After doing a lot of reading (and probably not understanding half of it) it looks like integrating Samba 4 into ClearOS is a fundamental 'under the bonnet' change. If I understand correctly Samba 4 incorporates its own servers for at least DNS, Time and LDAP purposes, effectively replacing those in ClearOS. Therefore I am assuming that the underlying architecture of ClearOS would need to point to the Samba elements instead, things like adding users, creating groups and passwords etc. So I am guessing that Samba 4 integration involves major reworking of the Webconfig as well as some form of 'connectors' for things like Zarafa (which I believe is LDAP driven).
Bearing the above in mind, does this mean that if I were to use the Samba upgrade scripts/tools to upgrade to Samba 4 this will 'break' ClearOS ?
A post a little while ago said that the Samba 4 implementation was to be considered alpha at that time, am I right in assuming that was because of the integration that is needed ? And if so is it at a stage where I can 'play' with it yet ? :P
Finally, has a decision been made yet as to whether Samba 4 Directory will be included in Community or just Pro (and if so will it be in Pro-Lite) ?
Many thanks in advance.
Steve
Bearing the above in mind, does this mean that if I were to use the Samba upgrade scripts/tools to upgrade to Samba 4 this will 'break' ClearOS ?
A post a little while ago said that the Samba 4 implementation was to be considered alpha at that time, am I right in assuming that was because of the integration that is needed ? And if so is it at a stage where I can 'play' with it yet ? :P
Finally, has a decision been made yet as to whether Samba 4 Directory will be included in Community or just Pro (and if so will it be in Pro-Lite) ?
Many thanks in advance.
Steve
Share this post:
Responses (37)
-
Accepted Answer
Hi Matt,
Still no ETA, but our development focus has shifted from ClearOS 6.6 (in beta) to ClearOS 7. There are still a few unknowns (e.g. the new installer in RHEL7) so it's hard to put an estimate on a release date. Guesstimate: we'll be seeing a public beta release by mid-September.
In ClearOS 7, Samba will be version 4 and we already have support for regular file shares and NT domains. I don't know if the Active Directory implementation will be stable enough for the initial ClearOS 7 release, but it will certainly be ready for kicking the tires. -
Accepted Answer
Hi,
any news on the progress with Samba 4? RHEL 7 was released a couple of weeks ago, so I thought there might be some official statement by now.
I'm setting up a PDC for a tiny little office environment, and I'd really prefer ClearOS over Zentyal, but the lack of Samba 4 is a little off-putting.
Any info on the topic would be appreciated. -
Accepted Answer
Richard George wrote:
Reading between the lines - and with no ETA being provided by the Red Hat/Samba 4 integration teams, it seems to me that the full addition (transition?) to Samba 4 could be some way off.
There's no official ETA, but at the same time full support seems to be available in RHEL7 Beta.
I note however, that the Samba roadmap (https://wiki.samba.org/index.php/Samba_Release_Planning) suggests we could be looking at EOL for Samba 3 about Nov/Dec 2014 time. If the RH/S4 team are still working at that time, would it be worth pushing for a continuation of security fixes for S3 beyond Nov?
My gut tells me that the 3.6.x series will be maintained for quite some time beyond 2014. There are a lot of NAS vendors using 3.x, and all will need a longer maintenance period. The work will be done internally by the NAS vendors (and Red Hat), or some kind of collaboration will occur. Regardless, 3.x will be hanging around for quite some time.
And there is then the big question of how to move from COS 6.5 to (projected) COS 7 (which is where, I assume S4 becomes the norm) .. will we need to reinstall?
So far, the upgrade is looking quite clean (knock on wood). The Samba 4 solution can still be configured as a simple file server / NT domain (i.e. the exact same way as it is in ClearOS 6). No Active Directory required. When playing around with ClearOS 7, the NT domain stuff worked right out of the box :-)
Migrating from an NT-domain to Samba 4 Directory... that's another story. -
Accepted Answer
Reading between the lines - and with no ETA being provided by the Red Hat/Samba 4 integration teams, it seems to me that the full addition (transition?) to Samba 4 could be some way off.
I note however, that the Samba roadmap (https://wiki.samba.org/index.php/Samba_Release_Planning) suggests we could be looking at EOL for Samba 3 about Nov/Dec 2014 time. If the RH/S4 team are still working at that time, would it be worth pushing for a continuation of security fixes for S3 beyond Nov?
And there is then the big question of how to move from COS 6.5 to (projected) COS 7 (which is where, I assume S4 becomes the norm) .. will we need to reinstall? -
Accepted Answer
Quick update:
The upstream Red Hat Enterprise Linux 7 beta included the Samba 4 components needed to deploy the ClearOS Samba Directory solution. We're hoping this means the last remaining "big" blocker has been solved (or will be solved with the final release of version RHEL 7). What's the blocker? From the Samba Directory Beta 1 Release Notes:
To make a long story short, most (if not all) of the Red Hat family distributions use the MIT Kerberos implementation, while Samba 4 uses the Heimdal implementation. These two implementations do not play well together in certain situations and this needs to be resolved. The Samba Team and Red Hat are working on the integration, but no ETA is available at this time.
