Samba 3.0.0RC1 Released

dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."

additional new feature

broken and horribly slow!

i installed v3 .. moved back to v2 after about an
hour of being pissed off at trying to speed it up
to the v2 levels

Re:additional new feature

[ftg888]

slow.slow.slow... hard to compile openbsd 3.3 k.

Re:additional new feature

[yvesbe]

I've been checking out a win2003 AD install for a client lately. A fairly fast workstation(2.4ghz) The creating of SID's thingy is soooo slow. My feeling is that the whole Active Directory is not mature yet.

Re:additional new feature

Everyone complains about the weather, but no one does anything about it.

Re:additional new feature

Just because you can't configure it right, don't call it 'broken'. Learn to read, and you'll figure it out.

Re:additional new feature

[AstroDrabb]

AD is indeed VERY slow. I have to work with it at work and it blows. I wish they (the admins) would use a plain ole LDAP server. OpenLDAP is much better IMO.

Re:additional new feature

[yvesbe]

I'm considering mentionning LDAP to that same customer...

Re:additional new feature

[yvesbe]

It's been configured right... by some very capable MS guys. the thing is too bloated for small networks...

Re:additional new feature

[cheezit]

Vanilla LDAP != inherently better than AD. There are some crappy LDAP servers out there. Whatever you can say about openLDAP, the management and administration side of it is primitive.

I consider AD to be a viable general-purpose LDAP server for certain applications. I'm using it for a 20K user directory right now...but I wouldn't go over 250K with it, especially one that required any kind of master-hub-replica architecture to scale.

Re:additional new feature

[bogie]

Gee and this is from and AC with no proof or benchmarks. Well that settles it, Samba RC3 is officially "broken and horribly slow."

Glad this was modded up to +5 Informative so we all know to never use Samba 3.x. :rolleyes:

Re:additional new feature

[AstroDrabb]

You should. OpenLDAP is very good. However, you can also look at commercial versions put out by Novell and Sun. Present them with choice over the MS dictate method.

Re:additional new feature

[Malcontent]

" Vanilla LDAP != inherently better than AD. "

Maybe not but it is more compatible with other operating systems and non MS software.

I think those are strong enough reasons to avoid it right there.

Re:additional new feature

[AstroDrabb]

The problem is, is that AD is not a general purpose LDAP server. They diverged too much from regular ole LDAP which makes coding against it a pain. The company I am at have 110,000 employees in it plus other junk. It just get a little too slow for me with that much stuff in it. OpenLDAP and Novell can handle it with no problems. I also had more of a pain coding a java app and a php site to use it over a standard LDAP server.

Re:additional new feature

[whereiswaldo]

This one grabbed my attention:

A new "net" command has been added. It is somewhat similar to
the "net" command in windows. Eventually we plan to replace
numerous other utilities (such as smbpasswd) with subcommands
in "net".

Why, oh why chunk everything into one huge and fumbly command? I find "net ???" on Windows to be a pain in the arse to use and usually end up going through several 'net help blah' sessions when looking for how to do something.

Keep smbpasswd separate. You can still chunk it by prefixing smb-related commands with "smb" (hit [tab] to see the list of commands and start with smb). Not good, or what? I think it's fine.

Re:additional new feature

If you think its too bloated for small networks, imagine how bloated it must be for large networks :)

Re:additional new feature

Not the same AC.

I find it curious that people attach more "truth" to a posting by someone with an account. It costs nothing to make an account, and you can create as many as you need, why does the use of an AC account warrant scorn in many eyes?

I've been reading slashdot for several years, don't troll, I've even had several +5 informative/interesting all while posting AC.

Shouldn't the posting be judged on the words, not on the poster and/or usage of AC?

NB: Not aimed at anyone, just a general question.

Re:additional new feature

Actually the AD system at British Petroleum has well over 10 million objects that has a master hub type replication system.

Re:additional new feature

[rkz]

Go with Novell if you want any sort of functionality from LDAP.
Many people miss the point of Active Directory which is indeed an amazing technology. You get fine grain control of peoples registry, services and Programs through the use of GPO.

For example, say one of the departments has brought licences for Office. You can set their group of the directory to have a Group Policy which installs Office on all their computers as soon as they log on.
Other uses is to disable services and push security patches.
The thing blows anything else away, the only vendor that comes close is Novell with their ZenWorks but that requires a lot of extra work.

Re:additional new feature

[DrXym]

Or (horrors!) make smbpasswd a small shell script which invokes the proper command in the net command.

