Coexistance of SAMBA4 with Windows 2008 R2 as ADC

jomy · 02-10-2013, 01:38 AM

Hi,

I've deployed SAMBA4 as ADC in our existing domain (abc.org) where we have MS 2008 R2 as PDC. As the SAMBA4 joined the windows domain, all data in AD got replicated to SAMBA4. We are planning to authenticate zimbra users and similar LDAP aware applications thru SAMBA4 so that we can save the licenses (Licensing costs involved when a user getting authenticated thru AD) of those users.

Now my question is ...

I would like to co-exist MS 2008 server and SAMBA4 for a few years and later do away with windows server.

My SAMBA4 appears as an ADC in windows 2008 server.The server having been seen in Windows server, will it attract any Licensing costs to Microsoft??

Any documentation available to prove that, the above mentioned deployment is free of License costs ??

Awaiting your valuable reply,

Jomy Mathew

Ser Olmy · 02-10-2013, 06:29 PM

There are two different licenses involved here: Server Licenses and CALs (Client Access Licenses).

A Windows DC needs a licensed copy of the Windows 2008 R2 operating system, the server license. This requirement is unaffected by other license requirements in your network. The Samba DC does not require such a license, as it is a GPL implementation of the SMB/CIFS and AD protocols.

In addition, a client accessing a server needs a CAL. There was a time when a CAL was only needed for clients specifically accessing file or print services (up to and including Windows 2000, I believe), but the current licensing rules demand that every connection to a Windows domain needs a CAL (tied to either the device or the account of the logged-in user). You should definitely read the fine print on your license agreement to verify this.

Since CALs are tied to either a device or a user account, one would think that simply adding another server (Windows or Samba) to the network should not affect the required number of CALs. But here's where it gets slightly murky: since a Samba DC is a domain member accessing AD on the Windows server for replication and authentication purposes, one might argue that each Samba server will need a CAL to join a domain with Windows DCs.

It all depends on how Microsoft defines a "client", but I know for a fact that joining a Windows server (DC or member server) to a SBS 2003 domain consumes a CAL. This could of course be specific to the SBS license model. You will need to check the fine print on your license agreement for the specifics.

Of course, once all Windows DCs have been eliminated from the domain, no CALs are required to join the domain. CALs may still be necessary to access services on member servers running Windows.

In my opinion, the only way to be reasonably certain you're in the clear with regards to licensing, is to get a written statement from a Microsoft representative.

jomy · 02-10-2013, 11:35 PM

Thank you sir for the info. I'll try to contact MS rep for a written statement

Jomy Mathew

barun mukhopadhyay · 10-07-2013, 08:25 AM

Hello

I have installed Samba4 on Centos 6.3 following the link :

http://www.alexwyn.com/computer-tips...ain-controller

Here , the Samba4 internal DNS is required .

But I am not able to connect this Samba 4 DC to Windows 2008 R2 ( acting as PDC ) by following the link
https://wiki.samba.org/index.php/Sam...main_as_a_DC:( without doing the Samba4 provision as a DC )

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = SAMDOM.NET

You should then test to make sure that DNS and kerberos are setup correctly to point at your existing domain controller. Test that it is all working by trying a kinit as a domain administration:

# kinit administrator

I am getting an error :

kinit :cannot resolve KDC in realm "SAMDOM.NET' while getting initial credentials .

Pls help how to resolve this issue .

regards

barun