[wpkg-users] WPKG client service script error on clean

Sat Feb 27 20:23:59 CET 2010

> -----Original Message-----
> From: wpkg-users-bounces at lists.wpkg.org [mailto:wpkg-users-
> bounces at lists.wpkg.org] On Behalf Of Vasaris
> Sent: Saturday, February 27, 2010 3:54 AM
> To: Rainer Meier
> Cc: wpkg-users at lists.wpkg.org
> Subject: Re: [wpkg-users] WPKG client service script error on clean
> 
> Hi
> 
> Samba domain should emulate standard domain features as well as
> Microsoft native one. They had plenty of time and opportunity to
> reverse engineer required protocols and functionality.

Samba supports Active Directory only as a domain member, and that works quite well as long as you don't use IPv6.

As a domain controller, it still only emulates the NT4-style domains. Samba 4 will finally support Active Directory as a domain controller, but I'm not really holding my breath for it. The development pace is glacial.

Development for it started early this century. The first public preview came out in 2006, and a few alpha releases (marked as dangerous for production use) have come out since then. Alpha 1 came out in 2007, and now they are at Alpha 11. Maybe they'll have it out of beta by 2015? If you want to play with it, you can download it at http://www.samba.org/samba/ftp/samba4/ but don't put it in production.

I think the main problems were threefold. First, there were legal issues - even if it was easy to reverse engineer, you may not be allowed to do it (those issues mostly got resolved thanks to the EU Antitrust lawsuit. Apparently, Microsoft still hasn't been all that forthcoming with documentation). Second, apparently the Samba code base did not lend itself to Active Directory; they pretty much had to start over from scratch for Samba 4. And third, I suspect that the developers themselves were only half-heartedly interested in AD. I recall hearing that Andrew Tridgell considered rsync a more important project than Samba.

> > As I am using Samba domains only I am also using a dedicated user
> account which
> > is allowed to access the share. This works quite OK but I fully agree
> that using
> > the machine account would be quite an elegant way to authenticate.
> 
> >From my POV, this is the only solution, as it is safe and does not
> have any administrative overhead. Therefore, if the client does not
> work, I think I will have to fall back to the Group Policy script
> activation mode.

Group Policies are closely connected to Active Directory. I believe there are ways to make them somewhat work with Samba, but you will be spending a lot of time tweaking things, and you'll be on your own. Also, even if you make it work, startup scripts are a Group Policy extension that is pretty much guaranteed to not work.

As for machine account vs. user account: NT4 domains (and thus, Samba domains) do have machine accounts. But they don't have startup scripts. They only have logon scripts that are executed AFTER logon in the context of the individual user.

I don't think there is a centrally-administered way around that in a Samba domain.