Slashdot Mirror

PAM, Pluggable-Authentication Modules. The PAM Radius module, with a central radius server, has worked for me in my testing, but I wish the module was a little more featureful in doing something with return attributes. It's one of those things I kept wanted to do, never had time for. A random descriptive page I found is here One minor caveat: it's moderately easy to misconfigure PAM to allow too much access - just be careful and use a standardized configuration.

Evolution doesn't support NTLM2

But fetchmail apparently does. Don't know if that helps you with calandar features, though.

Thanks to Samba, which has been around since long before Correl first released the linux distro which would become Xandros, any distro can authenticate to an NT domain, also to an Active Directory domain. It can also act as an NT domain controller, but not an Active Directory domain controller. Xandros probably just has some slick tool to configure it. Red Hat has a slick config tool for it in Fedora and in Enterprise. I'd have to assume that Suse and Mandrake has a slick config tool for it too. It's certainly possible that Xandros uses something else, but it's not a feature unique to that distro.

Samba is for Windows interoperatibility, not for copying something that allegedly works better on Windows. This is demonstrated by the fact that for pure Unix-to-Unix file sharing with end-to-end authentication/authorization etc., the Samba people themselves recommend *not* to use Samba, but something like AFS (which predates SMB by several years).

Whenever a new version of a package is installed, it is compiled from scratch. End users do not keep object files from previous versions of a package. Upgrading a package means recompiling all the binaries from scratch.

Please see ccache.

As linked in the article header, for one (not repeating in hopes people might seek out different mirrors). In general, head to http://samba.org/, find the mirror nearest you, and choose "PDF" or "HTML" from the "documentation" section's opening paragraphs.

Hardcopy or PDF or HTML?

Hardcopy or PDF or HTML?

few hunderds of spare 200 MHz ? I wonder if their administrator will resist the tempation of installing disturbed computing client (like seti@home, or distcc >;-)

MS got to be market dominant (which is NOT a true monopoly) by making genuinely good programs

Out of curosity, how old are you, and how long have you been using small / personal computers?

Oh, I'd say he's about 49 years old and has been using personal computers since 1981.

The only people who deny that Microsoft is a monopoly are Microsoft itself or its apologists. You can make the argument that the web browser SHOULD be part of the OS - after all, that's what Netscape was thinking at one point, to build a platform on the browser, and Mozilla has a good start in that direction - and you can make arguments against a number of the other cases that lead to the monopoly judgment; but you can't dismiss them all. Microsoft is a monopoly which has illegally leveraged that monopoly to drive competition out of most of the markets they've targeted. Those are the findings of fact produced by Penfield Jackson, a judge who was cherry-picked by MS after they claimed the previous judge, Daniel Sporkin, was biased against them; and then, of course, when Jackson judge ordered a break-up, Microsoft successfully got him dismissed for defending his ruling before the pro-Microsoft business press, helping Microsoft to stall the case long enough for a pro-MS administration to come in and pull the prosecution's fangs - as Jackson actually predicted (see the com.com link above)!

If the monopoly ruling had been used to enforce the imposition of standard formats for a handful of document types, to force MS to release their flagship applications for competing platforms, or best of all to divorce the applications product line from the platform product line via a break-up, we might see for all aspects of computing a degree of integration similar to what the web provides (common protocols that promote and ensure interoperability). Instead, we have hydraulic despotism - the entire world economy is beholden to Bill Gates' whims, because the only way a company can interoperate effectively with its corporate partners is through Microsoft on the desktop, and Microsoft on the desktop doesn't interoperate well with anything other than Microsoft on the network, except where Microsoft's competitors have made heroic efforts toward interoperability.

That's what rsync is for, you can also keep history that way (see the --backup and --backup-dir options).

It was created by Andrew Tridgell to be used on "wet string", as he called the Australian internet connections.

WinXP Pro has "Remote Desktop Sharing", so enable that and simply use rdesktop from your *nix box. It's that easy. If you want your home directory mounted on your Windoze box, then use SAMBA on your *nix box as a PDC (Primary Domain Controller) and have your Windoze box log in to this domain (You can then setup SAMBA to automatically mount the home directory on the Windoze box as Z: or whatever). That should do it.

