Wednesday, January 28, 2009

Would you replace your domain controllers with Samba?

Samba gets closer and closer to being able to act as an Active Directory domain controller. Would you use an open-source alternative? Here's the thread that sparked this post:

"Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols. Because AD is 'far more than LDAP and Kerberos,' Bartlett said, Samba 4 is not only about developing with Microsoft's customization of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager."

I guess the potential gotcha here is the fact that "AD is far more than LDAP and Kerberos". That's certainly true.

Q: Could Samba 4 replace an AD domain controller?
A: Possibly, probably.

Q: Would an enterprise use Samba 4 exclusively without deploying a Microsoft-based AD domain controller?
A: I'm doubtful they'd want to take the risk. After all, AD pretty much "just runs". Imagine the business impact of the Samba 4 DCs blowing up and the pressure to "get them fixed". Yikes.

Q: Would an enterprise want to deploy an all Samba 4 DC-based enterprise?
A: I guess that depends on what Microsoft would say if you called in with a problem. What would they answer? Call Samba? (Where did I put that number...?)

Q: Would third-party AD-vendors support Samba 4 DCs with their tools?
A: Wow, that's a good question. Would Quest? I guess it depends if lots of customers started asking we'd be forced to. If not...

Q: Would small businesses use a Samba 4 DC-only environment?
A: Makes more sense in an SMB environment.

Microsoft has built a lot of value around Active Directory - like Exchange. Any company wanting to drop it entirely would need to be very careful and really evaluate their overall use of Microsoft products. I can see some edge cases where it might make sense but, in general, I don't see why you would. (OK, sure, SMB is not really an edge case but what SMB doesn't also want to run Exchange?)

Technorati Tags:
, , , ,

No comments: