Slashdot Mirror
Learn from Samba-Man Jeremy Allison
Jeremy is a leading Samba maintainer, and therefore one of the world's leading experts on Samba, which is often held up (along with Apache and the Gimp) as a sterling example of efficient and useful Open Source development. In the interest of full disclosure, we must mention that Jeremy is now employed by VA Linux, but that his primary responsibility is still Samba, just as it was when he worked for SGI. Look for Jeremy's answers to your questions within the next week.
...or some flavor of ACL stuff, e.g. the stuff that was being worked on as a POSIX draft, or various implementations based on various POSIX drafts (Solaris and Digital UNIX both have POSIX-draft-like ACLs, and other UNIXes might as well - there's a project to implement them for Linux as well), or non-POSIX-style ACLs such as appear on HP-UX.
But that's not necessarily what the poster to whom you're replying was asking for. He/she said:
Said tab is the tab for the file's ACL.
He/she then said:
If it ties in with the Linux patch in question, that'd obviously be per-file ACLs (it'd also be difficult, given that NT ACL semantics, which is what clients will be expecting, aren't the same as POSIX ACL semantics), and if it's done "in a file Samba maintains", it could, in theory, be done with per-file ACLs (I think some commercial SMB-server-for-UNIX does that), although the problem then is that said ACLs don't apply to UNIX users, just to SMB clients, so if somebody grants or denies Joe Blow access by adding an ACL entry, that doesn't necessarily mean that if Joe Blow logs into the box running Samba, or a UNIX box that's NFS-mounted stuff from the Samba box, he will necessarily be granted or denied access.
No. SMB's file model is similar to NFS's file model - "please give me N bytes from the file starting at an offset of X" or "please write the following N bytes to the file starting at an offset of X". Typically, the server doesn't care what the bytes are, it just reads them or writes them.
Some SMB and NFS servers might offer an option to translate between different text file formats if the file is a text file, but I don't know whether any do.
I've read music and video files from our (Network Appliance's) SMB servers; I would expect it to work reading from a Samba server as well (there's no reason why it shouldn't work).
I disagree. It's the fact that I can buy a GeForce 3D accelerator that literally destroys SGI's top of the line from a few years ago that killed SGI. The bottom simply fell out of the 3D market, in the early 90s, enabling a kid with a $2000 PC to have as much power and rendering capability, for the most part, as an entry level Indy. Silicon Graphics, as the name implies, had always had the graphics segment of the market cornered and hands down was better than anything Wintel could muster up. This is not true anymore; the graphics hardware available for PC beats all but the extreme top of the line stuff available for Irix/SGI/Unix. Luckily for Sun no major revolution came along in hard drives or processors, or else you might see them in the same position SGI is in now. Instead, they continue to fill their coffers because the server market is still quite lucrative. This is not true for the workstation graphics market, which basically endured a paradigm shift recently. If you had to pick one creation that killed SGI, I guess you could say 3dfx.
--
I think there is a world market for maybe five personal web logs.
What are the plans of Samba client on Linux with regards to OS/2? Can we expect the ability to actually allow Linux (as a client OS) to access shares on an OS/2 file/print server on small networks/home networks?
Eviscerati.Org: All Hail the Eviscerati
Will we see a Samba port to Windows, as a more flexible / less licence-encumbered alternative to the built-in file and print sharing?
-- Ed Avis ed@membled.com
I have heard that the Samba folks have found buffer overflows in every major TCP/IP stack but make a policy of trying to notify the vendors rather than publicizing them. (OK, you fix the Linux bugs. :-)
Given this, how do you respond to the argument that vendors only fix their problems when threatened with disclosure, and therefore when you find problems you should not merely notify, but also threaten to disclose the problem if it is not fixed?
Thanks,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
> Higher levels of security (read encryption) between Samba only servers?
The SAMBA group has always maintained that their duty is only to replicate MicroSoft's protocols, not expand them.
> using the SMB protocol... instead of normal Unix file transfer protocols... that are better known
Ugh. Tell your PHBs that "Security through obscurity is no security". If they want security, use ssh and encrypt.
-- Don't Tase me, bro!
Could you provide an explanation of the TNG project?