Or do what the likes of busybox, gzip, bzip2 etc. do and look at the name of the executable / link that invoked it and perform that action. For example in busybox you can make links to it called ls, rm, mv etc. and it does the right thing when they're invoked. It doesn't seem too dissimilar if this net program did the same, checking if argv[0] says 'smbpasswd' and just invoke that functionality.

Re:additional new feature

Somethings not configured right then. We've been running active directory since day 1 (actually an msdn copy for a while, scary). We recently migrated the schema to 2003 and its just as fast. Workstation could be your problem though. I assume you have some fast scsi drives and 1 gig of ram?

Re:additional new feature

[SillySlashdotName]

It costs nothing to make an account, and you can create as many as you need

So posting AC flags your (generic AC, not you personally...) post as either in the posters estimation worth less than the cost of creating an account (nothing) or a comment that a registered user DOES NOT WANT TO BE ASSOCIATED with.

In addition, with the ability to use 'handles' (like "SillySlashdotName"), the decision to post AC can indicate laziness on the part of the poster.

In essence, not taking the time to sign in (or enable cookies) shows that you (again talking generic AC) don't value your post much, so I don't see why I should afford it more value than you seem to be.

Shouldn't the posting be judged on the words, not on the poster and/or usage of AC?

Yes, it should, but again, if the post is flagged as "not important enought to sign in, or so unpopular that the poster does not want to even give a handle" by posting AC, then it starts with a built in prejudice against it. As you know, some AC posts do get modded up, but only by overcoming that initial 'AC' prejudice.

Not saying it is right, but just the way it seems to be.

Re:additional new feature

[WoTG]

I'll take a few "net help"'s over guessing what a command name is anyday.

You can't ask for a man page if you don't even know what command you're trying to use! Though, you're right about that [tab] thing... I can remember at least one time that that would have saved me some time.

Anyway, chances are the old commands will still be there. This just provides an option for everyone who is used to "net" on Windows already.

Active Directory

[isam_b]

Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
Way to Go Samba!

Re:Active Directory

Having the Active Directory support is really a bug feature

Now, was this a Freudian slip or what...

Anonymous Cowards Unite

Re:Active Directory

[isam_b]

opps :)

Bug= Big

Re:Active Directory

Wait, a bag feature? They have features in a bag?

Re:Active Directory

[stor]

I'm happy, I'm feeling glad
I got features in a bag
They're useless but not for long
Release date is coming on...

Cheers
Stor

Re:Active Directory

[Gherald]

> Anonymous Cowards Unite

Yer all the same anyway ;)

Re:Active Directory

[jmt9581]

Having the Active Directory support is really a bug feature

Did he main "big feature" or "bug feature?" You decide. :P

Re:Active Directory

Are you sure it's not a feature bug instead?

Changes to Auth system

[notque]

3) New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.

Does this mean I won't have to authenticate for every directory I access?

(Or are we misconfigured from the get go, and I should know and fixed such an issue :)

Re:Changes to Auth system

[aled]

My brain doesn't have the neural paths to understand some unix documentation, including samba, many man pages, etc. They seem to be produced from the old IBM school that says that the documentation should be for people that already is expert on the topic.
And don't forget all those switchs that are platform dependent, remember the source code is the documentation.

Re:Changes to Auth system

[coene]

Misconfigured up the yang ;)

Re:Changes to Auth system

My brain doesn't have the neural paths to understand some unix documentation, including samba, many man pages, etc. They seem to be produced from the old IBM school that says that the documentation should be for people that already is expert on the topic.

Yes. The term for these people is "Professionals". That's why we make money doing it.

Re:Changes to Auth system

[aled]

To be fair I just checked the samba site and the new documentation seems to be much better and more detailed.

Re:Changes to Auth system

[silas_moeckel]

Yes documentation should be the expert on the topic written for somebody with a background in real engineering (your average MSCE dosent count) let the howto's and the for dummys books deal with spoon feeding cookbooks to end users if your having the authoritive person on the subject write documentation aka the programming team write the most technical documentation you should ever need without having to do redo code yourself.

I say this because there are to many porly documented applications out there. Documentation to often is looked at by the marketing department and dumbed down so nobody might get scared of it. If you have ever looked at the home service manual for a Saturn (the $500 one thats an option) that nearly would allow you to machine replacment parts thats documentation. Want something easy to read with pretty pictures get a for dummy's book aka the dumbed down book from somebody that read and understood most of the documentation.

