Samba and the Infamous Primary Domain Controller Support
If you find yourself having to maintain Windows NT clients on your network and you also run Samba servers, the question is bound to come up: "Can Samba act as a primary domain controller (PDC) for my Windows NT 4.0 clients?" Samba expert Jerry Carter explores this baited question and others related to the new Samba release.
If you find yourself having to maintain Windows NT clients on your network and you also run Samba servers, the question is bound to come up: "Can Samba act as a primary domain controller (PDC) for my Windows NT 4.0 clients?" While this sounds like a simple "yes" or "no" question, in reality the difficulty lies in the definition of what constitutes a real PDC.
Beginning with the release 1.9.18alpha1 in late 1997, Samba's community began to see the results of continued work to implement the undocumented Windows NT 4 Domain Control Protocol. Of course, this is old news to many of you, I'm sure. Let's flip forward approximately three years and examine how things have fared.
Samba 2.0.0 was released in late 1998. At this point, the main Samba development source code tree branched from the 2.0 release code. This is a standard practice that allows developers to place potential release code in a feature freeze without hindering the continued growth in the HEAD CVS branch. It was at this point that the PDC implementation in the current 2.0.x release series was frozen. Therefore, it is a vast understatement to simply say that the domain control implementation in 2.0.x is two years out of date. Many things were left undone, such as trust relationships, PDC/BDC replication, and user lists. Of course, due to the absence of Windows 2000 at this time, support for domain logons by these clients was also absent.
Two years is a very long time in software development, especially in the sometimes very active and fast-paced world of Samba. To support this growth spurt, another CVS code branch was created and deemed SAMBA_TNG (the TNG is for The Next Generation, as die-hard Star Trek fans will have recognized). This had been previously tried in another branch named BRANCH_NTDOM, which eventually became so altered from the main development tree that it had to be picked apart in little pieces because it was impossible to merge the code back into the main source tree. Still, much was learned and gained from this experiment, so it cannot by any means be considered a loss.
As the story goes, SAMBA_TNG advanced in many new areas, including the capability to replicate a SAM database from Windows NT PDC, NTLM Version 2 support, and support for domain logons from Windows 2000 clients. With these advances also came new designs and architectures.
However, in spite of all its advancement in functionality, SAMBA_TNG was still a development branch and lacked many features present in Samba release versions. Most of these relate to internal code stability and security, and so are not seen by end users. A community has grown up around SAMBA_TNG because it filled a need that was lacking in other Samba releases, namely PDC support. I use the word "releases" very lightly here in relation to SAMBA_TNG because it has never actually been released outside of tarball snapshots of alpha-quality development code.
So where does this leave us today? Will release versions of Samba ever officially have PDC support? The answer is a resounding "yes!" Current plans are to include full PDC support in version 3.0. For this to happen, it will require some major time commitments on behalf of team members. So, if things get a little quiet on the mailing lists sometimes and you find yourself saying, "I haven't heard from Andrew lately, or Jeremy either," please be patient with us. With some hard work and a little luck, we will get an official Samba PDC out the door yet.
About the Author
Gerald Carter has been a member of the SAMBA Team since 1998, and he is employed by VA Linux Systems. He is currently working with O'Reilly Publishing on a guide to LDAP for system administrators. He holds a master's degree in computer science from Auburn University, where he was also previously employed as a network and systems administrator. Gerald has published articles with various Web based magazines, such as Linuxworld, and has authored instructional course for companies such as Linuxcare. In addition, he acted as the lead author of Teach Yourself Samba in 24 Hours (Sams Publishing, 2000), and he actively gives tutorials at systems administration conferences.
During his spare time, Gerald enjoys running, hiking, playing music, and bible study. He resides with his beautiful wife of seven years in Dadeville, Alabama.