Samba4 in upcoming major release of Univention Corporate Server

Andrew Bartlett abartlet at
Tue Aug 23 02:29:27 MDT 2011

On Mon, 2011-08-22 at 16:08 +0200, Arvid Requate wrote:
> Hello Samba team,
> this is an OEM report from Univention. We are pursuing the ambitious goal to 
> include Samba4 in the next major release of our enterprise Linux distribution, 
> which is due to be released in November. As reported at the SambaXP'11 we had 
> a prototype published in February and we now published the first milestone 
> release of the upcomming major release (UCS 3.0 MS1). We contracted Stefan 
> Metzmacher/SerNet for support, e.g. regarding the sync of password hashes and 
> Kerberos keys between OpenLDAP and Samba4.
> To our knowledge AD-servers joined into a Samba4 domain currently do not 
> provide propper DC (logon) functionality due to the missing Sysvol 
> replication. So our plans are to communicate clearly to our customers that 
> joining AD-Servers into an UCS 3.0 based Samba4 domain is currently not 
> supported. Sure this would be nice, but it's not going to be a show-stopper 
> for us.
> An open question is the integration of file and print services. Depending on 
> the upstream development we might have to state that file and print services 
> can only be provided on member servers running Samba 3.6.x.
> Are there any ideas already, what development goals will be challenged in 
> Alpha18? We'd be interested to make a well adviced decision as to which would 
> be a good point for the next upstream snapshot.

I'm really keen to see companies like Univention picking up Samba4 and
using it in their products, and I'm keen to help in whatever way I can.

As to the goals for alpha17, I want to sort out the use-after-free issue
that Matthieu has reported, and then I think it's time for a release.
This should have a much improved upgrade_from_s3 script, providing an
upgrade route from smbpasswd and tdbsam, but using some of the same
infrastructure (for setting hashes etc).  It should also help ensure
your migration doesn't break.

For alpha18, the current development task seems to be in multi-domain
support.  We have demonstrated Samba4 joining a multi-domain forest, and
are working (by simple experimentation) at each blocking issue and
resolving them in turn.  There is plenty still to do, but this and the
migration code seems to be the development focus at the moment.  As
Matthieu has mentioned, we understand the urgency behind FRS or some
other sync mechanism, and we are also investigating ways to combine the
smbd file server with the AD components.  As you may have noticed, we
have a demo of this running as 'plugin_s4_dc' in our test environment. 

This next development 'sprint' is already well started (I just need to
cut alpha17 once I sort out the blocker), and will take place between
now and early October.  This time-frame is due to the plugfest we have
with Microsoft, which is typically both a goal and itself a hive of

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list