Learn from Samba-Man Jeremy Allison

Jeremy is a leading Samba maintainer, and therefore one of the world's leading experts on Samba, which is often held up (along with Apache and the Gimp) as a sterling example of efficient and useful Open Source development. In the interest of full disclosure, we must mention that Jeremy is now employed by VA Linux, but that his primary responsibility is still Samba, just as it was when he worked for SGI. Look for Jeremy's answers to your questions within the next week.

Dear Jeremy (sorta)

Down in the fray during the PlanetQuake source code controversy you posted this comment:

Ha ! That's funny. There have been *many* deliberate violators of the GPL. Anyone who has managed a large, successful GPL'ed project will have come across these people (I know Samba has).

What usually happens is that after some polite legal words the violators back down (in all cases I know of). This is why the violators have never ended up in court.

This is a testament to the legal security of the GPL, in that no violator has yet had the courage to challenge in court what they did (and some have been *very* well funded indeed).

I expect the same thing to happen here that happens in most of these cases - the violators will back down before losing in court.

Regards,

Jeremy Allison,
Samba Team.

Could you elaborate on some of the "deliberate violaters" you have encountered? I have to admit that I find the above comment a geek teaser and would love more info. <:

Samba-man?

why does this guy have a girl's last name? is he one of those chicks with dicks? does he need a spanking and a nice hot bowl of grits poured down his pantyhose? thank you.

Re:ACLs - Here's what we use!

OK, that's all well and good, but it's still missing some critical "glue". I am aware of the POSIX ACL project for Linux, and hope that it ends up being supported by Samba. It'll need to be hacked to run with ext3, though, since fscking 50 gig partitions is a bitch.

The big thing that I can see is that Samba doesn't offer up the list of users in the domain. Try it. Install 2.0.6 somewhere, enable "nt acl support", then go into the NT permissions stuff and click "Add". It'll die with some sort of RPC error since Samba doesn't have anything to feed it.

I have no idea how they'd solve this for the "NT PDC, lots of Samba BDCs" situation, but they could at least send out the Unix usernames. I hope that much happens in the 2.0 tree.

I love Linux. I contribute to the kernel. I write hopefully useful programs that run on it. I even run around evangelizing sometimes. But I still can't recommend it as a real replacement for NT4 in our schools due to scant few issues, and this is one of them. Taking away the ability for users to change permissions on their files (thus putting the load on me) is out of the question.

Re:Replacing NT

(I actualy disagree with Pheros_7f4 about Microsoft changing things intentionally, but that's a side issue...)

then you are one very sad, naive person. i am scared for you as go through life.

Another great Open Source article!

Easy, simple steps -- yes, even you could do it:-
1. Moderate DOWN all posts questioning or saying negative things about Open Source, no matter how reasonable or accurate they may be.
2. Moderate UP all pro Open Source posts, no matter how stupid or inaccurate.
3. Moderate UP all posts from people saying nice things about VA Linux/Andover/Malda.
4. Watch VA/Andover/Slashdot stock $$$$ rise
and have a really good laugh at all those suckers who let them get away with it.

Re:Dear Jeremy:

actually jeremy allison and matt damon were together in "rounders", not "talented mr ripley." you're thinking of meryl streep.

Pizza

Jeremy, What is your favorite nearby pizza shop, and what kind of payment arrangements do they accept? (This will greatly help those of us who like to to the right thing in exchange for your hard work)

Re:question

Very Assholish

Jeremy Allison Your the Shit!

That is all. -David http://www.snowboarding2.com

Re:SGI's feelings toward Linux

re: graphics performance

check out: http://www.specbench.org/gpc/opc.data/summary.html

it's pretty clear there's little to be gained by paying 10x premiums for less performance. Though I suspect that SGI still has a few features in their largest boxes not matched by the playstation or hottest video cards.. I've been impressed by their 3D effects - modulated eye-glasses, but that's less performance than apps, libraries and drivers (and very high performance displays - flashing two (slightly different) images in the same time we normally draw one.

So this is yet another case of Christensen's correllary - where investment (and a steeper moore's law curve) follows volume times pricepoint. And what was once viewed as an embarassment and a toy is now the leader (...and the last shall be first). hmm. maybe I better start being nicer to ms...

Ari

HI

that link dont work, got another?

Samba & Linux

Samba is an amazing piece of software!! Congrats But considering that Novell has released NDS for linux, dont you think that its time samba started adding samba specific features that can compete with offerings from Novell ? ie. to share file with windows pcs, I would just install NDS & NDS clients on linux and NT. I do not need samba now. Last, dont you think the community needs a generic samba client software for windows PCs, rather than use the microsoft client that comes with windows? Think of a splash login screen that says "welcome to samba client for windows" on a windows screen.

Cool

This should help

Jefus says

Please go play hop scotch in a mine field. Thank you. Love - Jefus J Crest.

Windows 2000 Support

With all of the new hoopla about Windows 2000, I've read that Samba is now at a disadvantage due to the fact that Win2k has implemented several new "security enhancements" (read: MS-kerberos) which breaks the existing Samba implementations. It seems that Microsoft is really trying to get the Windows file servers back on Windows boxes. Will the Samba team be able to develop for full W2k support in a legal way? In other words, can we expect to see a full Windows 2000 compatible Samba that won't alarm any of Microsoft's lawyers?

Re:Windows 2000 Support

[Vlad_the_Inhaler]

Samba 2.0.7 is in pre-release, it is specifically aimed at fixing Win2k incompatabilities.

first.

yup

Samba sucks

see title! VA Linux sucks too, you are all obviously a bunch of linux lamers.

Re:What do you think of my work?

mod this POS into oblivion. Sometimes it is embarrassing to read /. because there are so many idiotic posts that have nothing to do with anything

How about YOU get a life

You immature fuckfaces who wrote this need to get a life and grow up!

Get a grip. The guy that wrote this probably spent a lot of time on it, and all you can do is call him names and swear at him. Of course, it doesn't really matter to you if you hurt his feelings, do you? Don't be so insensitive. The world doesn't revolve around you.

Re:How about YOU get a life

[mindstorm]

Yes, but it was insensitive to post what the original poser did. My head hurts and I'm grouchy due to the side effects of the medication I take for depression. Which was caused by enduring the level of harassment that I recieved in high school. I just went non-linear when I read that.