My understanding is that it intends to provide a fairly complete emulation of the RPC mechanisms in WinNT and 2000, so that Samba can properly emulate domain controllers. Of course, I could be all wrong here.
Would such a project assist in decoding and emulating the 'wire' protocols of MS applications such as MS Exchange or DCOM? Does it provide any services to native unix applications that don't already exist, or is the goal only to co-exist with Windows networks?
--
Business. Numbers. Money. People. Computer World.
I was wondering what the future of Samba might be. The momentum behind it and the Open Source movement has given alot of us IT/IS guys here on the front lines a huge amount of ammunition. Do you see a point where samba will be able to start dictating changes to Microsoft? Instead of microsoft constantly trying to "break" samba by adding "features" in order to dictate changes to samba.
Do not look at laser with remaining good eye.
Heya!
Thanks so much for all your work. I'm sure you know how nice it is to be able to get rid of NT on as many boxes as possible.
My question is:
With linux slowly creeping in as a more ubiquitous platform, have you ever thought about adding open extenstions to SMB to enable new features?
Thanks,
Blue
i browse at -1 because they're funnier than you are.
I have another one, too :P
:P
How do you deal with stability issues on the NT side of samba? For instance, I have the smb client running on a lot of machines here, because I don't control the NT servers for some departments, and need access to their shares. I have to re-mount those boxes every hew hours, and I'm sure it's because the NT boxes are dropping/resetting my connections, but it looks like instability in the client end. Do you have to deal with that sort of issue a lot, and, if so, have you guys ever considered rewriting the SMB server subsystem.. for NT?
--
blue
i browse at -1 because they're funnier than you are.
And if so, have you been able to dump it yet, or are you forced to hold onto it for a certain matter of time? What's the feeling around the company about the stock having lost about 72% of its value (from 320 down to 90) in a little over three months, with no sign of bottoming out yet, all while as of last week, VA Linux was still shelling out dough to gobble up other companies like TruSolutions and NetAttach? Any panic in their eyes yet? How low do they think it'll go?
Cheers,
ZicoKnows@hotmail.com
I don't think anyone underestimates the tremendous value of the work the Samba team has done, particularly Tridge & Jeremy. I personally am very grateful for the Email help you guys have given me with implementation.
.rpm it in; I have to do a CVS load, which is not just more difficult, I think it would be quite intimidating for system managers who haven't ever coded in a CVS environment.
However, as Samba (and the Samba team) has grown, the software has become more difficult to obtain and install. As a specific example; if I want/need TNG, I can't download a package from my linux distributor of choice and
Furthermore, HPUX users (who are essentially already burning in hell, because they have to use HPUX) often don't have a "real" C compiler, or CVS capabilities, so they can only get what somebody else ports - and there is no HPUX 11.00 precompile of TNG available from any reputable source that I know of.
So, the question is, will this trend continue, or will the Samba team make a real release on a more definite schedule than "real soon now"? The current code split makes planning difficult.
Also, does the ongoing rancor directed toward Win95/98 support found on Samba team mailing lists indicate that there will never be adequate support for these very popular desktops?
And finally, how do you feel about HP's shameful lack of attribution in their release of Samba for HPUX? I noticed that when Blackdown got dissed by Sun everyone was up in arms, but I never saw any beefs from the Slashreaders when HP announced CIFS support without crediting you guys.
Roblimo, I hope you won't filter any of these questions out... JA can hand hardball questions, I've seen him do it.
Has Microsoft ever documented their "Windows Networking" implementation of the SMB protocol? (Yes, I know this is their name for SMB, I'm wondering about their documentation policy/results)
You obviously do not have the remotest idea who Dave is. In his way, he is as much a part of the Samba team as Jeremy; in my book anything he says about Samba is automatically 'Insightful'.
Mielipiteet omiani - Opinions personal, facts suspect.
Samba already offers SSL support.
NT machines only support this via a 3rd party utility (sslproxy), Win9x machines need a proxy server running sslproxy because they cannot handle it directly at all.
Mielipiteet omiani - Opinions personal, facts suspect.
Andrew Tridgell took over smbmount starting with version 2.0.5., the documentation has not kept pace with this change.
My question, do you need help weeding out documentation that is no longer correct? While my technical background (no NT, only basic Linux) means that a lot of stuff is over my head, some of the documentation obviously needs pruning and I would be available for that.
