Re: [openstack-dev] Time to Samba! :-)
Just for the record, they are watching us!:-O https://aws.amazon.com/blogs/aws/new-aws-directory-service/ Best! Thiago On 16 August 2014 16:03, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! If yes, then, what is the best way/approach to achieve this?! I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt... Don't you guys think that it is time to have an OpenStack project for LDAP too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think that it will be huge if we manage to integrate it with OpenStack. I think that it would be nice to have, for example: domains, users and groups management at Horizon, and each tenant with its own Administrator (not the Keystone global admin) (to mange its Samba4 domains), so, they will be able to fully manage its own account, while allowing Keystone to authenticate against these users... Also, maybe Designate can have support for it too! I don't know for sure... Today, I'm doing this Samba integration manually, I have an external Samba4, from OpenStack's point of view, then, each tenant/project, have its own DNS domains, when a instance boots up, I just need to do something like this (bootstrap): -- echo 127.0.1.1 instance-1.tenant-1.domain-1.com instance-1 /etc/hosts net ads join -U administrator -- To make this work, the instance just needs to use Samba4 AD DC as its Name Servers, configured at its /etc/resolv.conf, delivered by DHCP Agent. The packages `samba-common-bin` and `krb5-user` are also required. Including a ready to use smb.conf file. Then, ping instance-1.tenant-1.domain-1.com worldwide! It works for both IPv4 and IPv6!! Also, Samba4 works okay with Disjoint Namespaces http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx, so, each tenant can have one or more domains and subdomains! Like *. realm.domain.com, *.domain.com, *.cloud-net-1.domain.com, *.domain2.com... All dynamic managed by Samba4 and Bind9! What about that?! Cheers! Thiago ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
Hi Thiago, Like for the Windows case, where we have Heat templates for AD DC and other MSFT related workloads (Exchange, SQL Server, SharePoint, etc) [1], the best place in OpenStack for Samba 4 DC is a dedicated Heat template. Heat is the de facto workload orchestration standard for OpenStack, so I'd definitely start from there. Said that, Keystone has AD support via LDAP. It'd be great to see some documentation for using a Samba 4 DC in place of a Windows DC. Another area of interaction for Samba 4 is Cinder: we have code under review for exporting volumes over SMB, useful for Hyper-V compute nodes and other scenarios. [2] Talking about Nova, in large deployments using Hyper-V compute nodes it's common to manage credentials with domain membership, quite useful for live migration in particular. I'd like to document the usage of a Samba 4 AD DC in this context, although the last time I tried I had issues with Kerberos delegation, required for live migration. Quite some time passed, so it's definitely worth giving it another try. Slightly outside of the OpenStack territory (but still correlated to it) I'd consider also Ubuntu Juju for the fact that it's possible to create relationships based on a Samba 4 DC charm and any other charm that needs domain membership. We have charms for Windows AD, it'd be great to add a Samba 4 as an alternative. Thanks, Alessandro [1] https://github.com/cloudbase/windows-heat-templates [2] https://blueprints.launchpad.net/cinder/+spec/smbfs-volume-driver On 16.08.2014, at 22:12, Martinx - ジェームズ thiagocmarti...@gmail.commailto:thiagocmarti...@gmail.com wrote: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! If yes, then, what is the best way/approach to achieve this?! I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt... Don't you guys think that it is time to have an OpenStack project for LDAP too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think that it will be huge if we manage to integrate it with OpenStack. I think that it would be nice to have, for example: domains, users and groups management at Horizon, and each tenant with its own Administrator (not the Keystone global admin) (to mange its Samba4 domains), so, they will be able to fully manage its own account, while allowing Keystone to authenticate against these users... Also, maybe Designate can have support for it too! I don't know for sure... Today, I'm doing this Samba integration manually, I have an external Samba4, from OpenStack's point of view, then, each tenant/project, have its own DNS domains, when a instance boots up, I just need to do something like this (bootstrap): -- echo 127.0.1.1 instance-1.tenant-1.domain-1.comhttp://instance-1.tenant-1.domain-1.com instance-1 /etc/hosts net ads join -U administrator -- To make this work, the instance just needs to use Samba4 AD DC as its Name Servers, configured at its /etc/resolv.conf, delivered by DHCP Agent. The packages `samba-common-bin` and `krb5-user` are also required. Including a ready to use smb.conf file. Then, ping instance-1.tenant-1.domain-1.comhttp://instance-1.tenant-1.domain-1.com worldwide! It works for both IPv4 and IPv6!! Also, Samba4 works okay with Disjoint Namespaceshttp://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx, so, each tenant can have one or more domains and subdomains! Like *.realm.domain.comhttp://realm.domain.com, *.domain.comhttp://domain.com, *.cloud-net-1.domain.comhttp://cloud-net-1.domain.com, *.domain2.comhttp://domain2.com... All dynamic managed by Samba4 and Bind9! What about that?! Cheers! Thiago ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