Columbine is still a tragedy many are still recovering from. People got killed and a nation went into a pandemonium over it. Jon Katz should not of been dragged into the troll even though he tends to be over the top at times.

Re:Share permissions? *shudder*

Ummm, OK, let's think about this.

Scenario: A public school district. 1500 employees, 10000 kids.

With that many people, a good number of them have accounts. Now figure that they all have various projects and things going on that involve granting others access. The standard Unix model of "user, group, other" does *NOT* cut it.

See, for every unique grouping of users, you need another Unix group. Ignore the obvious problem of making the admin edit /etc/group every time something needs to change. There is also a ceiling on the number of groups - 16. You can hack around this, but NFS will strip anything else, among other problems.

So, like it or not, some people really do need the NT ACL stuff. If you have a better way for the users to control their own permissions without resorting to oodles of Unix groups, I'd love to hear it.

fscking NT users .. sheesh

"Firest" post? Yeah, you got it, genius. Now go play in traffic and take your toy OS with you.

Re:NetBEUI

NetBEUI is dead! I seriously doubt it would be integrated into Samba. Even Microsoft says you should use TCP/IP instead.

SGI's Attitude towards open source

First of all THANKS.

I use and love Samba on SGI Origin 2000's every day.

I can attest that Samba is partially responsible for the sale of my 6 origin 2000's. Without Samba we surely would have fell down to NT by now.

Where do you see SGI going with the whole "open source" fad???

Are they just paying it lip service or do they really intend to participate in a helpful way????

Yeah Yeah, open vault, xfs (but not cxfs), kernel patches, donation of Origin 200 to samba team and so on should anser the question with actions speaking louder than press releases.

However, I'm a long time $GI customer and I don't see that company Giving away anything for free.

Samba is a good example:

On the Feb 2000 SGI "Freeware" cd (http://toolbox.sgi.com/TasteOfDT/public/freeware/ 2000Feb/index-by-alpha.html) the latest version of samba is 1.9.8,

while the version SGI sells (for $2000+ per year) is 2.05

If SGI were serious about open source they would freely distribute and sell support for the latest version.

Then again if SGI were serious they would not make you pay trhough the nose for a simple C compiler; the more people have compilers, the more programmers for open source projects....

Keep on Keeping On

Yeah, I'm an A.C. but I also have a job....

Re:Share permissions? *shudder*

Share permissions are really a relic from the olden days of FAT and HPFS filesystems.

You're right though -- good administration means doing things consistantly, and in my book that means file system permissions only.

Re:NetBEUI

Slashdot already had a long flamewar on this topic a couple weeks ago. Suffice it to say that if Linux and Samba supported NetBEUI, some people would use it (including me on my home LAN).

Re:Challenges for new contributors

I don't know what the clients you work with are like but there were still Windows 3.1 machines running around in couple places a little while ago with mine. Does anything every really get discarded? Never understimate the disaster of "if it ain't broke, don't fix it".

MAPI support in Samba?

In organizations that have the MS Exchange Server and they have configured it to support access through MAPI, linux users cannot connect and read their e-mails. There is virtually no e-mail client that can connect to the Exchange Server using MAPI (port 139) and download the e-mails. I have the impression that this protocol is undocumented. Do you know if the implementation of MAPI capabilities is something that fits into Samba, and if so, is there any attempt to add support? Thanks, Simos

Re:MAPI support in Samba?

[ckaminski]

Exchange supports POP3 and IMAP, so I don't understand why Linux users can't access email.

The thing with MAPI is that it isn't a protocol per say, its MSRPC running over Netbios. You would need to decode the RPC calls. Not an insurmountable task, mind you, but not necessarily one that is necessary considering Exchange's web support and IMAP/POP3 support.

Challenges for new contributors

Samba has pulled me through some sticky situations more times then I can count. I would love to give something back to the project but I don't really have the experience to tackle the reverse engineering involved. Are there some outstanding pieces that need work that would be more suited to new contributors? Are there any suggestions that you have for people interested in contrubting but unsure where? What are some of the traits of sucessfull contributors? Long live SAMBA!

Re:Challenges for new contributors

[UseTheSource]

I don't think Samba should live long as you say (although it probably will). As a protocol, SMB was horribly designed from the outset, and the only reason for Samba therefore is interoperability with M$ systems. I think everyone, Samba team included, would probably hope that SMB would go away and that we'll no longer need to use Samba. Come on, even M$ could come up with something better than the current SMB design.

Iridium update

Motorola has posted a deboost schedule for the 66 satellites

Re:Did you get any VA Linux stock?

What products do TruSolutions and NetAttach sell?

How can kernel hackers help?

What kind of support would you like for file
locking? How about native support for the ACLs
that NT uses? Would you like the kernel you let
you specify a UID when you open a file? (for root
only of course) Any filesystem features you'd
like to have? Would you like native structured
storage support? (how?) What about some better
way to share cache between the kernel and Samba?
Anything else that might be on your wishlist?

Re:Self serving Slashdot talks up VA Linux stock

Yeah, this is just more /. 'News for Nerds, (my) $$$ Matters'

Malda, Hemos, Roblimo and CO really suck. But thats why we have the geek compound.

Re:Windows 2000 lack of support

If W2K defeats Samba compatability, doesn't it do the same for all the legacy MS products as well? Does Samba offer better legacy support than W2K, and still offer secure encryption as a file server to ?
Do files served under SMB have to be text based? Can the Samba serve music/video files?
Thanks

Re:What do you think of my work?

excellent story, well written. I think you hit the nail on the head with this one. Jon Katz the sadist!

FIREST POST>...........

[NTGoodGuy]

aAAHHHHHHhhhhhh did I get it? if not.....you ALL owe me a buck.

Re:Kerberos

[jallen02]

No actually microsoft has not molested Kerebos. They are still using compliant Kerebos! They just are using parts that are in the spec that no one else has used so it actually still plays nicely with everyone else.

"Point and Print"

... is what they call it over in M$ land.

Samba has done this since some point in the 1.9.x line, since I have a few systems that have been doing it for that long.

