS/2, the result of the alliance between IBM, Microsoft and 3COM, will emerge from this competition.
IBM will realize the potential of the NetBIOS protocol and will quickly impose it by leveraging its position as a leader in the IT industry. With the advent of client-server environments, it was necessary to ensure that the client and server could recognize each other. To secure access to data LAN Manager will introduce 3 new principles::
- Identification: Establish the identity of the user.
- Authentication : Verify the user’s identity.
- Authorization: Authorize if a user has access or not to certain resources.
Manage identification and authentication
Project Athena: The beginning of Samba
The Athena project was initiated by MIT in 1983 and aims to develop strategies and software as part of a client/server network system. The Athena project was born from the realization that students would have to access file servers on a high-value network with their own computers.
The development of the identification and authentication mechanism was then integrated into the Athena project. The objective was to develop an authentication network protocol (Kerberos) that could manage trust on closely monitored and controlled machines. In addition, authentication communications between trusted servers and network computers will be encrypted so that they cannot be intercepted.
The birth of Samba: Interoperability between environments
The Samba project is a software suite that allows interoperability between Windows environments and Unix / Linux environments. The project owes its name to the communication and file sharing protocol it uses: SMB. The SMB protocol is becoming increasingly popular and is quickly becoming the standard for exchanging files on Windows, Linux and Mac networks, including :
- Centralized identification and authentication management in Active Directory and NT4 domain mode.
- Centralized group management.
- File sharing according to the version of the Microsoft SMB protocol.
- Centralized management of access rights to files and directories.
- Sharing printers.
Samba will continue to democratize in the IT environment and evolve through its different versions:
- Samba1: Simple implementation of LAN Manager protocols and workgroup support.
- Samba2: NT4-style domain controller service for Windows workstations that are members of a domain.
- Samba3: Support for NT4 domain features and support for new versions of the SMB protocol.
Samba4: Transition to an Active Directory
The Samba project, since version 2.0, has had the will to become an Active Directory. And since 2005, with the release of Samba4, that this project finally took off. Indeed, the objective of this version is to completely rewrite Samba based on Microsoft’s official specifications. Access to these specifications facilitates the development of this version. To consolidate the interoperability approach, the actors of the SMB protocols meet each year to test their different implementations of the protocol.
2012 : A deciding year for Samba
In 2012, it appeared that the implementation of the SMB protocol, based exclusively on Microsoft specifications, was not functional and that the SMB protocol implemented by Microsoft was complex and poorly documented. This is where Samba, developed empirically, had been able to make its mark by offering fully functional file sharing and printer features. The rewriting of Samba4 involved 3 major components:
- The Active Directory component.
- The smbd file sharing component.
- The winbindd user mapping component.
In September 2012, it was decided to use the smbd3 code as the basis for providing file and printer sharing functions. The Samba4 code was intended to provide the Active Directory function. Samba 4.0.0.0 was available in a stable version in December 2012. Starting with Samba 4, the development team has adopted the following approach::
- Version in development, considered as non-stable N+1, for example 4.11.
- Version in stable production N, for example 4.10.
- Version in corrective maintenance and security N-1, for example 4.9.
- Version in safety maintenance N-2, for example 4.8.
And that’s how the Samba project turned into Active Directory! As promised, in the next article you will discover the evolutions of Samba up to the new features of version 4.10, as well as our participation in the financing of the software. Until then, we will be happy to discuss your Active Directory projects with you.
Secure and optimize your workstation with WAPT
Managing the confidentiality, security and auditing of workstations has become crucial in companies. Poorly optimized configurations can expose vulnerabilities that can be exploited by parties outside the organization. This guide offers several steps and tools for...
Tranquil IT and Cyberwatch interface to detect and correct vulnerabilities in Linux, Windows and MacOS environments
Tranquil IT and Cyberwatch: How to detect and correct vulnerabilities in Linux, Windows and MacOS.
FAQ WAPT 2.5 : Answers to your questions
WAPT 2.5 has been available for several months now. In this specific FAQ, you'll find 10 of the most frequently asked questions and comments.If you receive the error: EWaptCertificateUntrustedIssuer ('Issuer CA certificate CN=blemoigne,C=FR can not be found in...