The next ClearOS Samba Directory beta will be released on a ClearOS 7 beta with the expectation of shipping the solution with the release of ClearOS 7. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi Guys
Just wanted to check in and find out if there has been any news with regards to the community version getting Samba Directory (even with a user limitation). Also want to know if the community version will get the QoS app? What is the status of the protocol filter app - will it be making a return?
Lastly, who can give me some advice on port forwarding and/or NAT'ing between seperate VLANs?
Keep up the good work guys -
Accepted Answer
-
Accepted Answer
Hey Marcel,
Marcel van Leeuwen wrote:
I'm not super familiar with Samba I'll use it everyday (filesharing) but never follow the Samba community. What are the big changes?
You can split Samba 4 up into two distinct features:
- A Windows File Server -- the good ol' Samba that we have come to know
- A server that implements the Active Directory protocol -- new in Samba 4
For Flexshares and standard Windows Network Neighborhood kind of stuff, Samba 4 is an evolutionary change from the Samba 3 code base. Better support for Windows 7/8 comes to mind, but you probably won't notice much of a difference.
For those looking for a drop-in replacement for an Active Directory system, Samba 4 is now an option. How did the Samba guys and gals do it? Impressive stuff!
Am I right in assuming that ClearOS Community will get the full Samba 4 implementation including using it as AD DC?
Doubtful. ClearCenter is sponsoring the development (non-trivial) and will want to recoup some of that cost. Active Directory is a business-only type of feature, so it's well suited to the Professional Edition. There might be an option to have a free version for up to 10-ish users (aimed at geeks who implement AD in their homes), but that's wait and see at the moment. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Just an update. The Samba 4 beta 1 development went really really well and it will be released with the upcoming ClearOS 6.5.0 Beta 2. Because the implementation went well, we're going to keep moving forward and make it feature complete in October. There are a few apps that still need to be "Samba-4-ized":
- Flexshare
- IMAP/POP Server
- Mail Settings
- Password Policies
- RADIUS (Wireless on ClearBOX systems depend on this)
- Zarafa
Except for Flexshare (which just has some weird group issue that needs fixing), the above apps all require deeper integration into the Samba 4's LDAP directory. It turns out that the existing ClearOS LDAP implementation already does most of the heavy lifting, so the estimated development time dropped by an order of magnitude. Very excited! -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
ClearOS 6.5.0 is baking right now and the beta should be available next week. The Samba Directory (Samba 4) app will be discussed at an upcoming roadmap meeting for inclusion in ClearOS 6.6.x. We'll see where it lands.
I'd also like to know if there is a way to run another Linux installation as a VM on top of Clearos. If so, how is that done?
I'm not an expert in this field, but I do see VirtualBox installed on ClearOS systems from time to time. -
Accepted Answer
Hi Peter
Thanks for the answer. I'm glad to see you guys are still moving along nicely with Clearos. I have to say it's definitely my preferred Linux firewall solution.
I'd just like to know if there is any news regarding the Samba directory development? I'd also like to know if there is a way to run another Linux installation as a VM on top of Clearos. If so, how is that done?
Thanks for the feedback -
Accepted Answer
Bianca & Werner wrote:
Oh, a side note. I see that Clearos 7 alpha has been listed on the roadmap, does that mean that 6.5 is the last version of Clearos 6?
ClearOS 6 will continue on for quite some time - we'll be following the upstream releases like clockwork
Or is that just a preliminary listing? Are you guys planning any major changes for version 7?
A tracker item was needed with the 7.0.0 target, so it's really just preliminary stuff. As for the potential major changes in ClearOS 7:
- IPv6
- Based on upstream's version 7 ... will we see a beta before the end of the year?
- ARM build ... Raspberry Pi :-)
The app framework isn't changing much, so a clean upgrade path should be available. Our goal is to make sure all of the existing apps and most of the future apps will be compatible with both ClearOS 6 and 7. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Doh! I should have added this blurb to the alpha release notes. Anything with an OpenLDAP extension (e.g. the "contact information" that you see when editing a user) needs to be "Samba 4-ized". OpenLDAP extensions are required for:
- Zarafa
- IMAP
- Secure Shell Extension
- OwnCloud (unreleased)
So, the above apps won't work on the Samba 4 / Directory Alpha. For the most part, it's just a matter of creating the Samba 4 equivalent extension. IMAP and Secure Shell are trivial, but Zarafa is more involved (AD Snap-In is required, and that's only available in commercial versions of Zarafa). -
Accepted Answer
Hi Peter
I forgot to mention one thing last week. I was playing around in my ClearOS Pro VM with the Samba Directory alpha installed and found that the POP/IMAP server fails to install. It gives quite a few errors complainig about Samba 3 dependencies (see attached screenshot). Would that mean a re-write of the app for compatibility with Samba 4?