Look at PRINTER_DRIVER.TXT in the docs that come with the Samba source tree. It goes into all the gory details. You have to get your hands dirty and rip into the crap that companies like HP give you, but it DOES work. They say "add this printer" and it just pulls it down and starts going. HTH.

Oh, and with regards to your ACL / "out of Unix groups" dilemma - let me add a hearty AOLer style reply: me too! What you seek would be very useful.

What I'd need in order to trash our NT servers

[bob]

I work for a US governement agency, and we use Samba extensively in our mixed Solaris/NT (soon to be Solaris, NT & Linux) network. In fact, partly because we are able to provide better support for our Solaris servers and partly because a lot of analytical processing is done under Solaris and Solaris can't straightforwardly mount NT filesystems, most of our users store most of their data -- even their NT-native data -- on the Samba servers, not the NT servers. We don't see a liklihood of this preferance going away anytime soon, and we would seriously like to do away with our NT servers if at all possible, and replace them with servers running either Solaris and/or Linux.

We are now in the process of redesigning our authtentication and name services schemes, and at least in my division -- what with the extensive use of Unix -- Active Directory is not a leading contender to provide any of these services. What we need is good support for NT desktop workstations (MS Word being a business requirement and all) and Unix file, print and computational servers. Preferably Unix and NT systems would obtain authentication from the same source, e.g. a Kerberos or LDAP server. Note that, as contrasted to some "appliance-like" implementations of Samba servers, we need to support login authentication to the Unix machines (both through telnet and xdm -- most users use eXceed on their NT workstations) as well as mapping SMB shares, so having Sabma be able to use an authentication service is not sufficient; xdm, telnetd and login must also be able to use the service. (We currently use Samba in security=server mode -- both the NIS master and the NT PDC are controled by the same adminstrative team and a single person will add userids to both -- so most authentication is handled by the PDC, except for Unix login and xdm which are handled by NIS.)

In addition to login authentication, we do of course need file services for the NT workstations. But full control of file ACLs from the NT client side is an absolute long-term requriement. Today, our users control file security by creating files first in Unix and setting the permissions, or by logging into a Unix server and doing a chmod/chgrp on the file after it gets created by Samba on behalf of the NT workstation. By setting restrictive default permissions in the Samba configuration, this is relatively safe, but it is a huge pain. Thus, in some cases where file sharing among several NT users must be supported and complex security requirements exist, users will typically create the files on the NT servers. On the Unix side, we have maybe 100 groups for a few hundred users, and have had problems with users being in more groups than are supported by the OS. Also, many groups completely change membership from month to month depending on project staffing. Thus, whatever our solution is must support very fine-grained and dynamic control over access control lists, and it must be straightforwardly controllable from the NT client side, preferably though Windows Explorer.

One other thing we make use of in NT is NT Server's ability to transparantly download printer drivers to NT workstations. Since our users don't have administrative access to their workstations, they are not able to install their own printer drivers. NT deals with this configuration by storing the appropriate driver as part of the printer share on the NT side. When a user maps an NT server-based printer to their workstation, the driver is automagically installed on the workstation. If Samba can't do something like this, it could cause a pretty big headache for us. (Samba may do this today, I'm not sure).

Finally, one major issue is how one goes about distributing software and patches to NT workstations, and also how they may be remotely controlled by help desk and/or administrative staff. Currently we us Microsoft's System Management Server for this, which kind of sucks in a lot of ways. Still, it would be utterly fabulous if it worked the way it seems to have been designed to, and it really does provide some essential services today. This is kind of pie-in-the-sky, but a solution that didn't address some of the function lost if SMS were shut down could easily result in whole lot of lost shoe leather.

There's probably some other things, but I've listed what I think are the big ones. If authentication and name services can be integrated for NT, Samba and Unix, if users can have fine-grained control over file ACLs, if printers can be transparently mapped without having to install drivers by hand, and if an alternative solution can be found for software distribution, remote control and other services provided by SMS, then I think we stand a chance of shutting our NT servers down completely. Partial solutions, such as addressing only the file ACLs and integrated authentication, are likely to help to get rid of a large number of the NT servers, but are not likely to eliminate our dependance on NT Server altogether.

Jeremy, any light you can shed on these issues would be greatly appreciated.

Thanks,

Samba Performance

[Russ+Steffen]

Any insights into why the otherwise stellar performance of Samba is so miserable when using the MS-DOS Windows-networking client?

I use Norton Ghost to do a lot of system cloning, and when using the DOS client to save a hard drive image to a server, throughput to Samba maxes out at about 3MB/min (for reference, a null parallel cable does about 4MB/min). Throughput to an NT box on much lower end hardware goes about 80MB/min. It's usually faster to make the image on a real NT box (or even a VMWare fake NT box) and then FTP it to the Samba server.

I understand that the peculiarties of the client can have a large impact in the performance of SMB, but what does the MS-DOS client do so different that would account for a nearly 2 order of magnitude decrease in performance?

Re:Samba Performance

[nanode]

Good question regarding the DOS vs. win performance variation, but who really cares? I understand ghost is a powerful tool, but a critique of the DOS performance seems almost silly.

How about a role reversal?

[Pauly]

First off, thanks for the amazing feat that is Samba. I love it.

I'm curious if you ever contemplated reversing Samba's role in connecting Windows clients to server-based print, file and authentication services.

Imagine, instead of building software that makes a *nix server behave as a Windows server, create software that enables clients to understand the behavior of a *nix server.

It occurs to me Linux could continue it's best of other-breed approach to functionality by presenting a combination of the best of Windows/SMB, UNIX/NFS and Netware services to a open-source windows client custom built to understand them.

What do you think?

Windows 2000 Publicity

[rusty]

How do you feel about the claims Microsoft are making with regards to Windows 2000?

Rusty.

Re:Samba Performance (with DOS)

[Jacco+de+Leeuw]

Hi Russ,

Have you tried other DOS clients? (See my webpage).

Just for testing, have you tried downgrading Samba to a lower protocol, such as LANMAN2 or even CORE?

I wished I had more time to check out these kinds of things since clearly the Samba guys leave these things for other people to fix. And rightly so since they have no need theirselves. I guess we have to scratch our own itch, eh? :-)

And yes, some people still have a need for DOS. Perhaps not in the US, but World != US.