A related question: is John Terpstra still in the project?
Mielipiteet omiani - Opinions personal, facts suspect.
Samba 2.0.7 is in pre-release, it is specifically aimed at fixing Win2k incompatabilities.
Mielipiteet omiani - Opinions personal, facts suspect.
How do you feel about Microsoft doing its best to nullify the work you've done with Samba. How does it feel to be a target of Microsoft !
Hates people who have stupid little sigs
Jeremy,
I would like to keep things at a very high level, but I've posed this question to all those whom I know to be very knowledgable about Samba and have yet to get a satisfactory answer. I have 2 questions.
1. My employer uses a dual-domain system where all the user accounts are in one domain and all the accounts for machines are in another. The two domains are incestuously joined with trust relationships. When setting up the Samba Client, is there any way to configure the Samba client to validate credentials to both domains just like the NT boxes on our network?
2. Will the Samba team ever come out with a User Manager or Server Manager for Linux?
Thank You.
Hello!
.14. I am amazed at how well it works even though TNG msrpc is only really NT 4.0 support.
I recently got a Linux server and Windows 2000 clients working with TNG
I figured out how to get the w2k clients into compat mode (because all authencated users no matter what from a nt4 doman become 'User'), but, is there an effort to get w2k domain groups working at all? Is there a hack to get it to work?
Also, I thank you and all of the Samba Team for releasing such a solid product. Samba itself is a great asset to opensource developent and my personal goals to avoid dealing with CALS.
Where can I send [postcards,pizza,beer,etc]?
-- dieman - Scott Dier
What other unexplored potential do you see in windows filesharing besides what the official "Microsoft Spec" is?
--
How does the potential use/misuse of these laws affect the future viability of the Samba project?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
Where do you see Samba headed in the future, other than to be more compatible with Windows servers and clients? Higher levels of security (read encryption) between Samba only servers?
I've seen many setups using Samba as an extra level of security in the DMZ of a firewall - using the SMB protocol to keep data synchronized instead of normal Unix file transfer protocols (ie ftp or nfs) that are better known to the cracker community.
Are there any changes in the Win2000 SMB protocol that breaks the current Samba implementation? If so, do you think they were deliberate?
-- My neighbors dog has a four inch clit.
My question: When, if ever, do you see samba having a "dynamic mounting" of shares? Possibly a smbshares.conf that is read any each mount specified is monitored for activity. If the share dies, it is unmounted until it is available again, at which time it is remounted.
-------
CAIMLAS
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
I've been following the Samba mailing lists and know about the difficulty of Samba TNG dealing with W2K.   I'm curious that when changing things to make TNG compatible with W2k, how much that will break compatibility in the mixed Windows environment (knowing that W2K itself breaks alot in the mixed Windows environment).
-- Win2k: "It's not so much that it's only 65,000 bugs, it's just that they stopped at 65,535 to prevent an overflow."
My understanding of, for instance, Mac Services for Windows NT and UNIX Services for Windows NT is that it provides services from the same databases, just with different protocols.
So if you can see where this is going, is there any work on making samba able to make use of network-wide databases for user authentication, share specification (I know it can already use the autohome map, but more than that!), etc.?
In particular, I'm interested in things like:
- Being able to authenticate netatalk, samba, and UNIX users all the same way (i.e., not having smbpasswd, NIS, and
/etc/passwd all need to be updated every time a user changes his password or is added) - Being able to specify at the same time what my file server serve up, via netatalk, samba, and NFS (so I don't edit three configuration files every time I add a share, or move a share)
- Being able to specify from one system what each and every file server serves up, without having to connect to the machine in question and edit the smb.conf by hand (or by web)
Clearly this depends on more than just the samba team, but are there plans to add NIS authentication (i.e., instead of or in addition to smbpasswd), NetInfo authentication, and/or smb.conf NetInfo or NIS databases?--Matthew
Microsoft has apparently molested Kerberos in their latest W2K upgrade, can you clear up some of the confusion about how this will effect samba server->NT.
I've heard their exploitation of the protocol wont effect samba, some say it wreaks havoc, whats the scoop ?
Jeremy, first, a BIG thank you for your work,
I am sure you could lay a pizza-track from Earth
to Jupiter by now with the money you saved people
who would have had to buy Windows NT-Server.