This has been done before. Try:

Wine if you just want a few Windows apps on your PC.
Win4Lin if you really want Windows on your PC.
VMWare if you want XP on your PC.
TightVNC if you want to access a Windows box from another box.
Samba if you want to share your drives back to your Windows box.

VNC and Samba should do the trick. Robin

No, you probably don't have any use for Condor for home computers used for surfing etc. It does not work at all like an SMP machine. Condor is for running a bunch of compute-intensive batch jobs, i.e. jobs that are not interactive, such as scientific simulations. Also, you can never take a multithreaded ordinary program and automatically split its execution on multiple computers, because the computers have separate address spaces and too slow network to simulate a shared address space, so a single application can never be made to run faster unless specifically written to take advantage of running on multiple computers. If you do a lot of compiling you might want to take a look at distcc. Otherwise just use plain ssh to run different apps on the different machines you have to balance the load.

Now that I've checked where I read what I said (the distcc FAQ) it would appear my original post was a little more paranoid than necessary; according to the FAQ, gcc 3.x.y and 3.x.z should be mixable. Of course, it doesn't hurt to make sure that the gcc versions match exactly, just to be safe.

Some of the problems caused by mixing gcc versions, at least from my understanding, may not actually be caught at compile time, and you could end up with binaries that exhibit "strange behavior" with no apparent cause in the source.

Actually I mentioned it in the first paragraph...

The point is that to a person unfamiliar with "compiler-intermediary" tools like distcc and ccache, the way to use them simultaneously is nonobvious.

Does the master host keep the cache, and farm out jobs on cache misses? Or does each box keep its own ccache, which is used to fulfill compilation jobs from the master? (Obviously, one of those options is drastically worse than the other)

Since you alluded to the possibility of distcc+ccache in the introduction, it is a disservice to your readers not to at least give a pointer to instructions on how to run them in tandem. At minimum, include this link. (And even better, add a disclaimed factoid on what your 6 minutes goes down to when ccache is in the mix)

ccache is also nice for optimizing compiling. He probably mentioned it in the article, but since it seems /.-ed I wouldn't know... and by the time you've got both distcc and ccache running the article might be available again so you can read if you did it the right way :-)

It supports NFS and CIFS (which is basically the latest iteration of SMB) so it should so you can network with NFS or Samba, Windows/Linux.

An here I though samba was Australian.......

In other words, the actual software that these laws protects is horrible stuff like RealOne and Quicktime.

Or maybe good stuff like Samba? where the guys have to reverse engineer every little tweak to the SMB protocol.

In this case, it's not Nintendo's Super Mario Bros., and it's not Sega's Super Monkey Ball either. SMB can mean either small-to-medium businesses or server message block.

On the contrary, after I kicked Super Mario Bros. and Super Monkey Ball out of my head, I took "SMB users" to mean "users of Microsoft networking protocols formerly called Server Message Block". Does Mandrakelinux ship with the full Samba package?

And how do you plan to manage those OpenBSD (or whatever) boxes evenly distributed around the globe?

Wow, there are certainly no tools at all that I could think of that would help me do that...

To quote one of my favorite legendary assholes: "This is unix. Stop acting so helpless."

(In all seriousness: yes, there are probably plenty of cases where there's no business case to be made for rolling your own system, and where Checkpoint's management console or a similar tool is probably a good choice.)

What if you add VPN to the soup?

Using Checkpoint? I'd say that you now have a pressing need for an aspirin. YMMV.

distcc is pretty handy in that kinda situation :)

Slow PC? fine, get a faster one on the LAN to compile it for you, infact get them all to help. No spare nix machines? Use distccKnppix.

hava a look at jcifs at . Like the name suggests its a java implementation of the cifs protocol

have fun
Fry

There is a java client called jCIFS that is part of the Samba project.

jCIFS is a Java CIFS client (and the jCIFS project was founded by this book's author).

Is there a way now to run an Apache/Linux box and have it authenticate web users against an Active Directory?