Re:Replacing NT

[davecb]

(I actualy disagree with Pheros_7f4 about Microsoft changing things intentionally, but that's a side issue...)

The usual sense of "replacing my NT PDC" is to provide all PDC functionality in Samba in the much the same way that MS pioneered it, (a bit of a long-term task).

What's your opinion of providing the unix equivalent of an SMB server, with things like DFS supported on top of automounter tables, much like "homedir map" already does?

--dave

The Future of Samba

[jjr]

With W2k out and mircosft tring to push it as the next best how has this change your plans with Samba.


http://theotherside.com/dvd/

Brain drain.

[Rodos]

So are you still living in Australia? If so how come you have not moved to the USA like so many others? Whats your view on the Australian brain drain of elite technology people? Pevious Young Australian of the Year, astronomer, Bryan Gaensler, in an article in the Age Newspaper said

A more subtle form of haemorrhaging is the dreaded brain drain that sees Australian scientists, frustrated by lack of opportunity at home, take their knowledge and ideas overseas.

Other standards

[Kismet]

Do you see any future shifts toward other standards, such as reggae, mambo, or salsa?

Re:Did you get any VA Linux stock?

[Zico]

I'd consider them both to be hardware development companies. NetAttach, which VA Linux paid about $40 million in stock and cash for, "has developed Linux-based technology for creating a high-availability storage appliance," according to the press releases. (They're part of the Network-Attached Storage [NAS] market.)

TruSolutions got about $200 million in cash in stock, and the main thing they bring to the show is their engineering abilities in designing "Linux-based high-density rackmount servers." This is the purchase that sounds a bit questionable to me -- I don't wanna knock 'em, 'cause I'm all for taking the money and running, but can you really take a look at their website and picture that as a company worth $200 million?

Cheers,
ZicoKnows@hotmail.com

SGI's feelings toward Linux

[Zico]

Hi, do you keep in touch with your former colleagues at SGI? I was just wondering if they harbored any bitterness because Linux basically destroyed their company. Does their morale suffer from their PR department making a much larger effort to associate the company with Linux than the effort they put into promoting SGI's own IRIX?

Cheers,
ZicoKnows@hotmail.com

Re:SGI's feelings toward Linux

[Krellan]

I don't think it was Linux that destroyed SGI.

A while ago, SGI's 3D abilities on their workstations were far superior than anything available for any other platform, and worth the price.

I believe that they failed to keep ahead of the advancing PC industry. Games like Quake provided the critical mass to make 3D accelerator cards a commodity, thus lowering the price of them, while SGI's prices remained high.

SGI did little to keep their 3D abilities state-of-the-art, so their high prices no longer seemed worthwhile and people began buying generic PC's to do their renderings instead of SGI.

(This is all IMHO... If anyone cares to fill me in with more information on the downfall of SGI, please do so.)

Re:SGI's feelings toward Linux

[drix]

I disagree. It's the fact that I can buy a GeForce 3D accelerator that literally destroys SGI's top of the line from a few years ago that killed SGI. The bottom simply fell out of the 3D market, in the early 90s, enabling a kid with a $2000 PC to have as much power and rendering capability, for the most part, as an entry level Indy. Silicon Graphics, as the name implies, had always had the graphics segment of the market cornered and hands down was better than anything Wintel could muster up. This is not true anymore; the graphics hardware available for PC beats all but the extreme top of the line stuff available for Irix/SGI/Unix. Luckily for Sun no major revolution came along in hard drives or processors, or else you might see them in the same position SGI is in now. Instead, they continue to fill their coffers because the server market is still quite lucrative. This is not true for the workstation graphics market, which basically endured a paradigm shift recently. If you had to pick one creation that killed SGI, I guess you could say 3dfx.

--

SMB And routers

[toofast]

The SMB protocol itself is a subset of TCP/IP, and therefore it will work even thru the Internet. The complication is when you wish to browse resources in the Network Neighborhood. As the browser uses B-Node broadcasts to fill the Browse List (list of servers in a workgroup), these broadcasts are not going through the routers. Samba enables you to "broadcast on another subnet", hence you may "see" Samba servers in the same workgroup on different subnets.

Windows remedies this situation by using a WINS server, which is a replacement for the broadcast nature of name resolution. Using a WINS server, each client (regardless of their subnet) can query the WINS server to resolve names and browser requests. These requests can (and will) be routed if several subnets exist.

Another way to deal with cross-subnet browsing is using NT's LMHOSTS file, and including both Domain Controllers in the file, but that's another story!

SAMBA

[SONET]

I just wanted to give my thanks for your involvement (and everyone elses) in the Samba project. I now have four servers at an elementary school running Samba, one of which actually just went up today. The one that went up today was replacing a Win32 machine that had nothing but problems from day one.

It's difficult to get teachers to depend on something other than a chalkboard... the flaky Windows server certainly wasn't helping their confidence in the file server idea. It took a major dive last week so I finally made the somewhat time-intensive transition to Linux/Samba.

I've never had a single problem with any of the servers I have running Samba on Linux (a couple have 250-300 day uptimes!). My only wish would be for Samba to be faster / more intuitive to configure without having to use a GUI or web interface. :) Anyhow, it's nice to have one less Windows machine to worry about... without your efforts I would have had more ruined weekend plans to look forward to.

Thanks again for your efforts,
--SONET
http://www.hbcsd.k12.ca.us/peterson/technology

Re:Samba File Locking

[Tony-A]

dBASE, at least dBASE for DOS through 5.0 uses logical rather than physical locks for locking resources. The dBASE locks are negative numbers. To lock record n, dBASE locks the file at something like position -n-2, IIRC. The offset is due to using -1 and -2 as locks for (sorry, I don't remember). If you are interested, I can probably rework out the specifics of the locking.
(Tony@ServaCorp.com) Intrspy/Cmdspy don't work under NT.

smbfs for other operating systems?

[HHaygood]

In a heterogeneous Unix environment, smbclient is relegated to a role somewhat like that of an FTP client. Linux supports smbfs; are there any plans to create the necessary kernel modules to allow other operating systems (Solaris, for example) to mount CIFS shares into their virtual filesystems?

sharing files

[_Tal]

What method do you advocate for sharing files FROM a windows NT box to a Linux filesystem? smbmount is supposedly NOT part of Samba, so what is the Samba or other solution?

