Samba and Windows integration
Samba is the glue that binds Linux servers and Windows desktops together. A critical part of many government, corporate and educational networks, Samba is well known as a file and print server for the SMB protocol. Even more importantly, however, Samba also provides the cornerstone of network authentication, an Active Directory Domain Controller.
Catalyst is the major force behind Samba's Active Directory DC capability.
We now offer a free initial video call to discuss how you use Samba as an AD DC, any issues you face and how you could use it better and integrate it further with the rest of your network.
Samba as an Active Directory Domain Controller
As every organisation grows, the need for secure, centralised authentication becomes more and more important. Providing the hub for domain control of Windows desktops, and the de-facto integration point for many other services, both open source and commercial, an Active Directory DC is an important service.
Samba provides that service free from the per-user licensing constraints of a Windows-based solution. Many of our customers particularly appreciate that they can run Samba like the rest of their core network services on their own choice of Linux distribution.
Finally, Samba offers more than just a replication of a Windows AD domain, with Catalyst-developed features such as storage of unix-style passwords for synchronisation with Google and OpenLDAP, and a modern JSON-based audit framework.
Why choose Catalyst for Samba support?
Catalyst is a key contributor to Samba and so is well placed to provide you with the expert advice you need when deploying Samba on your network, as a file server but particularly as an AD Domain Controller. If your organisation or business has over one hundred staff, it’s likely you’ll need secure permissions of access across your network. That’s when the Catalyst Samba Team can help.
We can adapt and tailor Samba development to solve access and identity verification for your organisation or business.
Samba comes with no lock-in and can integrate with public and private cloud services.
- We provide advice on how best to integrate Samba and Samba-based devices into Active Directory Domains.
- We support Samba appliance vendors, including NAS vendors, with 3rd level support expertise to back-stop customer support responsibilities, including both file server and authentication features.
- We advise Samba vendors on bug fixes and features as they are developed upstream, and back-porting as required.
- We custom develop new Samba performance features, such as the integration of new products, and the extension of Samba's core functionality.
- We implement Samba4's Active Directory Domain Controller on new platforms and devices.
Samba deployment and support
- We support organisations directly implementing the "Samba4" Active Directory Domain Controller.
- We guide upgrades from Samba 3.x domains to the Samba Active Directory Domain Controller of Samba 4.x, including consultation on upgrades from the OpenLDAP backend of Samba's 'classic' DC architecture.
- Our ongoing support services are backed by a Service Level Agreement (SLA).
Meet the team:
Andrew Bartlett leads the Catalyst Samba Team. He’s worked on Samba since 2001 and is an expert in Samba's authentication and authorisation protocols. Andrew has built and maintained Samba’s authentication code and is a lead developer on the Samba Active Directory Domain Controller effort. In 2021 Andrew discovered a critical Kerberos vulnerability in Active Directory (which impacted both Microsoft Windows and Samba) and led the Samba Team's response: https://www.cert.govt.nz/it-specialists/advisories/critical-vulnerability-in-windows-kerberos-protocol/
Douglas Bagnall has been a Samba developer since 2015 and is also a member of the upstream Samba Team. Douglas is the author of a number of Samba's administrative visualisation tools and is an expert in making systems software understandable by people.
Gary Lockyer joined the Samba project in 2017. Gary is the primary author of Samba's authentication and authorisation JSON-formatted audit framework.
Joseph Sutton joined the Samba project in 2021 and quickly became an expert in Kerberos, the core authentication protocol used in Active Directory. Joseph has, in the course of his testing work, discovered a number of Denial Of Service vulnerabilities in Kerberos implementations, including Microsoft Windows, MIT and Heimdal Kerberos.