Samba: History and evolution towards Active Directory
On the occasion of the release of Samba Active Directory version 4.10, we decided to give you an overview of our favorite Active Directory and its history. On the menu of our two Samba articles:
- The birth of the Samba project
- The main functionalities of the Samba project
- The transformation of Samba into an Active Directory
- Our relationship with the Samba Team
- Evolutions since Samba 4.0
- What’s new in version 4.10
As you have understood, with this article, some will feel nostalgia and others will feel curiosity. But before going back to the last century, let’s go back to the basics:
What is Samba Active Directory ?
At a time when securing sensitive data and limiting access is a major challenge for companies, Active Directory makes it possible to centralize, manage and authenticate users and computers in a domain. It aims to identify all the information on your network to enable you to manage authentications and rights on your network (in short). It is therefore essential for organizations to implement Identity and Access Management (IAM).
And then you probably say to yourself: “Great, if only it were possible to simply implement this solution!” Spoiler: It’s possible!
Within Tranquil IT, when it comes to Active Directory, we can’t help but talk about Samba AD. Indeed, Samba AD is the Open Source equivalent of Microsoft Active Directory: the same features without the license fees. The little something extra about Samba AD is that we can recommend a great company (nicely named Tranquil IT) to help you with your migrations, train you on Samba AD or even provide you with documentation that allows you to do all this on your own! Now, the introductions are made.
So if you’re still wondering why we appreciate this tool so much or if you’re just curious to know the origin of the name Samba (no, not Brazilian dance…), let’s get into Tranquil IT’s DeLoreane and go back in time to 1980!
File sharing and mutual authentication
In 1980, the world of computing experienced a revolution with the arrival of microcomputing. The computers of the time acquired more power and gained in utility since they were able to run programs locally, directly on the machine. Despite the obvious advantage of this revolution, new challenges must be taken into account before exploiting the power of these machines:
- File sharing: It is necessary to ensure that users of different machines can access the same document.
- Mutual authentication: Managing user rights and ensuring that the user is connected to the right machine becomes essential.
NetBIOS Protocol: Facilitating communication between machines
It was not until 1983 that Sytek developed the NetBIOS protocol to facilitate communication between the machines. This protocol allows to have an abstraction layer between the application layer and the transport layer.
IBM followed the movement shortly thereafter, launching its resource sharing protocol in 1985. SMB operates through a client/server structure, so the server responds to requests sent by the client. Although the protocol is quickly becoming a standard, it faces stiff competition, particularly from Novell and its NetWare product. LAN Manager integrated into OS/2, the result of the alliance between IBM, Microsoft and 3COM, will emerge from this competition.
IBM will realize the potential of the NetBIOS protocol and will quickly impose it by leveraging its position as a leader in the IT industry. With the advent of client-server environments, it was necessary to ensure that the client and server could recognize each other. To secure access to data LAN Manager will introduce 3 new principles::
- Identification: Establish the identity of the user.
- Authentication : Verify the user’s identity.
- Authorization: Authorize the user to access or not to access certain resources.
Manage identification and authentication
Project Athena: The beginnings of Samba
The Athena project was initiated by MIT in 1983 and aims to develop strategies and software as part of a client/server network system. The Athena project was born from the realization that students would have to access file servers on a high-value network with their own computers.
The development of the identification and authentication mechanism was then integrated into the Athena project. The objective was to develop an authentication network protocol (Kerberos) that could manage trust on closely monitored and controlled machines. In addition, authentication communications between trusted servers and network computers will be encrypted so that they cannot be intercepted.
Birth of Samba: Interoperability between environments
The Samba project is a software suite that allows interoperability between Windows environments and Unix / Linux environments. The project owes its name to the communication and file sharing protocol it uses: SMB. The SMB protocol is becoming increasingly popular and is quickly becoming the standard for exchanging files on Windows, Linux and Mac networks, including :
- Centralized identification and authentication management in Active Directory and NT4 domain mode.
- Centralized group management.
- File sharing according to the version of the Microsoft SMB protocol.
- Centralized management of access rights to files and directories.
- Sharing printers.
Samba will continue to democratize in the IT environment and evolve through its different versions:
- Samba1: Simple implementation of LAN Manager protocols and workgroup support.
- Samba2: NT4-style domain controller service for Windows workstations that are members of a domain.
- Samba3: Support for NT4 domain features and support for new versions of the SMB protocol.
Samba4: Transition to Active Directory
The Samba project has, since its version 2.0, the will to become an Active Directory. And it is in 2005, with the release of Samba4, that this project will gain momentum. Indeed, the objective of this version is to completely rewrite Samba based on Microsoft’s official specifications. Access to these specifications facilitates the development of this version. To consolidate the interoperability approach, the actors of the SMB protocols meet each year to test their different implementations of the protocol.
In 2012, it appeared that the implementation of the SMB protocol, based exclusively on Microsoft specifications, was not functional and that the SMB protocol implemented by Microsoft was complex and poorly documented. This is where Samba, developed empirically, has been able to make its mark by offering fully functional file sharing and printer features. The rewriting of Samba4 involved 3 major components:
- The Active Directory component.
- The smbd file sharing component.
- The winbindd user mapping component.
In September 2012, it was decided to use the smbd3 code as the basis for providing file and printer sharing functions. The Samba4 code was intended to provide the Active Directory function. Samba 184.108.40.206 was available in a stable version in December 2012. Starting with Samba 4, the development team has adopted the following approach::
- Version in development, considered as non-stable N+1, for example 4.11.
- Version in stable production N, for example 4.10.
- Version in corrective maintenance and security N-1, for example 4.9.
- Version in safety maintenance N-2, for example 4.8.
Samba Active Directory version 4.10 has been release for several days! We managed to hold back our impatience to tell you about it and take the time to test the brand new version. In a previous article, we borrowed the DeLorean to go back in time and discover the...read more
For almost 3 years, Amélie has been one of the few women employed at Tranquil IT, but she is above all the only woman in the company's technical support department. On the occasion of the 7th edition of the Digital Women's Day, meeting with Amélie, system...read more
Sharing, chatting and snacking The Tranquil IT team wanted to create links with its customers and bring together its community of users. but how? We thought that seeing each other face-to-face, and being able to put faces on all these names would be ideal, because we...read more