Re:sharing files

[Vlad_the_Inhaler]

Andrew Tridgell took over smbmount starting with version 2.0.5., the documentation has not kept pace with this change.

My question, do you need help weeding out documentation that is no longer correct? While my technical background (no NT, only basic Linux) means that a lot of stuff is over my head, some of the documentation obviously needs pruning and I would be available for that.

A related question: is John Terpstra still in the project?

Samba File Locking

[MattTC]

I have noticed in my work with Samba that there seem to be issues with File- and Record-locking using older database sytems (Specifically Dbase), that can only be solved by turning off Samba file locking (which causes its own problems, of course).

Do you know what the cause of this incompatibility is, and is this something that will be fixed in the future?

Re:Samba File Locking

[MattTC]

Well, I am interested, if it is possible I can get my specific dbase app to run on a samba server.

The app in question is using the Clipper/Codebase command set. (Don't ask why).

Feel free to email me (remove the ANTISPAM).

SP7

[kaze]

Any suggestions on training paths for MCSE's to take to get to be sub-guru level *nix profesionals. Is there anyway to tell in OpenSourcer's code has been used by Microsoft? If W2K does turn out to be a failure, do you see SP7 etc for NT4 coming out?

Has the Samba Project Received Static From MS?

[EXTomar]

If Samba keeps with their design and coding philosophies, it would seem that Samba is destined to be ported to many platforms. This kind of wide spread acceptance seems to be in constrast in what Microsoft had in mind(ie Microsoft would rather charge Sun to support their platform...instead Samba comes along and gives them it to them). At the risk of sounding like an alarmist or a troll, have you or your team received any static from Microsoft for exposing SMB to platforms they never intended to support?

Share permissions? *shudder*

[DebtAngel]

I was going to flame you, and tell you that share persmissions are, always have, and always will be, a bad idea.

But then I realized that is just my personal opinion. I've always thought that as long as you have your permissions set properly in the first place, you don't need to restrict them again.

Never mind the fact that you aren't really talking about NT share permissions - you just want to implement them, and pretend you are implementing real ACLs.

It's still a bad idea.

Re:Share permissions? *shudder*

[DebtAngel]

I agree that ACLs are better than Unix permissions. But I still *hate* share permissions. It adds a layer of complexity that is truly...dumb. I know several admins (okay, MCSEs) that set share permissions, leave the NTFS permissions as Everyone/Full Control, and keep the server room unlocked. Can you say Stupid? I knew you could.

This is why, IMHO, Samba should not set up ACL emulation; let the OS/FS do that.

Re:Share permissions? *shudder*

[Guy+Harris]

So, like it or not, some people really do need the NT ACL stuff.

...or some flavor of ACL stuff, e.g. the stuff that was being worked on as a POSIX draft, or various implementations based on various POSIX drafts (Solaris and Digital UNIX both have POSIX-draft-like ACLs, and other UNIXes might as well - there's a project to implement them for Linux as well), or non-POSIX-style ACLs such as appear on HP-UX.

Re:Share permissions? *shudder*

[Guy+Harris]

But I still *hate* share permissions.

But that's not necessarily what the poster to whom you're replying was asking for. He/she said:

What are the plans for ACL support? I mean the stuff that comes up when you do (in NT) Properties, that second tab, then the Permissions button and get the list of users and groups. Right now we can mess with the existing user and group, but adding people fails.

Said tab is the tab for the file's ACL.

He/she then said:

Will this tie in with the Linux patch to add POSIX ACLs, or will it happen above that layer in a file Samba maintains?

If it ties in with the Linux patch in question, that'd obviously be per-file ACLs (it'd also be difficult, given that NT ACL semantics, which is what clients will be expecting, aren't the same as POSIX ACL semantics), and if it's done "in a file Samba maintains", it could, in theory, be done with per-file ACLs (I think some commercial SMB-server-for-UNIX does that), although the problem then is that said ACLs don't apply to UNIX users, just to SMB clients, so if somebody grants or denies Joe Blow access by adding an ACL entry, that doesn't necessarily mean that if Joe Blow logs into the box running Samba, or a UNIX box that's NFS-mounted stuff from the Samba box, he will necessarily be granted or denied access.

Pizza

[Col.+Panic]

So, what international pizza chain is closest to where you live?

Front Ends

[MicroBerto]

In order to make some of the Samba basics easier, are you working on a front-end, or with another group of programmers who work on that? I think it'll become important once smaller businesses begin to grasp Linux.

Mike Roberto
- roberto@soul.apk.net
-- AOL IM: MicroBerto

Active Directory & SOAP

[XiRho]

I don't know much about the specifics of how SOAP/Active Directory work in Win2k, but, I do understand it does concern the kind of work Samba does. For example, how will Samba handle the "Application Sharing" aspects of Active Directory, or, what will Samba implement to replicate 2000's "remote files" in 2000's version of NTFS?

Finally, out of curiosity, since 2000 implements a few more "web-oriented" features in NTFS, will Samba be collaborating with (or stealing from) Apache to implement this level of functionality?

Re:ACLs - Here's what we use!

[Howard+Beale]

Check out this site - http://www.braysystems.com/linux/trustees.html We've been using this patch for several months with Samba and Netatalk and have had no problems.
Works simply, with no need to mess around patching fsck and other fs programs.

Corp Backing

[Nerf97A4]

It was interesting to see HP "corporatizing" samba into CIFS/9000.

What are your thoughts on HP making money on samba?

How do you see development changing with a corporation having a vested interest?

Mod this up

[dragonfly_blue]

cuz it made me giggle. +6, funny

Re:What do you think of my work?

[mindstorm]

Can someone mod this WAY down? You immature fuckfaces who wrote this need to get a life and grow up!

BDC functionality?

[mindstorm]

When are we going to see Samba act as a Backup Domain Controller. There are situations where a domain controller needs a measure of redundantcy to keep an operation running.

Re:NetBEUI

[Krellan]

I would love to see NetBEUI support in Samba! Especially with the Procom NetBEUI stack for Linux, announced recently.