On Mon, 2014-08-18 at 07:27 +, Alessandro Pilotti wrote: Hi Thiago, Like for the Windows case, where we have Heat templates for AD DC and other MSFT related workloads (Exchange, SQL Server, SharePoint, etc) [1], the best place in OpenStack for Samba 4 DC is a dedicated Heat template. Heat is the de facto workload orchestration standard for OpenStack, so I'd definitely start from there. Interesting. How do you see this compared to doing it in Murano? (In any case, I'm happy to help anyone working on this, no matter the layer). Said that, Keystone has AD support via LDAP. It'd be great to see some documentation for using a Samba 4 DC in place of a Windows DC. Another area of interaction for Samba 4 is Cinder: we have code under review for exporting volumes over SMB, useful for Hyper-V compute nodes and other scenarios. [2] Samba currently can't support HyperV as a SMB server due to a limitation in our SMB3 support: https://bugzilla.samba.org/show_bug.cgi?id=9938 However, we are making progress on 'Leases', which I understand is part of required solution here. Talking about Nova, in large deployments using Hyper-V compute nodes it's common to manage credentials with domain membership, quite useful for live migration in particular. I'd like to document the usage of a Samba 4 AD DC in this context, although the last time I tried I had issues with Kerberos delegation, required for live migration. Quite some time passed, so it's definitely worth giving it another try. If you have specific, reproducible issues with our KDC blocking Samba's use in OpenStack and are able to work with me to test the solution, please bring them to my personal attention. I am very happy to address specific use cases, and this one in particular means a lot to me. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
On Sat, Aug 16, 2014 at 11:03 PM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! If yes, then, what is the best way/approach to achieve this?! I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt... Don't you guys think that it is time to have an OpenStack project for LDAP too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think that it will be huge if we manage to integrate it with OpenStack. I think that it would be nice to have, for example: domains, users and groups management at Horizon, and each tenant with its own Administrator (not the Keystone global admin) (to mange its Samba4 domains), so, they will be able to fully manage its own account, while allowing Keystone to authenticate against these users... Also, maybe Designate can have support for it too! I don't know for sure... Today, I'm doing this Samba integration manually, I have an external Samba4, from OpenStack's point of view, then, each tenant/project, have its own DNS domains, when a instance boots up, I just need to do something like this (bootstrap): -- echo 127.0.1.1 instance-1.tenant-1.domain-1.com instance-1 /etc/hosts net ads join -U administrator -- To make this work, the instance just needs to use Samba4 AD DC as its Name Servers, configured at its /etc/resolv.conf, delivered by DHCP Agent. The packages `samba-common-bin` and `krb5-user` are also required. Including a ready to use smb.conf file. Then, ping instance-1.tenant-1.domain-1.com worldwide! It works for both IPv4 and IPv6!! Also, Samba4 works okay with Disjoint Namespaces, so, each tenant can have one or more domains and subdomains! Like *.realm.domain.com, *.domain.com, *.cloud-net-1.domain.com, *.domain2.com... All dynamic managed by Samba4 and Bind9! What about that?! Cheers! Thiago There are several existing OpenStack projects which can help to leverage Samba support: 1. Manila - it seems to be capable of provisioning and attaching CIFS/SMB shares. I know Samba is more than just a CIFS share, but it is a significant part of it 2. You can use Heat to spin up a VM and configure Samba server 3. You can use Murano to spin up VMs with Samba, LDAP, Kerberos, etc (done with Heat internally) and configure them to work together Thanks, Ruslan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
This can be addressed by Murano only if its deployed to the cloud (on VM belonging to some tenant). Having it on OpenStack service layer integrated with major OpenStack services sounds very promising. The problem I see is significant overlap with Keystone, especially in Kerberos and LDAP parts Sincerely yours, Stan Lagun Principal Software Engineer @ Mirantis sla...@mirantis.com On Sun, Aug 17, 2014 at 4:56 AM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: I know! :-P On 16 August 2014 21:17, Adam Lawson alaw...@aqorn.com wrote: Also, don't forget that AD != LDAP. ;) On Aug 16, 2014 5:16 PM, Adam Lawson alaw...@aqorn.com wrote: Doesn't Murano address this already? On Aug 16, 2014 2:35 PM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: I think that it would be great too! OpenLDAP-as-a-Service... With multi-domain support! :-) Nevertheless, last time I used Samba, was back in 2001... It is impressive these days! It worth take a look... I'm using it for about two months now, it is great! Cheers! On 16 August 2014 18:01, Clint Byrum cl...@fewbar.com wrote: Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
On Sun, Aug 17, 2014 at 4:16 AM, Adam Lawson alaw...@aqorn.com wrote: Doesn't Murano address this already? Please note that Murano is no longer a windows-as-a-service or smth-as-a-serivce. Murano is an application catalog [1]. But you're absolutely right, this is a perfect use case for Murano - application developer can describe those applications and publish them in catalog, which will enable cloud users to combine those apps together. LDAP, Kerberos, Samba, ActiveDirectory - are applications in terms of Murano. [1] https://wiki.openstack.org/wiki/Murano -- Ruslan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
On Sun, 2014-08-17 at 13:05 +0400, Ruslan Kamaldinov wrote: On Sun, Aug 17, 2014 at 4:16 AM, Adam Lawson alaw...@aqorn.com wrote: Doesn't Murano address this already? Please note that Murano is no longer a windows-as-a-service or smth-as-a-serivce. Murano is an application catalog [1]. But you're absolutely right, this is a perfect use case for Murano - application developer can describe those applications and publish them in catalog, which will enable cloud users to combine those apps together. LDAP, Kerberos, Samba, ActiveDirectory - are applications in terms of Murano. [1] https://wiki.openstack.org/wiki/Murano G'Day, Indeed, I think Murano may well be the natural home of Samba deployed as an AD DC, inside a tenant. I reached out to the Murano team a few months ago, but haven't have any time to put into development of a Samba AD DC application yet. I work for Catalyst in NZ, and lurk here and quite close to our internal OpenStack team. I think OpenStack is a great opportunity for Samba and Samba is a great fit for OpenStack, particularly when we look at the emerging market of Desktop as Service, things like hosted Exchange (or more particularly OpenChange), and single-sign-on from the Windows-dominated enterprise. What I would like to do is to work closely with someone already more familiar with the OpenStack world, and provide my expertise and assistance to that existing effort. I also think that Samba does justify being beyond just being an application in Murano, because for the best results, Samba should be used, but not administered directly. Instead, what would bring the best out of Samba is deployment like in Trove, where the Tenant does not get rights to directly touch the instance - operation of the AD DC should be by OpenStack, not the end-user. Finally, yes Samba certainly plays a role in Manila, and while currently very well hidden, I think that some really great functionality can be exposed via the 'generic' driver that would be far from generic. Imagine if that driver 'just worked' with exposed snapshots via the windows 'previous versions' tab, for example. Or, imagine if we used the OpenStack machine credentials to securely get a Kerberos ticket for access to a big multi-tenant file share? As I mention, I do lurk here, but also feel free to contact me directly or the Samba lists if you are implementing Samba as an OpenStack service, and you think I can help, or think I've missed some discussion. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
On Sun, 2014-08-17 at 13:00 +0400, Stan Lagun wrote: This can be addressed by Murano only if its deployed to the cloud (on VM belonging to some tenant). Having it on OpenStack service layer integrated with major OpenStack services sounds very promising. The problem I see is significant overlap with Keystone, especially in Kerberos and LDAP parts I do agree that Samba belongs, for many use cases, in the OpenStack service layer. I'm very interested to understand how you see it overlapping with Keystone - both for my understanding and for possible integration or assistance. Samba's user database I think mostly pertains to the users in a tenant (even if not managed by that tenant), wheras I understand Keystone is typically the VMs and their administrators. For those there is some overlap, but not one I think should cause us a major issue, but I'm very interested to learn more. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
I think that it would be great too! OpenLDAP-as-a-Service... With multi-domain support! :-) Nevertheless, last time I used Samba, was back in 2001... It is impressive these days! It worth take a look... I'm using it for about two months now, it is great! Cheers! On 16 August 2014 18:01, Clint Byrum cl...@fewbar.com wrote: Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
Doesn't Murano address this already? On Aug 16, 2014 2:35 PM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: I think that it would be great too! OpenLDAP-as-a-Service... With multi-domain support! :-) Nevertheless, last time I used Samba, was back in 2001... It is impressive these days! It worth take a look... I'm using it for about two months now, it is great! Cheers! On 16 August 2014 18:01, Clint Byrum cl...@fewbar.com wrote: Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
Also, don't forget that AD != LDAP. ;) On Aug 16, 2014 5:16 PM, Adam Lawson alaw...@aqorn.com wrote: Doesn't Murano address this already? On Aug 16, 2014 2:35 PM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: I think that it would be great too! OpenLDAP-as-a-Service... With multi-domain support! :-) Nevertheless, last time I used Samba, was back in 2001... It is impressive these days! It worth take a look... I'm using it for about two months now, it is great! Cheers! On 16 August 2014 18:01, Clint Byrum cl...@fewbar.com wrote: Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Time to Samba! :-)
I know! :-P On 16 August 2014 21:17, Adam Lawson alaw...@aqorn.com wrote: Also, don't forget that AD != LDAP. ;) On Aug 16, 2014 5:16 PM, Adam Lawson alaw...@aqorn.com wrote: Doesn't Murano address this already? On Aug 16, 2014 2:35 PM, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: I think that it would be great too! OpenLDAP-as-a-Service... With multi-domain support! :-) Nevertheless, last time I used Samba, was back in 2001... It is impressive these days! It worth take a look... I'm using it for about two months now, it is great! Cheers! On 16 August 2014 18:01, Clint Byrum cl...@fewbar.com wrote: Excerpts from Martinx - ジェームズ's message of 2014-08-16 12:03:20 -0700: Hey Stackers, I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm using it on a daily basis as an AD DC controller, for both Windows and Linux Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! In OpenStack ecosystem, there are awesome solutions like Trove, Solum, Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, working as an AD DC, within OpenStack itself?! But, if we did that, what would be left for us to reinvent in our own slightly different way? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev