[Boarderline OT] Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
On 23/04/2008, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > This, if true, could propably handy for some developers or anybody else to > maybe improve the integration of oBSD into MS networks. You can already fully emulate/replace Windows Primary Domain Controllers (and Backup DCs, and member servers) with OpenBSD, and interoperate with Windows servers: http://www.kernel-panic.it/openbsd/pdc/ Btw., I heartily recommend Kernel Panic. It is a very nice site, with a cool OpenBSD section: http://www.kernel-panic.it/openbsd.html What Samba AFAIK still cannot currently do is fully replace/emulate Windows Active Directory Domain Controllers. It can interoperate in an AD network, and even AD DC functionality is *partially* implemented, but the work remains incomplete. (Cf. http://samba.org/samba/news/articles/abartlet_thesis.pdf -- 3 years old, but AFAIK still essentially correct.) That said, IMHO there are less things wrong with using an OpenBSD/Samba-based NT4-style PCD/BDC domain than there are with using a Windows server-based AD domain. I once had to rebuild a compromised Windows Server 2003 AD DC. The trouble was, with the preexisting backups (and out-of-the-box backup solutions), there didn't seem to be a way to wipe and reinstall the machine without losing the entire domain. So we wiped the box and reinstalled Windows Server 2003, and promoted the thing to an AD DC again, and even after restoring the backups found that we had to remove every single client from its old domain and add it to the new one, because the AD DC still considered itself master of a new domain and even with the backed up data, there was no way to convince it to take over as the master of the old one. On top of that, all file shares were screwed, because there were now new GUIDs involved, and because the Windows boxen had had server based profiles, no one could log on even after we fixed the above. After manually applying permissions (which in Windows Server 2003) still aren't properly propagated/applied throughout all subfolders, which thus all need to be checked as well), it still barfed, and every single user had to create an entirely new profile and manually copy desired settings from the old to the new profile. In summary: Windows AD networks don't just suck, they deep-throat. If there's any possibility that all of your AD DCs may get compromised simultaneously, and unless you have a *strongly* Windows Server-quirk-aware backup/restore solution that can fully restore AD DCs (and I'm not aware of any), then you're really gambling your entire network. If you have a choice, wait till Samba becomes fully AD interoperable and in the meantime use OpenBSD/Samba PDCs, BDCs, and member servers. The above link should help you with that. Thanks and regards, --ropers
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
On Wed, Apr 23, 2008 at 09:48:30AM +0200, [EMAIL PROTECTED] wrote: > I recently read about MS and there's a Blog wich claims (it includes a > list) that like 80% of all MS server protocols are not patented right now. > > This, if true, could propably handy for some developers or anybody else to > maybe improve the integration of oBSD into MS networks. This is unimportant and unworthy of serious attention. Professionals -- actual, real, live professionals, not mere ignorant newbies with strings of worthless certifications after their names -- don't use Microsoft products. ---Rsk
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
> So if you think it would be handy if you could remotely shutdown your > whole network from the Firewall you may could code the daemon right now > 'course the protocol itself is not "patented". Probably the windows machines lying on the network are already shutting down to apply hourly security fixes. This argument about "integration" with MS code is leading OpenBSD to nowhere, IMO. I like pf, I like the developers decision for "correctness", and I like the way engineers and coders created and enhanced UNIX. Why to mess something that's working properly for 20+ years for the sake of integration? If MS had a minimal interest on integration, they should have read implemented POSIX in a useful manner on their OS at least one decade ago. Now, all I can say is MS can keep its code for itself. My choice is clear.
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
> Samba is part of ports already, so the eventual improvements that come > as the result of having won the lawsuit and appeal will also be usable > with OpenBSD. So if you know someone with a Windows server, you might > steer them to ports: > > samba-3.0.25b > samba-3.0.25b-cups > samba-3.0.25b-cups-ldap > samba-3.0.25b-ldap > samba-docs-3.0.25b > smbldap-tools-0.9.2ap1 > > It is a step in helping them migrate to open services and protocols. > You might find it more useful to know that AFS is supported more or less > out of the box, as well as kerberos. LDAP can be added. I'm sorry for not pointing out the intention of my mail more crefully. The e-mail wich may is helpfull for programmers who might wish to program daemons/tools to interact with Windows (Authentication or such things) was send out to provide everybody who's interested into such things a little overview. :) Nothing more or less! So if you think it would be handy if you could remotely shutdown your whole network from the Firewall you may could code the daemon right now 'course the protocol itself is not "patented". Or maybe somebody codes a login_ntlm or anything else. Who knows :) There things wich are not "just" usefull for samba and where some programers (not just for OpenBSD maybe) are maybe interested into. :) Kind regards, Sebastian
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
Samba is part of ports already, so the eventual improvements that come as the result of having won the lawsuit and appeal will also be usable with OpenBSD. So if you know someone with a Windows server, you might steer them to ports: samba-3.0.25b samba-3.0.25b-cups samba-3.0.25b-cups-ldap samba-3.0.25b-ldap samba-docs-3.0.25b smbldap-tools-0.9.2ap1 It is a step in helping them migrate to open services and protocols. You might find it more useful to know that AFS is supported more or less out of the box, as well as kerberos. LDAP can be added. Regarding those specific protocols mentioned in the lawsuit and the appeal, here are two links about the context: http://www.groklaw.net/article.php?story=20071220124013919 http://www.groklaw.net/article.php?story=20070919214307459 [EMAIL PROTECTED] wrote: [snip] ...patented... [snip] Whether they are or aren't patented is not relevant for many of us. As you know, software patents are not valid in Europe. That includes Germany. For those for whom software patents are relevant, it does not matter if it is 80%, 20%, 5%, 1% or even just one software patent. All it takes is one. Besides, software patents are not a developer issue, they affect the end user. regards, -Lars