It would be a great idea to support NetBEUI. That protocol may be dying, but it has two advantages for small networks that aren't present in TCP/IP:

• It requires no central administration (machines dynamically discover each other and don't need addressing, workgroups, subnets, etc.).
• It is non-routeable (and thus can be used securely on a local LAN, without the possibility of packets leaking in/out to the Internet)

Question though: Assuming the Linux NetBEUI patch is integrated into the kernel, would it be best to have the Linux kernel handle the NetBEUI setup (node discovery, defending conflicting names, etc.), or do it internally within Samba?

As NetBEUI is a low-level protocol like TCP/IP, there's an argument for doing it in the kernel (thus letting other programs use NetBEUI as well). But, much of the existing code is already in Samba, and there's also an argument for doing it in Samba (it would be fairly straightforward, just remove the TCP/IP wrapper the SMB packets get encapsulated in, and put them directly on the wire via NetBEUI).

(Just FYI for newcomers to this protocol: there's a difference between NetBIOS and NetBEUI. NetBEUI is a network protocol, like TCP/IP. NetBIOS is a programming interface, like sockets, that was designed and optimized for NetBEUI (much the same as the socket API was designed for TCP/IP).

Disclosure

[Scrymarch]

In the interest of full disclosure, we must mention that Jeremy is now employed by VA Linux.

Good work /. ... it may be full of chaos, rumour and reposts, but it's critical for independence that disclosure is maintained. It also protects your back from accusations of impropriety.

End of Days

[Docrates]

Believe me, I don't mean to be as stupid as I sound when I ask you:

Will Samba ever die?, if so, how?

question

[Hot+Grits]

what does VA stand for?

Full PDC support and the Samba TNG Merge

[jmeff]

How long do you think it will be until the Samba team starts really hammering on the 3.0 release and merging in all the PDC support from the TNG branch? I understand the 2.0X branch has had priority because many people use and depend on it, but I think there's a definite need for the rest of the NT Server services to be engineered into Samba to fully replace an NT network. How do you feel regarding Luke Leighton's goals for TNG (formerly samba 2.1) and in fully merging and working to complete this work for Samba 3.0?

Samba configuration

[ba22a]

Jeremy - The story on TNG seems to be that it is cleaning up and normalizing samba's networking code. I was wondering if any thought had gone into a fresh start on the config files? Over time they seem to have accumulated cruft, and it seems to be heading for more with IPv6 address parsing and per-domain options.

Cheers - Baz

PS thankyou for making my life so much easier (as a sysadmin for 300+ machines).

Re:Windows 2000 lack of support

[Guy+Harris]

Do files served under SMB have to be text based?

No. SMB's file model is similar to NFS's file model - "please give me N bytes from the file starting at an offset of X" or "please write the following N bytes to the file starting at an offset of X". Typically, the server doesn't care what the bytes are, it just reads them or writes them.

Some SMB and NFS servers might offer an option to translate between different text file formats if the file is a text file, but I don't know whether any do.

Can the Samba serve music/video files?

I've read music and video files from our (Network Appliance's) SMB servers; I would expect it to work reading from a Samba server as well (there's no reason why it shouldn't work).

smbclient and OS/2 compatibility

[brennanw]

What are the plans of Samba client on Linux with regards to OS/2? Can we expect the ability to actually allow Linux (as a client OS) to access shares on an OS/2 file/print server on small networks/home networks?

Samba on Windows?

[Ed+Avis]

Will we see a Samba port to Windows, as a more flexible / less licence-encumbered alternative to the built-in file and print sharing?

What about buffer overflows?

[tilly]

I have heard that the Samba folks have found buffer overflows in every major TCP/IP stack but make a policy of trying to notify the vendors rather than publicizing them. (OK, you fix the Linux bugs. :-)

Given this, how do you respond to the argument that vendors only fix their problems when threatened with disclosure, and therefore when you find problems you should not merely notify, but also threaten to disclose the problem if it is not fixed?

Thanks,
Ben

Re:Samba as a security measure?

[Col.+Klink+(retired)]

> Higher levels of security (read encryption) between Samba only servers?

The SAMBA group has always maintained that their duty is only to replicate MicroSoft's protocols, not expand them.

> using the SMB protocol... instead of normal Unix file transfer protocols... that are better known

Ugh. Tell your PHBs that "Security through obscurity is no security". If they want security, use ssh and encrypt.

Samba TNG - What is it?

[IntlHarvester]

Could you provide an explanation of the TNG project?

My understanding is that it intends to provide a fairly complete emulation of the RPC mechanisms in WinNT and 2000, so that Samba can properly emulate domain controllers. Of course, I could be all wrong here.

Would such a project assist in decoding and emulating the 'wire' protocols of MS applications such as MS Exchange or DCOM? Does it provide any services to native unix applications that don't already exist, or is the goal only to co-exist with Windows networks?
--

Samba's future

[Lumpy]

I was wondering what the future of Samba might be. The momentum behind it and the Open Source movement has given alot of us IT/IS guys here on the front lines a huge amount of ammunition. Do you see a point where samba will be able to start dictating changes to Microsoft? Instead of microsoft constantly trying to "break" samba by adding "features" in order to dictate changes to samba.

Extending SMB

[Blue+Lang]

Heya!

Thanks so much for all your work. I'm sure you know how nice it is to be able to get rid of NT on as many boxes as possible.

My question is:

With linux slowly creeping in as a more ubiquitous platform, have you ever thought about adding open extenstions to SMB to enable new features?

Thanks,
Blue

Taking blame for broken-ness

[Blue+Lang]

I have another one, too :P

How do you deal with stability issues on the NT side of samba? For instance, I have the smb client running on a lot of machines here, because I don't control the NT servers for some departments, and need access to their shares. I have to re-mount those boxes every hew hours, and I'm sure it's because the NT boxes are dropping/resetting my connections, but it looks like instability in the client end. Do you have to deal with that sort of issue a lot, and, if so, have you guys ever considered rewriting the SMB server subsystem.. for NT? :P

--
blue

Did you get any VA Linux stock?

