Samba-TNG Team Releases 0.3

emissary47 writes "The Samba-TNG (the next generation) team, releases the first beta of Samba-TNG (a Samba fork since 2000) including some very interesting features for everyone willing to replace NT4 domain controllers. With excellent LDAP-backend support, integration of Microsoft tools such as usermanager for domains and servermanager and a powerful command-line tool called rpcclient it is _the_ alternative solution for Windows domain controlling at the moment. They even include scripts for NT4-server migration in order to make a change easier."

What about Samba-DS9?

How will they handle the wormhole effect?

What's new?

[$$$$$exyGal]

Taken directly from the announcement, but it's short enough to just put here.

Most important changes in 0.3:

• Updated LDAP schema in ldap/samba-tng.schema-v3
• Improved LDAP backend (subcontexts, performance speed up)
• NT trusting TNG works now out of the box
• Update to the registry tools in rpcclient
• libiconv usage

--sex

Re:What's new?

[Anonym0us+Cow+Herd]

Is File Locking critical?

Yes. There are plenty of applications that exploit this capability.

A long time ago, in a galaxy far, far away, before the dark times, that is, before MS SQL Server, there were multi user applications. Multiple workstations, each locally running a copy of the application, could open the same data file on the server. Because they could, through the API, request certian byte range portions of the file be "locked" from other users who had the file open, they could effectively do sophisticated multi user operations without a database server. (Database servers were things for mainframes.)

There are still programs that can do this. For instance. Microsoft Visual FoxPro. If you use FoxPro's native database (not an ODBC to some other database), then you need nothing more than a shared folder on a fileserver that supports locking. Too bad that SMB isn't suitable. This effectively cuts out some vertical market applications written in tools such as Visual FoxPro from using a shared Samba server. "Sorry, Mr. Customer, to run this specialized package, you'll need an NT server, a Novell server or an AppleShare server."

Don't think these are merely "legacy" applications either.

How many modern software programs allow concurrent editing of a document by multiple people? (where the applications cooperate in modifications to the data structures of the document and don't clibber each other) Excel? Word?

Re:What's new?

[Jeremy+Allison+-+Sam]

Err - both Samba-TNG and Samba support this (byte-range
locks). Out of the box. We have done for years. I wrote the
code :-). That's why you can use Samba for these multi-user
apps :-).

Jeremy.

Samba lead considers the fork a Good Thing(TM)

[tempest303]

Before anyone gets off on a huge rant about this fork being pointless/harmfull/etc, read this - it's a statement by Andrew Tridgell, saying that he is "delighted" about the fork...

Re:I've read the FAQ, but still don't know

[Anonvmous+Coward]

"What does the TNG stand for?"

It stands for:

That's
Not
Gnu
.

late ???

[johnjones]

late I dont think so

even MS will admit that they cant get people to move from NT to XP or 2k

this is right on time ! because people will start to find NT is no longer supported by MS and move what they move to might just not be Microsoft based because its too expensive hence samba TNG

but what I want to know is this

can samba-TNG be a real PDC and comunicate to a NT BDC all the information such as the userlist AND when it falls over and comes back up (system maintenance) take back the PDC status and any changes from the BDC ?

acting as a PDC and syncing with a NT BDC is what SAMBA really lacks IMHO

regards

John Jones

Re:late ???

[ed1park]

"Can Samba be a Backup Domain Controller?
With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on understanding and implementing the protocols, but this work has not been finished for version 2.2.

Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to service logon requests whenever the PDC is down."

You can find out more here...

http://us2.samba.org/samba/ftp/cvs_current/docs/ ht mldocs/samba-bdc.html

Re:late ???

[buchanmilne]

can samba-TNG be a real PDC and comunicate to a NT BDC all the information such as the userlist AND when it falls over and comes back up (system maintenance) take back the PDC status and any changes from the BDC ?

AFAIK, this is what TNG was aiming for.

acting as a PDC and syncing with a NT BDC is what SAMBA really lacks IMHO

You mean samba-2.2.x. Samba-3.0alpha does support this, and has a better NT->Samba migration tool, 'net rpc vampire'.

Samba3 is due out in about 2 months (hopefully).

What I want to know is, have they got all the samba-2.2.x features?

We run samba-2.2.x with ldap support for samba-only PDC/BDC operation.

Re:late ???

[psamuels]

obKarmaBonus: because I'm a samba-tng developer (:

this is right on time ! because people will start to find NT is no longer supported by MS and move what they move to might just not be Microsoft based because its too expensive hence samba TNG

Right. The other thing is, with LDAP support, samba-tng (and samba.org for that matter) has many of the internal advantages of Active Directory. Network-side, it still looks like NT4, but internally, you can manage it via LDAP rather than the crusty old tools.

For this reason, I personally don't see a lot of point in emulating a true Active Directory server. It just doesn't seem to buy all that much on Unix. On Win2k you have the whole world integrated into Active Directory - the DHCP server, the DNS server, dynamic DNS tying the two together, you name it. I think that's most of the value proposition of Active Directory, and on Unix the whole integration thing wouldn't be there anyway.

Years ago, when samba-tng was young and fresh, someone (can't remember who, I think Luke Howard was involved) tried to write an NT5-compatible LDAP backend. It was never finished, but the regular LDAP backend matured to the point where we don't feel we need the AD-compatible one. The difference was mainly in the LDAP schema, as I recall.

Re:NTLMv2?

[praetorian_x]

In what context? NTLM authentication over the web (between IE and a java based app server) is available at http://jcifs.samba.org. This is a great solution for "single signon" for intranet applications.

Of course, it goes without saying, that this protocol is not internet safe

The JCIFS team even includes a delightful filter than you can plug in so request.getRemoteUser() will return DOMAIN_NAME\user_name. Realy good stuff for intranet development.

Now, if only 'zilla will get NTLM support in 1.3...

Cheers,
prat

Samba-TNG+OpenLDAP howto

Due to the complexity of LDAP, and samba w/PDC in general about 6 months ago I wroteup a pretty significant document on how to configure and deploy such a system, I've spent more then 40 hours on it to date, it's fairly complete:

http://howto.aphroland.de/HOWTO/LDAP

no way in hell could it withstand the slashdot effect, it runs ontop of Zope which is slow enough as it is! Apache seems to be in the order of 2000x to 2500x faster then zope+Zwiki, but the features of zope make it worth it.

(been on /. for 5 years and still don't have an account)

Re:Gui configuration tools?

[Jellybob]

From what I read in the summary, you can use the same tools you'd use to admin a native NT4 server, at least for the server list, and users.

Re:NTLMv2?

[abartlet]

NTLMv2 authentication is fully supported in Samba 3.0 - we brought the code across from TNG 18 months ago.

Recent alphas have LMv2 authenticaion too :-).

The truth is, almost nobody uses NTLMv2 - certainly not MS...

Re:Article Extremely Misleading

[abartlet]

This comment is misleading. There are no plans for samba.org to release Samba TNG, they are there own project now, and we have our own development process that is producing a very nice PDC for 3.0.

Samba 2.2 contained basic domain control capabilty, and 3.0 really does a good job of completing it.

Also, Samba 3.0 does many things that TNG does not - in particular Active Directory client support, and even Active Directory DC developement (very early)

Still doesnt fix a Samba problem.

[Lumpy]

Older but still heavily used DOS based Medical and Accounting packages WILL NOT reliably use a samba machine for a SMB share. a NT server will do it fine, but samba, including the latest and greatest will not. it keeps losing data or losing the connection.

Cince most doctor offices still use Dos based medical software, and Most companies still use their DOS based Accounting software (Quickbooks is a Joke compared to these real accounting packages) any migration of their servers to linux spells doom.

I've waited for over 4 years for this issue to be dealt with and it seems that the samba team is not interested.

I personally wouldn't use these old (but still cost thousands today) apps.... but you cant tell a customer that to save $400.00 on their server they need to spend another $5500.00 to change their software suite and spend 100-200 hours manually keying in the old data into the new system.

companies are funny that way.

Re:Samba-TNG

[CleverNickName]

Code named 'Crusher'.

. . . and don't go asking me to reorganize your isolinear optical chips if you decide to play cowboy and run your server through the heart of an anomaly.

I don't do that shit anymore.

Re:Printing?

[psamuels]

Did I mis-read it?

No, you read it right. Here's the thing. samba.org has a much larger and (well, at least back in the boom days) better-funded team than we do, so we can only concentrate on so much at a time. Printing just isn't a priority. It might work in samba-tng, in some cases (it is after all derived from samba.org code, which includes printing) but we don't pay much attention to it.

If you need your PDC to also be a print server, you should either (a) run samba-tng and samba.org on the same machine, on two separate IP addresses and netbios names (yes, this is a common and supported configuration), or (b) just use samba.org for your PDC, which in the past wasn't such a great idea but nowadays it is reported to be quite usable.