The issue of reverse-engineering has become a
very *hot* issue recently with the advent of
CSS source-code to authenticate DVD-ROMs and
also descramble the content. My questions:
- How much reverse engineering went into the SMB
and WINS protocols, in contrast to real coding,
say up to the first usable share exported from
a Unix machine?
- Did you peek under Microsoft's hood and examine
some VXDs or NT kernel drivers to get to those
last and hardest 10% of insight?
- How important do you think is the roll-out of
working PDC-code?
- Finally, on the law side of things, there is a
German law that explicitly allows reverse
engineering for the purpose of interworkability.
What has been YOUR legal situation (being "down
under"), has Microsoft ever asked you to stop
your work (BEFORE they needed it in their DOJ
case), or even threaten you with legal action
or a life-time supply of pizza?
Thanks so much,
Stephan Eisvogel
eisvogel(at)hawo.stw.uni-erlangen.de
Samba? Samba? That word says one thing to me, and one thing only: Some slinky disreputable Latin American gigolo character, skulking around the suburbs and worming his way into the hearts of virtuous women, destroying their lives and moving on. The word "samba" says nothing to me of quality or reliability. Nothing.
So Jeremy, I ask you: Why do you choose to be associated with such a grossly disreputable and frankly immoral product? Why do you choose to spend your days lazing around the Beverly Wilshire, oiling your pencil-thin mustache, langorously sipping mai-tai's and attempting to seduce other men's wives? Aren't you disgusted with yourself and the low state to which you've fallen?
Have you no shame?
What are the plans for ACL support? I mean the stuff that comes up when you do (in NT) Properties, that second tab, then the Permissions button and get the list of users and groups. Right now we can mess with the existing user and group, but adding people fails.
Will this tie in with the Linux patch to add POSIX ACLs, or will it happen above that layer in a file Samba maintains?
The possibility exists for me to subvert W2K at my place of business if Samba can do this for my users. I hope this happens soon.
I have been out of the loop for a very long time, but was wondering how things a going with the VFS stuff and if anybody else has picked up on it. The possibilities are endless. One could "share" FTP sites, databases, tape drives, archives (tar, gz, zip) to the masses who use Windows clients while keeping them in the familiar surroundings of the Windows Explorer filemanager.
What are the plans for VFS in SAMBA?
Keep up the good work.
Do you work on SAMBA for the thrill of the challenge of reverse engineering SMB or just for the practical uses? If MicroSoft were to open their protocols (perhaps as part of a DoJ settlement), would you still find it as much fun?
-- Don't Tase me, bro!
Now that Windows 2000 can use a basterized version of LDAP vs. the undecriptable SAM, does it become any more feasible to have Access Control Lists (ACL) work from Unix? What are your feelings on the "extenstions" that Microsoft made to the LDAP spec - are they insurmountable to decode?
With the release of Windows2000 we saw the introduction of a new computer, user, group managment system. Microsoft included some ability to be backwards compatible with WindowsNT Servers, Microsoft also included the ability to run Windows2000 in "native mode." which effectivly disallows any NT client/server from participating in it's user management. How will this affect Samba? Will Samba include Windows2000 "native mode" support, also will the AD tools used to administer a Windows2000 Server be able to administer a Samba server?
I am currently in the process of writing a university-level report for a course I am taking. The topic of the report will be SMB vs. NFS. I am not trying to identify a clearly "surperiour" protocol, I am seeking rather to simply present as much detailed facts/benefits of each and have the reader decide for themselves.
Obviously you would be an ideal person to ask about this topic. What are your feelings as to the advantages SMB has over NFS, if any, and how could the benefits of NFS, if any, be carried over into SMB?
I am continually amazed each time a major release of Samba comes out how well it works. My question is, I know that the Samba group has been working towards make Samba a suitable replacement for NT. How far do you expect that to go. I know you're in a continual battle with MS changing things with every minor release, but do you expect to someday get to the point where I can completely replace my NT PDC machine with a Unix/Linux box that has the same functionality?
Perhaps the same question stated differently is what are the long term goals for the project in relation to NT PDC Server compatibility?
Any estimates on how long such compatibility will take?
Thanks again for all the hard work!!