[Zico]

And if so, have you been able to dump it yet, or are you forced to hold onto it for a certain matter of time? What's the feeling around the company about the stock having lost about 72% of its value (from 320 down to 90) in a little over three months, with no sign of bottoming out yet, all while as of last week, VA Linux was still shelling out dough to gobble up other companies like TruSolutions and NetAttach? Any panic in their eyes yet? How low do they think it'll go?

Cheers,
ZicoKnows@hotmail.com

haphazard development

[Medievalist]

I don't think anyone underestimates the tremendous value of the work the Samba team has done, particularly Tridge & Jeremy. I personally am very grateful for the Email help you guys have given me with implementation.

However, as Samba (and the Samba team) has grown, the software has become more difficult to obtain and install. As a specific example; if I want/need TNG, I can't download a package from my linux distributor of choice and .rpm it in; I have to do a CVS load, which is not just more difficult, I think it would be quite intimidating for system managers who haven't ever coded in a CVS environment.
Furthermore, HPUX users (who are essentially already burning in hell, because they have to use HPUX) often don't have a "real" C compiler, or CVS capabilities, so they can only get what somebody else ports - and there is no HPUX 11.00 precompile of TNG available from any reputable source that I know of.
So, the question is, will this trend continue, or will the Samba team make a real release on a more definite schedule than "real soon now"? The current code split makes planning difficult.

Also, does the ongoing rancor directed toward Win95/98 support found on Samba team mailing lists indicate that there will never be adequate support for these very popular desktops?

And finally, how do you feel about HP's shameful lack of attribution in their release of Samba for HPUX? I noticed that when Blackdown got dissed by Sun everyone was up in arms, but I never saw any beefs from the Slashreaders when HP announced CIFS support without crediting you guys.

Roblimo, I hope you won't filter any of these questions out... JA can hand hardball questions, I've seen him do it.

MS-Windows SMB defined?

[SEWilco]

Has Microsoft ever documented their "Windows Networking" implementation of the SMB protocol? (Yes, I know this is their name for SMB, I'm wondering about their documentation policy/results)

Re:Replacing NT

[Vlad_the_Inhaler]

You obviously do not have the remotest idea who Dave is. In his way, he is as much a part of the Samba team as Jeremy; in my book anything he says about Samba is automatically 'Insightful'.

Re:Samba as a security measure?

[Vlad_the_Inhaler]

Samba already offers SSL support.
NT machines only support this via a 3rd party utility (sslproxy), Win9x machines need a proxy server running sslproxy because they cannot handle it directly at all.

Hey Jeremy

[mochaone]

How do you feel about Microsoft doing its best to nullify the work you've done with Samba. How does it feel to be a target of Microsoft !

Dual Domains

[Uncle+Humph1]

Jeremy,

I would like to keep things at a very high level, but I've posed this question to all those whom I know to be very knowledgable about Samba and have yet to get a satisfactory answer. I have 2 questions.

1. My employer uses a dual-domain system where all the user accounts are in one domain and all the accounts for machines are in another. The two domains are incestuously joined with trust relationships. When setting up the Samba Client, is there any way to configure the Samba client to validate credentials to both domains just like the NT boxes on our network?

2. Will the Samba team ever come out with a User Manager or Server Manager for Linux?

Thank You.

Samba TNG, windows 2000, and the Future.

[dieman]

Hello!

I recently got a Linux server and Windows 2000 clients working with TNG .14. I am amazed at how well it works even though TNG msrpc is only really NT 4.0 support.

I figured out how to get the w2k clients into compat mode (because all authencated users no matter what from a nt4 doman become 'User'), but, is there an effort to get w2k domain groups working at all? Is there a hack to get it to work?

Also, I thank you and all of the Samba Team for releasing such a solid product. Samba itself is a great asset to opensource developent and my personal goals to avoid dealing with CALS.

Where can I send [postcards,pizza,beer,etc]?

Unique features

[Signal+11]

I've noticed Samba isn't following the windows specs to the letter. For example, you guys coded into Samba the ability to link networks between a router (forgive me if I'm not clear on this - my docs are behind a firewall right now). Windows doesn't do that.

What other unexplored potential do you see in windows filesharing besides what the official "Microsoft Spec" is?

NetBEUI

[Phexro]

Are there any plans to support the recently-released Linux NetBEUI stack? Though it has little practical use, it could be a nice option for a small to mid-size network migrating from a Microsoft solution.

--

What happens if UCITA passes?

[CodeShark]

As you know, UCITA and the DCMA have some very onerous (and probably unconstitutional) prohibitions about reverse engineering.

How does the potential use/misuse of these laws affect the future viability of the Samba project?

Samba as a security measure?

[bbk]

Where do you see Samba headed in the future, other than to be more compatible with Windows servers and clients? Higher levels of security (read encryption) between Samba only servers?

I've seen many setups using Samba as an extra level of security in the DMZ of a firewall - using the SMB protocol to keep data synchronized instead of normal Unix file transfer protocols (ie ftp or nfs) that are better known to the cracker community.

Did Win2000 break anything?

[Skratch]

Are there any changes in the Win2000 SMB protocol that breaks the current Samba implementation? If so, do you think they were deliberate?

Dynamic mounting

[CAIMLAS]

I'm sure a lot of people have experienced problems with NT servers or other win32 systems that have mounted shares on them go down one time or another. For me, this has led to a lot of irritation. There really don't seem to be too many easy ways to deal with this issue currently. Crontab doesn't quite cut it.

My question: When, if ever, do you see samba having a "dynamic mounting" of shares? Possibly a smbshares.conf that is read any each mount specified is monitored for activity. If the share dies, it is unmounted until it is available again, at which time it is remounted.

-------
CAIMLAS

Samba TNG

[JDax]

I've been following the Samba mailing lists and know about the difficulty of Samba TNG dealing with W2K. &nbsp I'm curious that when changing things to make TNG compatible with W2k, how much that will break compatibility in the mixed Windows environment (knowing that W2K itself breaks alot in the mixed Windows environment).

samba and grander networking schemes

[Matthew+Weigel]

With MacOS X coming out soon, it's possible that for the first time since OS/2 was popular there will be another consumer PC operating system able to work along with or replace NT, but it's also UNIX that supports storing the information samba uses in network databases (NetInfo, NIS), and it also supports providing access to older Macs through Appletalk.