I'm not sure, but take a look at how Samba can use ADS; it uses Kerberos and LDAP and PAM (winbind). I think there are PAM modules for Apache. But it's currently a couple of steps outside of my knowledge domain to put it all together to do what you want, but it sounds possible. By the way, I tried using setting up my Linux web server at work to allow ADS authentication for login and file sharing. I think I almost had it working (kinit worked), but winbind pegged the processor while flooding my domain controller and I suddenly realized I was toying around with a production DC and haven't been brave enough to try it again and haven't taken the time to set up a lab ADS environment to try against. (I deduce that winbind was trying to copy the entire company's user list, but I'm not sure.)

Is there an open-standard directory service that can replace AD, but windows machines can still connect to?

OpenLDAP is the "duh" answer to the open directory service part. I've heard Windows boxes can authenticate to it using Kerberos. I haven't tried it myself but plan to for home fileserver use. Google for openldap windows authentication and look around. I don't see anything definitive offhand, but it's worth browsing. Oh, and check TLDP for Kerberos and Openldap HOWTOs.

Once I figured out how to use distcc, I stopped whining about compile times with gentoo. It isn't ideally efficient, but adding a new machine basically adds a denominator to your compile time. Not everyone has several machines at their disposal, but if you do, the experience of using gentoo can be much improved by parallel compilation.

You might also want distccKnoppix, which is a slick method to use your other non-gentoo boxen to help out.

I guess that's why Andrew Tridgell of Samba fame works for IBM Australia.

He must be a Sales VP.

[/sarcasm]

The first one performs semi-miracles on repetative build times where you aren't doing "incremental" builds. The second lets you distribute your compile to multiple build servers on the network (beware - there be deamons here)

Build times went from hours to minutes - it was great

The first one performs semi-miracles on repetative build times where you aren't doing "incremental" builds. The second lets you distribute your compile to multiple build servers on the network (beware - there be deamons here)

Build times went from hours to minutes - it was great

1. Marimba Castanet (I know, I love to hate them, too) has a technology that provides auto-updates to files on a box, and can even be scripted to stop and restart the process. I have used this and while it is expensive, somewhat complex internally, and a bit slow, it does work, and is highly scalable to 10,000+ boxes quite easily.

2. Rsync (a very common open-source Samba project) will synchronize files across a network, sending only the file differences, handling file deletion if so requested, etc. Very, Very good product, widely used. Set this up with any *nix (Linux, Solaris, etc.). Or, for Windows, configure Cygwin to run cron as a service, and have a rsync run as a crontab entry.

If you need to reboot, have the synchronizer write a "DoRebootNow.txt" file with the box's name in it. The service watches the file and looks for its own box name, and if found, does a reboot and does a cgi post to a cgi that removes the boxname from that file.

Cumbersome in parts, either of these systems can work for you very reliably and effectively. I would estimate both jobs at between 1 and 2 weeks of labor, including writing the scripting or learning about Castanet. That depends of course on testing requirements, method of deployment to clients, etc. Some large installations could take a person-month just to install all the clients on the boxes!

Also, I've heard of SMS, but I don't know much about it. Sorry...

-- KevinJRice

rsync.samba.org

Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.
Really? Could someone more familiar with Microsoft and their products kindly give me examples?

• Samba
• FreeDOS
• WINE
• The XBOX Linux Project
• Ximian Evolution
• Open Office
• Mozilla
• etc...

There is the summary of the official "client study" available as PDF file. Since Munich relaunched its homepage I can't find it on their servers anymore, but it's here mirrored here (German). According to this mailing list posting there's also an Englisch and French translation available.

You might have forgotton how recent last great leak of source code occured.

October 2003:Valve Software,Half Life 2 source,Microsoft Outlook

Valve Software, maker of the popular first-person shooter, confirmed that code posted online late last week was in fact Half Life 2 source code stolen from the Kirkland, Washington-based software company through a simple breach of security, namely Microsoft Outlook e-mail.

Paul Rogers, network security analyst at MIS Corporate Defence Solutions, said the QAZ Trojan theory is "certainly one of the three most likely scenarios in this case and seems perfectly plausible".

Another involves scanning the network for weaknesses, while a third cause could be a disgruntled employee disabling security protection methods such as firewalls.