Re:Changes to Auth system

[BigBadBri]

You intellectual snob.

How dare you discriminate against those poor people that can earn obscene amounts of money by learning how to pass MCSE exams without the slightest bit of computer expertise?

You, sir, are a cad, and a Unix elitist bastard. Anyone knows that true enterprise solutions only require a few mouse clicks to configure, and that manuals are for those who have overstayed their contracts.

Have to say I agree with you 100% though ; /.

Re:Changes to Auth system

[silas_moeckel]

Oh dont worry I make plenty of money working with windows as once people figure out the paper MSCE's cant do what is required they hire a compotent consultant. :)

BTW I like the right tool for the problem beleive it or not clusters of Linux boxes dont work for any problem yet.

Re:Changes to Auth system

[jonadab]

> BTW I like the right tool for the problem beleive it or
> not clusters of Linux boxes dont work for any problem yet.

Of course not. For some problems you need BSD ;-)

Re:Changes to Auth system

You may be a "compotent" consultant, but I won't be hiring somebody who can't even construct a proper English sentence, anytime soon. Let me guess, you are a product of the American public school system?

Re:Changes to Auth system

[dnoyeb]

Hey! I've got a MS in CE. I wonder if I'd get more doe with an MSCE these days. Companies are strange...

Re:Changes to Auth system

[aled]

I don't get what you mean. I never cared or get a MSCE but are you saying that my degree in CS is not enough to understand Samba configuration? (I HAVE a degree in CS).
Poor documentation is usually caused by a poor writer. Most programmers don't write a single comment in their code. Fewer write more than a readme. Technical knowledge and knowledge communication are different abilities. Get someone that can write for humans.
Read my previous reply to myself, it's possible to write better documentation.
And Oh yes, I like dummy books. Those are wrote by people who doesn't think they are above mortals just because they know something others no, and don't assume the reader knows already everything. Why would be the point of reading the book then?
BTW, If you hate so much users why bother having them?

Re:Changes to Auth system

[silas_moeckel]

I mean that first tier documentation should be exceedingly technical this is what the programmer the programming team or possibly the tech writter assigned to such groupings should be writting it. Programmers dont write good manuals in general but they do need to cover the specifics in detail these things are often very cryptic to everybody that hasent been around the particular piece of technology before. But this is the level of documentation required for others to be able to realy use the application.

My general issue with for dummy's books is lack of technical detail they are not clear enough to limitations. Take for example two simple lines talking about remote systems connected to a server application here is the dummy's version at best:

The server can support hundred of users on a modest server.

A better version:

The server utilizes 1 48KB desciptor bound to OS memory block size per active session. The session unique identifer is arbitrarily a unsigned int as defined on the local system.

One just gives you no real information the other gives detained sizing requirements as to the session overhead and max count. Generaly you dont read technical manuals just as you dont ready encyclopedia's (not a great example) For dummy's books are arguably educational program documention should be referance.

I dont hate users I dont like users I generaly dont deal with users thats what help desk is for. If by users you mean System Admins I deal with them often mostly by fixing there issues.

Re:Changes to Auth system

Stick your thumb back in the azzwhole, weenier-dude and go back into the closet --- grope yer fav electromechanic blo-up dolly and GTF outa peoples faces got work to do.

Re:Changes to Auth system

[Keeper]

What's the point on writing documentation for an expert on the subject? They already know what they need to know (otherwise they wouldn't be an expert).

Software documentation is supposed to educate your user on how to use your software. If it is so cryptic that only someone who already knows what they're doing can understand it, it's too cryptic to be useful and was probably meant as a reminder for the program's author on how to actually use the thing -- not as end user documentation. Which sadly, is the state of most non-howto documentation I've found in the linux world...

This is not to say that documentation shouldn't dumb down everything so much that it becomes meaningless, rather it assumes a basic level of working knowledge and has additional documentation to define the bits that a non-guru would need to know (or at least references another document that does).

Re:Changes to Auth system

holy run-on sentence, batman! did you ever hear of punctuation? proofreading? spell-checking? your post reads like it was written by a very tired second grader. one reason there is so much bad documentation is because of people like YOU!