My understanding of, for instance, Mac Services for Windows NT and UNIX Services for Windows NT is that it provides services from the same databases, just with different protocols.

So if you can see where this is going, is there any work on making samba able to make use of network-wide databases for user authentication, share specification (I know it can already use the autohome map, but more than that!), etc.?

In particular, I'm interested in things like:

• Being able to authenticate netatalk, samba, and UNIX users all the same way (i.e., not having smbpasswd, NIS, and /etc/passwd all need to be updated every time a user changes his password or is added)
• Being able to specify at the same time what my file server serve up, via netatalk, samba, and NFS (so I don't edit three configuration files every time I add a share, or move a share)
• Being able to specify from one system what each and every file server serves up, without having to connect to the machine in question and edit the smb.conf by hand (or by web)

Clearly this depends on more than just the samba team, but are there plans to add NIS authentication (i.e., instead of or in addition to smbpasswd), NetInfo authentication, and/or smb.conf NetInfo or NIS databases?

Kerberos

[Claude+Debussy]

Microsoft has apparently molested Kerberos in their latest W2K upgrade, can you clear up some of the confusion about how this will effect samba server->NT.

I've heard their exploitation of the protocol wont effect samba, some say it wreaks havoc, whats the scoop ?

Reverse Engineering SMB

Jeremy, first, a BIG thank you for your work,
I am sure you could lay a pizza-track from Earth
to Jupiter by now with the money you saved people
who would have had to buy Windows NT-Server.

The issue of reverse-engineering has become a
very *hot* issue recently with the advent of
CSS source-code to authenticate DVD-ROMs and
also descramble the content. My questions:

- How much reverse engineering went into the SMB
and WINS protocols, in contrast to real coding,
say up to the first usable share exported from
a Unix machine?
- Did you peek under Microsoft's hood and examine
some VXDs or NT kernel drivers to get to those
last and hardest 10% of insight?
- How important do you think is the roll-out of
working PDC-code?
- Finally, on the law side of things, there is a
German law that explicitly allows reverse
engineering for the purpose of interworkability.
What has been YOUR legal situation (being "down
under"), has Microsoft ever asked you to stop
your work (BEFORE they needed it in their DOJ
case), or even threaten you with legal action
or a life-time supply of pizza?

Thanks so much,
Stephan Eisvogel
eisvogel(at)hawo.stw.uni-erlangen.de

Don't be fooled by the hype.

Samba? Samba? That word says one thing to me, and one thing only: Some slinky disreputable Latin American gigolo character, skulking around the suburbs and worming his way into the hearts of virtuous women, destroying their lives and moving on. The word "samba" says nothing to me of quality or reliability. Nothing.

So Jeremy, I ask you: Why do you choose to be associated with such a grossly disreputable and frankly immoral product? Why do you choose to spend your days lazing around the Beverly Wilshire, oiling your pencil-thin mustache, langorously sipping mai-tai's and attempting to seduce other men's wives? Aren't you disgusted with yourself and the low state to which you've fallen?

Have you no shame?

ACLs

What are the plans for ACL support? I mean the stuff that comes up when you do (in NT) Properties, that second tab, then the Permissions button and get the list of users and groups. Right now we can mess with the existing user and group, but adding people fails.

Will this tie in with the Linux patch to add POSIX ACLs, or will it happen above that layer in a file Samba maintains?

The possibility exists for me to subvert W2K at my place of business if Samba can do this for my users. I hope this happens soon.

VFS

[Quicker]

At one time (when I actually had free time) I was getting into the VFS system that is in SAMBA. For those that don't know, a gentleman named Tim Potter had started the VFS code because he wanted to use SAMBA to mount his tape drive. I was interested in extending SAMBA with VFS to mount relational databases as a file system so I could just copy objects into the tables of a database using normal file manipulation tools like cp and mv.

I have been out of the loop for a very long time, but was wondering how things a going with the VFS stuff and if anybody else has picked up on it. The possibilities are endless. One could "share" FTP sites, databases, tape drives, archives (tar, gz, zip) to the masses who use Windows clients while keeping them in the familiar surroundings of the Windows Explorer filemanager.

What are the plans for VFS in SAMBA?

Keep up the good work.

For the Challenge or Outcome

[Col.+Klink+(retired)]

Do you work on SAMBA for the thrill of the challenge of reverse engineering SMB or just for the practical uses? If MicroSoft were to open their protocols (perhaps as part of a DoJ settlement), would you still find it as much fun?

Active Directory vs. LDAP

[wilkinsm]

Now that Windows 2000 can use a basterized version of LDAP vs. the undecriptable SAM, does it become any more feasible to have Access Control Lists (ACL) work from Unix? What are your feelings on the "extenstions" that Microsoft made to the LDAP spec - are they insurmountable to decode?

Samba and Active Directory

[dee^lOts]

With the release of Windows2000 we saw the introduction of a new computer, user, group managment system. Microsoft included some ability to be backwards compatible with WindowsNT Servers, Microsoft also included the ability to run Windows2000 in "native mode." which effectivly disallows any NT client/server from participating in it's user management. How will this affect Samba? Will Samba include Windows2000 "native mode" support, also will the AD tools used to administer a Windows2000 Server be able to administer a Samba server?

Report Comments

[brunes69]

I am currently in the process of writing a university-level report for a course I am taking. The topic of the report will be SMB vs. NFS. I am not trying to identify a clearly "surperiour" protocol, I am seeking rather to simply present as much detailed facts/benefits of each and have the reader decide for themselves.

Obviously you would be an ideal person to ask about this topic. What are your feelings as to the advantages SMB has over NFS, if any, and how could the benefits of NFS, if any, be carried over into SMB?

Replacing NT

[Pheros_7f4]

I am continually amazed each time a major release of Samba comes out how well it works. My question is, I know that the Samba group has been working towards make Samba a suitable replacement for NT. How far do you expect that to go. I know you're in a continual battle with MS changing things with every minor release, but do you expect to someday get to the point where I can completely replace my NT PDC machine with a Unix/Linux box that has the same functionality?
Perhaps the same question stated differently is what are the long term goals for the project in relation to NT PDC Server compatibility?
Any estimates on how long such compatibility will take?

Thanks again for all the hard work!!