[Samba] Samba4, MS CAL and Windows Server as domain member

L.P.H. van Belle belle at bazuin.nl
Tue Nov 5 04:05:23 MST 2013


>-----Oorspronkelijk bericht-----
>Van: samba at cardon.it [mailto:samba-bounces at lists.samba.org] 
>Namens Denis
>Verzonden: dinsdag 5 november 2013 10:39
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba4, MS CAL and Windows Server as domain member
>Hi everyone,
>I have a licencing question : do one need to buy CAL for every 
>user in a Samba4 domain when there is a Windows Server as a 
>domain member, knowing that the Windows server will be 
>accessed using SMB by Windows workstations?

If your workstations connect to this server you need a device cal. ( for example printing ) 
Every window "PRO" is included with a device cal.

IF the user connects to this server you need a user cal. ( share access / authorisation ) 
but, for example, if you only have 5 user connecting to this server out of a 100.
You only need 5 user cal's ( which is included with the server licence ) 

>As per http://www.samba.org/samba/docs/using_samba/ch01.html 
>and many other web sites, one of the main advantage of samba 
>is that no user CALs are required. And I think the case is 
>clear when there are only Windows workstation and one samba server.
>However, in the case where I have a Windows member server 
>joined to the Samba4 domain, do I need user CAL to access that 
>windows server throught SMB protocol? The MS licencing seems 
>to say yes 
>ss-license.aspx). But I cannot imagine how this could not be 
>considered as anticompetitive practice, at least here in 
>Europe... Indeed, it would remove the main financial advantage 
>of Samba4 over MSAD.

If the user authorisation is done with samba4, and there is no connection done to the windows server.
then you dont need a windows user/device cal.

If you have for example en MS SQL server running and you connect to the database, 
but not to printer and/or shares on the server, so only a connection by port for sql,
then, you only need sql licences. ( and the server licence ofcourse) 

>I have a client with an old Windows 2003 AD with all the 
>associated CALs that would need get an upgrade, and they would 
>prefer to go on the samba4 path. However if they have to pay 
>all the user CALs, the boss don't see any financial interest, 
>but only sees the risk associated with the migration.

The same risk is also there when you migrate/upgrade to windows XXX servers. 

>So, here are my questions... First a weird one : does the 2003 
>user CAL are "compatible" (in the licencing legal way) with a 
>samba4 server in 2008R2 forest mode in order for the windows 
>workstation to access both linux and windows server on the network?

see above. ( note, a windows 2003 cal is not a windows 2008 cal ) 
but, if you keep the 2003 server, you can use the calls even in 2008 mode. 
if you upgrade the 2003 to 2008, then you wil need to upgrade the cal's also. 

>Second : Is the CAL version requirement relative to the Active 
>Directory version or to the highest Windows server version on 
>the network? That is to say, if I add a win2k8 server on a 
>domain managed by an win2k3 AD, do I have to buy win2k8 CAL?

depends on FSMO roles and how you are accessing the servers. 

>I have not found any definitive answer on the internet. I can 
>only imagine that the CALs are associated to the number of 
>Active Directory accounts and Active Directory version, 
>otherwise one get kafkaesque issues. But in the case of 
>samba4, the notion of Active Directory version seems exotic... 
>Do any of you have any experience on those licencing questions?

Yes, i have.. 

My setup is as follow, Windows 2008R2 ADC and samba 4 DC. all FSMO roles are transferred to samba.
Samba handles the profiles/ user auth, printing, file share-ing. 
My windows server(s) are 1 x 2003 member server, 1 x 2008 R2 server ADC. 
The 2003 server is running Voip software, the 2008R2 is running MS SQL for my voip software.
( a boss who bought something without consulting IT first...  :-((  ) 
I only have 5 user licences, de one included with the server. 
also, only 3 user connects to the windows server, everything else is done by samba. 

I've had a SAM-evaluation by MS, and im fully legit this way, acording to microsoft. 
So yes, you can save costs in licencing. 

>Thanks for you input. Samba4 rocks!
Totaly agreed with that. ! 

>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list