Re:Changes to Auth system

with a name like "silas moeckel," you think he's american? even if it's a made-up nickname, as i grant is entirely possible, would an american come up with "moeckel?" (as you may not realize, "oe" is a representation of an "o" with an umlaut.) he's more likely a native of a german-speaking country; english is not his native tongue. my guess is that YOU are a "product of the american public school system," inasmuch as you lovely folks seem not even to be aware of the existence of the world beyond your borders.

that said, though, you're right: wherever he comes from, and regardless of his mother-tongue, his english is wretched.

Re:Changes to Auth system

[ruud+awakking]

You said "MSCE".

You meant "MCSE".

That's all

Re:Changes to Auth system

[ruud+awakking]

You said "MSCE".

You meant "MCSE".

Please do not perpetuate this misspelling.

That's all.

Re:Changes to Auth system

[ruud+awakking]

Dear silas,

I would like to complain that you have abbreviated "Microsoft Certified Systems Engineer" to "MSCE" when the correct acronym is "MCSE".

So far not a single participant in this thread seems to have got this right.

That's all.

Re:Changes to Auth system

[Raafje]

He said MSCE, because he meant MSCE (MicroSoft Certified Engineer).
So please stop perpetuating this correction of yours.

Re:Changes to Auth system

[Raafje]

/me sticks foot in mouth quickly...

Re:Changes to Auth system

[thegoldenear]

>Does this mean I won't have to authenticate
>for every directory I access?

yeah you've got something misconfigured there

Re:Changes to Auth system

Will someone get this guy some commas? (Or, at least, documentation to make them?) Seriously, well written and spelled, man, but w/o commas to provide thought breaks, it is/was hard to read that.

Re:Changes to Auth system

So far not a single participant in this thread seems to have got this right.

Perhaps because nobody cares.

Re:Changes to Auth system

[silas_moeckel]

The point is to allow other documenters to make the more human readable source. The definitive technical documentation either has to come first or the origional expert aka the program team needs to make the human readable for dummy's type then write the hard core technical documentation and thats backwards. Your asking probably the wrong person or group to write the dummed down documantation when what should happen is to have an outside interpeter write the dummed down version after working through the expert material.

Re:Changes to Auth system

Yeah all those highly educated experts seem to have spelling issues. Maybe they should help write the documentation. :)

Re:Changes to Auth system

[Palshife]

Man pages are written from the standpont that you at least know something about what you're using. System call man pages don't teach you how to program in C, etc.

In the 5 years that I've been using Unix and GNU/Linux I've become more and more aware of the total product of system documentation. There is still a definite need for an all encompassing document to describe the system, (eg. the FreeBSD Handbook, various good Linux books) and a set of man pages that are updated with the software to describe the more granular points.

In short, man pages won't always make sense. If you run across bad documentation, chances are someone else thinks so and has done something about it. A badly documented product will not survive. Period.

Damn it!

Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.

Shit.

Re:Damn it!

Doesn't matter, if you're a true geek you'll still be doing it by yourself regardless of the version.

Re:Damn it!

it's only a little more complicated wiggle, and your wardrobe just ain't gonna tell anyone.

Re:Damn it!

[mod_critical]

Isn't that the truth. Don't get me wrong I love the software but (to play off that delightful "crash different" video) I feel as thought I'm not operating Samba, rather just sharing in the Samba experience. Should I happen to get XP to actually open one of my remote directories while the system is willing, all the better. This is based off an experience I've had two time where after configuring Samba I got errors from XP when connecting to that server. I play around for about 2 hours to no avail, then all of a sudden things start working after I don't make any changes for a little bit...

Re:Damn it!

[Chatterton]

Under win 98, from time to time he loose the password of the sharing. I can retype it all I want, impossible to reconnect. But if I change to another directory (local or not) and go back on the sharing, he will ask you the sharing password one more time and all return in order... Why? I don't know, but it can be very frustrating :(

Re:Damn it!

[fshalor]

This is a paraphrase from the Windows 2000 Professional Book from MS that we have.
"It may take anywhere from 15 minutes to over an hour for some things to work when computers are brought on and off the network. For this time, you may get messages which are inaccurate, indicating a computer is not available, when it actually is. Again, this may take from 15 minutes to well over an hour."
Of course, to them this is probably a feature!. :) As a general rule, I never test a change in any samba or windows share until an hour has passed from its implimentation. Then I reboot the windows client if it even looks like it isn't working after that time.

It's really brought down the stress level with dealing with MS shares. With ot without samba . :)

Re:Damn it!

[mod_critical]

Hmm, makes paid by the hour consulting sound pretty good for Windows techs :D

Lucky Linux users

[Rosco+P.+Coltrane]

always the first to get the nice stuff. I can't wait till the Windows port comes out ...