Thanks -
Accepted Answer
-
Accepted Answer
It looks like the "%U" macro described in the Big Gotcha section is just a limitation of Samba 4 (mailing list thread). The solution is to change the home directory attribute in the directory. That's certainly do-able! Now all we need is a commitment from ClearCenter to move ahead with the feature. -
Accepted Answer
Unfortunately, there has been no progress on the Samba 4 / Directory implementation. The Big Gotcha is still unresolved and that has stopped everything. It's too bad since a lot of effort went into ClearOS 6 to make it Samba 4 compatible :-( -
Accepted Answer
Hi Peter and the team
I'd like to find out what the progress is with the Samba 4 integration. I've found that quite a few other opensource apps are requiring Samba 4 Directory these days ie OpenChange. I'm looking at building a ClearOs based exchange server for a client and OpenChange together with SOGo would make that possible.
I'd also like to know whether a decision has been made as to whether the full Samba Directory, with or without user limitations, will be available for the Community version.
Thanks -
Accepted Answer
Stephen wrote:
as well as some form of 'connectors' for things like Zarafa (which I believe is LDAP driven).
There are three apps that depend on LDAP extensions:
- Zarafa
- RADIUS
- Shell Extension (granting shell/SSH access)
These apps won't work with Samba 4 Directory right out of the box. The RADIUS and Shell Extension should be easy to tweak -- only configuration file changes are required. Zarafa integration is trickier, but the Zarafa / Samba 4 schema work is already done - see https://community.zarafa.com/pg/plugins/project/9588/developer/tdeklein/samba4-ad-integration-for-zarafa -
Accepted Answer
Hi Stephen,
After doing a lot of reading (and probably not understanding half of it) it looks like integrating Samba 4 into ClearOS is a fundamental 'under the bonnet' change. If I understand correctly Samba 4 incorporates its own servers for at least DNS, Time and LDAP purposes, effectively replacing those in ClearOS. Therefore I am assuming that the underlying architecture of ClearOS would need to point to the Samba elements instead, things like adding users, creating groups and passwords etc. So I am guessing that Samba 4 integration involves major reworking of the Webconfig as well as some form of 'connectors' for things like Zarafa (which I believe is LDAP driven).
Yup, it was a fundamental change but most of the heavy lifting was done with the ClearOS 6 release. We moved to a "driver-based" implementation in 6 and all the apps were built on top of a driver-agnostic layer. For example, the ClearOS PPTP server works with the OpenLDAP driver or the Active Directory Connectory driver. With no coding changes in the PPTP app, dropping in the Samba 4 Directory works like a charm!
Bearing the above in mind, does this mean that if I were to use the Samba upgrade scripts/tools to upgrade to Samba 4 this will 'break' ClearOS ?
You would need the "Samba Directory" driver to get this working - see alpha 1 note below.
A post a little while ago said that the Samba 4 implementation was to be considered alpha at that time, am I right in assuming that was because of the integration that is needed ? And if so is it at a stage where I can 'play' with it yet ?
We haven't "officially" announced the alpha, but the following alpha 1 release notes should work fine:
http://www.clearcenter.com/support/documentation/clearos_professional_6/samba_directory_-_alpha_1
Finally, has a decision been made yet as to whether Samba 4 Directory will be included in Community or just Pro (and if so will it be in Pro-Lite) ?
Nope. Personally, I'm leaning on making it free for up to 10 users just cover those geeks who want to run AD on their home networks :-) -
Accepted Answer
Hi Stephen,
After doing a lot of reading (and probably not understanding half of it) it looks like integrating Samba 4 into ClearOS is a fundamental 'under the bonnet' change. If I understand correctly Samba 4 incorporates its own servers for at least DNS, Time and LDAP purposes, effectively replacing those in ClearOS. Therefore I am assuming that the underlying architecture of ClearOS would need to point to the Samba elements instead, things like adding users, creating groups and passwords etc. So I am guessing that Samba 4 integration involves major reworking of the Webconfig as well as some form of 'connectors' for things like Zarafa (which I believe is LDAP driven).
Yup, it was a fundamental change but most of the heavy lifting was done with the ClearOS 6 release. We moved to a "driver-based" implementation in 6 and all the apps were built on top of a driver-agnostic layer. For example, the ClearOS PPTP server works with the OpenLDAP driver or the Active Directory Connectory driver. With no coding changes in the PPTP app, dropping in the Samba 4 Directory works like a charm!
Bearing the above in mind, does this mean that if I were to use the Samba upgrade scripts/tools to upgrade to Samba 4 this will 'break' ClearOS ?
You would need the "Samba Directory" driver to get this working - see alpha 1 note below.
A post a little while ago said that the Samba 4 implementation was to be considered alpha at that time, am I right in assuming that was because of the integration that is needed ? And if so is it at a stage where I can 'play' with it yet ?
We haven't "officially" announced the alpha, but the following alpha 1 release notes should work fine:
http://www.clearcenter.com/support/documentation/clearos_professional_6/samba_directory_-_alpha_1
Finally, has a decision been made yet as to whether Samba 4 Directory will be included in Community or just Pro (and if so will it be in Pro-Lite) ?
Nope. Personally, I'm leaning on making it free for up to 10 users just cover those geeks who want to run AD on their home networks :-)
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »