Yes, so I read that they tried blank machine account passwords where Microsoft (indeed) uses a random password only known to the computer (and the hash in AD)...

For more information (just some google hits):

http://blogs.technet.com/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
http://technet.microsoft.com/en-us/library/cc785826.aspx

I worked as an architect for Microsoft products, I can assure you that I did price & worked on implementing AD, Exchange, OCS, SCCM, SCOM, ... implementations on customers ranging from 15 to 225.000 clients. The acquisition costs are usually neglegible (capex), the operational costs are what drive decision makers towards a solution (unless you are talking Oracle databases that charge insanely high rates for licensing, but let's not go into that).

Besides, when you have an agreement with Microsoft, they practically give you away the OS licenses & CAL's for free (academic agreements & volume agreements - depending on the skills of the negotiators at your purchasing department). And even if you don't, the list price for W2K8 Standard Edition is 600 euros (that would be about $750). Heck, that's what any consultant charges for a single day of work & what it will cost you just to have a single meeting on the Samba 4 subject with any knowledgeable person. So no, the license cost is not an issue in any environment that has more than 50 PC's.

It is not very comforting to read the following statement:

"My Russian connection has had Samba 4 running in production since last June and has discovered a few missing features. They also discovered that machines would stop working after 28 days which was something to do with password expiry."

"Something to do with...". This is in every AD 101 book (machine accounts, password renewal, ... thing). I would at least expect that the Samba developers have experience in installing, running and maintaining a "realistic" Active Directory environment (read: more than 1000 client machines) before delving into the real messy details. I am not sure I even want to know how they are going to handle disaster recovery (one of the fun parts of AD, rest assured).

Honestly, I cannot imagine why anyone would want to run a FOSS equivalent Active Directory. After having spent months in setting up a full mixed Windows/Linux environment (OpenLDAP, Kerberos, Samba, the works), I can say that setting up AD is a breeze: for me, it is a prime example where Microsoft took existing technologies (LDAP, DNS, Kerberos) and actually turned it into something useful without the typically associated configuration nightmares. And it works very stable indeed.

And please, cost is not a reason for not going with Active Directory. The cost of a single Windows Server license is absolutely peanuts compared to what *you* cost your employer. The operational costs are what matter in long term and I am pretty confident that Microsoft's AD will do much better than that for the years to come.

Let me jump in and add something to that: three years ago, I went through the entire process of setting up a 80 desktop environment using Linux. I set up an LDAP server, Samba, home folders on a centralized share, print servers using CUPS, mail server using Dovecot/EXIM, a centralized configuration system and a minimal level of failover redunancy... in short: the works. The system worked nice and stable, but it took me 2 months to get everything up and running (granted, at the time, I was new to LDAP and it took some time to set up the master/slave replication, integrate PAM & Samba into it and write my own scripts to keep Linux and Windows passwords synchronized). A year later, I configured a similar set-up using Windows Active Directory (which in the end is just a pimped LDAP server). This takes a day to setup a similar environment. Of course, you do not have the same granularity of configuration options, but it works quite nicely out of the box. This led me to the impression that even though Linux is very nice, stable, configurable and using all the OSS servers, it was in fact Microsoft who took these open technologies and turned them into an all-integrated environment. Note: I am aware of the similar attempts like SuSe Enterprise and several Ubuntu-based distributions that provide similar out of the box functionality. However, that was 2006/2007, Microsoft did that trick in 2000 and is currently 8 year ahead in development.