Samba: History and evolution towards Active Directory

by | Mar 29, 2019 | Active Directory

On the occasion of the release of Samba Active Directory version 4.10, we decided to give you an overview of our favorite Active Directory and its history. On the menu of our Samba articles:

  • The birth of the Samba project
  • The main functionalities of the Samba project
  • The transformation of Samba into an Active Directory
  • Our relationship with the Samba Team
  • Evolutions since Samba 4.0
  • What’s new in version 4.10

As you have understood, with this article, some will feel nostalgia and others will feel curiosity. But before going back to the last century, let’s go back to the basics:

What is Samba Active Directory ?

At a time when securing sensitive data and limiting access is a major challenge for companies, Active Directory makes it possible to centralize, manage and authenticate users and computers in a domain. It aims to identify all the information on your network to enable you to manage authentications and rights on your network (in short). It is therefore essential for organizations to implement Identity and Access Management (IAM).

And then you probably say to yourself: “Great, if only it were possible to simply implement this solution!” Spoiler: It’s possible!

Within Tranquil IT, when it comes to Active Directory, we can’t help but talk about Samba AD. Indeed, Samba AD is the Open Source equivalent of Microsoft Active Directory: the same features without the license fees. The little something extra about Samba AD is that we can recommend a great company (nicely named Tranquil IT) to help you with your migrations, train you on Samba AD or even provide you with documentation that allows you to do all this on your own! Now, the introductions are made.

So if you’re still wondering why we appreciate this tool so much or if you’re just curious to know the origin of the name Samba (no, not Brazilian dance…), let’s get into Tranquil IT’s DeLoreane and go back in time to 1980!

File sharing and mutual authentication

In 1980, the world of computing experienced a revolution with the arrival of microcomputing. The computers of the time acquired more power and gained in utility since they were able to run programs locally, directly on the machine. Despite the obvious advantage of this revolution, new challenges must be taken into account before exploiting the power of these machines:

  • File sharing: It is necessary to ensure that users of different machines can access the same document.
  • Mutual authentication: Managing user rights and ensuring that the user is connected to the right machine becomes essential.

NetBIOS Protocol: Facilitating communication between machines

It was not until 1983 that Sytek developed the NetBIOS protocol to facilitate communication between the machines. This protocol allows to have an abstraction layer between the application layer and the transport layer.

IBM followed the movement shortly thereafter, launching its resource sharing protocol in 1985. SMB operates through a client/server structure, so the server responds to requests sent by the client. Although the protocol is quickly becoming a standard, it faces stiff competition, particularly from Novell and its NetWare product. LAN Manager integrated into OS/2, the result of the alliance between IBM, Microsoft and 3COM, will emerge from this competition.

IBM will realize the potential of the NetBIOS protocol and will quickly impose it by leveraging its position as a leader in the IT industry. With the advent of client-server environments, it was necessary to ensure that the client and server could recognize each other. To secure access to data LAN Manager will introduce 3 new principles::

  • Identification: Establish the identity of the user.
  • Authentication : Verify the user’s identity.
  • Authorization: Authorize the user to access or not to access certain resources.

Manage identification and authentication

Project Athena: The beginnings of Samba

The Athena project was initiated by MIT in 1983 and aims to develop strategies and software as part of a client/server network system. The Athena project was born from the realization that students would have to access file servers on a high-value network with their own computers.

The development of the identification and authentication mechanism was then integrated into the Athena project. The objective was to develop an authentication network protocol (Kerberos) that could manage trust on closely monitored and controlled machines. In addition, authentication communications between trusted servers and network computers will be encrypted so that they cannot be intercepted.

Birth of Samba: Interoperability between environments

The Samba project is a software suite that allows interoperability between Windows environments and Unix / Linux environments. The project owes its name to the communication and file sharing protocol it uses: SMB. The SMB protocol is becoming increasingly popular and is quickly becoming the standard for exchanging files on Windows, Linux and Mac networks, including :

  • Centralized identification and authentication management in Active Directory and NT4 domain mode.
  • Centralized group management.
  • File sharing according to the version of the Microsoft SMB protocol.
  • Centralized management of access rights to files and directories.
  • Sharing printers.

Samba will continue to democratize in the IT environment and evolve through its different versions:

  • Samba1: Simple implementation of LAN Manager protocols and workgroup support.
  • Samba2: NT4-style domain controller service for Windows workstations that are members of a domain.
  • Samba3: Support for NT4 domain features and support for new versions of the SMB protocol.

Samba4: Transition to Active Directory

The Samba project has, since its version 2.0, the will to become an Active Directory. And it is in 2005, with the release of Samba4, that this project will gain momentum. Indeed, the objective of this version is to completely rewrite Samba based on Microsoft’s official specifications. Access to these specifications facilitates the development of this version. To consolidate the interoperability approach, the actors of the SMB protocols meet each year to test their different implementations of the protocol.

In 2012, it appeared that the implementation of the SMB protocol, based exclusively on Microsoft specifications, was not functional and that the SMB protocol implemented by Microsoft was complex and poorly documented. This is where Samba, developed empirically, has been able to make its mark by offering fully functional file sharing and printer features. The rewriting of Samba4 involved 3 major components:

  • The Active Directory component.
  • The smbd file sharing component.
  • The winbindd user mapping component.

In September 2012, it was decided to use the smbd3 code as the basis for providing file and printer sharing functions. The Samba4 code was intended to provide the Active Directory function. Samba was available in a stable version in December 2012. Starting with Samba 4, the development team has adopted the following approach::

  • Version in development, considered as non-stable N+1, for example 4.11.
  • Version in stable production N, for example 4.10.
  • Version in corrective maintenance and security N-1, for example 4.9.
  • Version in safety maintenance N-2, for example 4.8.

It is important to note that Samba3 is no longer maintained and that it is therefore important to prepare for a migration. This migration is simplified by the fact that Samba4’s development is based on Samba3’s code. Thanks to this article, you now know who to contact to help you with your domain migration.

And that’s how the Samba project turned into Active Directory! As promised, in the next article you will discover the evolutions of Samba up to the new features of version 4.10. Until then, we will be happy to discuss your Active Directory projects with you.

Simple methods for managing your fleet

At the beginning of April 2019, the ITES (Innovation Technology European Summit) took place in Deauville. Organized by the CRIP (Club of IT Infrastructure and Production Managers) since 2013, the event brings together the various players in the IT eco-system with...

read more