Rogers expressed surprise that the hack could possibly have gone undetected for so long. "Large organisations such as Microsoft should be more proactive in their security. The QAZ Trojan hasn't had much publicity but is well known within the security industry," he said.

I'm amazed the whole SCO mess has dragged on as long as it has, especially considering that SCO incorporates Samba (scroll down towards the bottom, look for an announcement dated 19-Aug-03) into their own OS releases, and Samba is licensed under - you guessed it - the GPL.

As Andrew points out on the web page, SCO can't have it both ways. They're bashing the GPL on one side, and reaping its benefits on the other.

Or does 'Dalek' McBride (scroll towards mid-page) really think he's going to gain anything other than a corporate bloody nose from the whole fiaSCO?

Not only does Samba 3 support Active Directory (see "Major New Features" on that page), but it's also 2.5 times faster than Win2k3 Server in the same role, and scales up considerably better as well.

Kinda funny how Samba kicks the shit out of the thing it was designed to emulate, once again showing that Open Source is A Good Thing(tm).

Yes, Samba. Keep in mind it does not have all of the advanced features and capabilities of Active Directory, but for basic setups it is usually enough.

Apart from raytracing the only other experiance I've had with grids is compiling using distcc. Apple has also brought out xcode which does the same thing. Basically think of anything that takes a long time and can be done in parallel. For compiling it make allot of sense. It means that instead of taking 1 hour and 1 minutes to compile it only takes 10 minutes. Add up how many times you compile the product and it adds up to alot of time that can be spent testing or debuging instead of waiting for the program to compile.

As for not many problems that can be solved using grids well how many things do you know of in this day and age that take longer than an hour to complete or require more than 3 computer(web server, web service, database) to run? If you don't know many/any they you won't really need grid computing either. It's not for you just like most people don't need a real time OS either but if you do then you don't have much choice.

If you have more than one x86 machine, or know how to set up a cross-compiler, you should *really* consider getting distcc and ccache to help speed up your compiles. Distcc reduces compile times almost linearly (all the linking is still done locally, however, to prevent problems with library mismatches, etc.). I use it for pretty much all my compiles now.

If you have more than one x86 machine, or know how to set up a cross-compiler, you should *really* consider getting distcc and ccache to help speed up your compiles. Distcc reduces compile times almost linearly (all the linking is still done locally, however, to prevent problems with library mismatches, etc.). I use it for pretty much all my compiles now.

Let's use a real world example. Say you want to have SWAT running on your box so you can admin your samba server remotely. However, your ISP uses DHCP, so you can't use xinetd to restrict connections from a trusted IP address. So what do you do? You could set up a port knocking scheme so that port 301 only opens up after you give it the secret knock. This is security through obscurity. Or you could do it the right way: set up xinetd so port 301 only accepts connections from localhost, then from home type:

ssh -2CNx -i ~/.ssh/id_dsa -L 3301:localhost:301 me@mysambabox.mydomain.com

The only thing a port knocking scheme is good for is for concealement -- hiding the fact from a port-scanner that a port is open. This makes is much more valuable for grey-hat and black-hat scenerios than it does for legitimate purposes. If all you want is secure remote access, a properly configured SSHD on port 22 is secure enough. Now, if you need to conceal your rogue SSHD instance from the PHB/BOFH, something like this is good. Sometimes you have to work around obstructionist pricks so that you can get your job done. Of course it's also useful for hiding the sshd you installed on the box you just r00ted.

That sweet compile farm I always wanted to build could seriously be worth it pretty soon. DistCC and 4 modded xboxes for around 500 bucks? That sounds Funtastic!

Whaddayaknow?

% echo 'GET A GODDAMN ANTIVIRUS PROGRAM YOU FUCKING MORON' | smbclient -M ip

If you have lots more updates than accesses, you need your redo logs etc on RAW devices, no filesystem required, these will be your biggest bottleneck.

Despite all the wisecracks about the name, our sentimental favorite should be GPFS because of a certain well known geek who works for the filesystem group at IBM Almaden.

Have ya ever noticed that Windows can't see your Linux partitions?