Re:Lucky Linux users

Still waiting for filedialog.c to be pathced.

Re:Lucky Linux users

[sonicattack]

Since some versions of Windows acting as an SMB server actually limit the number of allowed connections (that's Microsoft's Licensing for you), a Windows port of Samba actually wouldn't be that crazy of an idea for certain configurations.

Re:Lucky Linux users

[AstroDrabb]

Are you suggesting that AD is a good LDAP server? If so you are very wrong. AD really blows is and is very slow. I remember a statement from MS about them getting 2.x million entries into their AD server, at about the same time Novell announced 1 billion! The only reason any effort is made within the Linux community to work with AD is because it is needed to work in many MS networks. Also, AD is an LDAP server with proprietary crap tacked on that MS does not share. I think the Samba team have made some great gains with SMB and now AD all from reverse engineering.

Re:Lucky Linux users

[curious.corn]

Right, I'm no coder actually: some php and odd C walkthrough thingie to check out exploits. Anyway, excusatio non petita but here it goes: why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? M$ does kerberos proprietay? M$ AD is a vbasic LDAP server and some undoc binary protocol? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some .dll to log a M$ box into an ldap ssha or cert , standards kerberos environment? Why screw unix philosophy for M$isms? Ok, it's a flaming comment but really, is there a reason for not taking this road?

Re:Lucky Linux users

[cheezit]

Proprietary crap? Please elaborate.

The standard stuff is fairly standard. inetOrgPerson is available as an add-on (which I think is lame, but you can get there from here). Many of the other "compliant" directories have their own blind spots too.

The nonstandard stuff is sometimes doc'd, sometimes not; for instance, if you are expecting full docs on how GPOs are represented in the database, you will be disappointed. Then again, why would you code to their goofy extension?

One thing I think is *lame* is the 5k size limit on number of users in static groups. We are using dynamic groups/roles for some stuff, but static groups are a useful adjunct to that. 5k is just pathetic.

Re:Lucky Linux users

[cleverhandle]

pGina does essentially what you describe. It replace GINA and allows MS boxes to authenticate directly against an LDAPv3 server. But people who understand this stuff much better than myself tell me that this is not really a great solution. GINA is a fairly superficial authentication component, and replacing it doesn't make some of the more subtle bits fit together. Modifying the LSA (Local Security Authority) would be necessary to do the job properly. But, not surprisingly, documentation for it is not forthcoming.

Re:Lucky Linux users

[styrotech]

why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some .dll to log a M$ box into an ldap ssha or cert , standards kerberos environment?

There is an open source GINA implementation to auth against other services.


http://pgina.xpasystems.com/

I think it comes in two parts, one a general backend and there are a bunch of different auth systems.

Re:Lucky Linux users

I believe the 5k limit has been raised in Windows Server 2003.

Re:Lucky Linux users

[AstroDrabb]

I had problems moving a Java app and a php app that was using OpenLDAP in my dev environment to AD. I just wished they stuck to the LDAP standard 100% without any proprietary stuff added to it. Plus we have 110,000 employees in it as well as other junk. It can get a little slow at times with only 110,000 employees.

Re:Lucky Linux users

[marko123]

In the spirit of GNU/Linux, I think GINA should be prefixed with the initials of the state where the lead developer originated... Virginia.
(For non-US, that would be VA)

Re:Lucky Linux users

[ThePeeWeeMan]

Score: -1, Not enough M$-references.

But seriously. If you think AD is written in VB, I've got a GNU/Bridge to sell you.

Re:Lucky Linux users

[Alioth]

I wrote a replacement GINA for $BIG_PROJECT that I was on. What a nightmare.

Unfortunately, GINA doesn't do everything, and it is (or at least was when I had the misfortune to write a replacement GINA) very badly documented. We had a $40K support contract with MS to provide us development support for this, but it was a complete waste of money - they couldn't answer our questions. We ended up essentially reverse engineering msgina.dll to find out exactly what needed to be set for everything to work correctly (we were writing a complete replacement, rather than a stub GINA).

Re:Lucky Linux users

[wfrp01]

Proprietary crap? Please elaborate.

No, why don't you elaborate. Specifically, why don't you elaborate how to export user account and authentication information (i.e. userPassword) from AD to OpenLDAP. Or even the reverse: how to push authentication credentials into AD without passing cleartext passwords. And how can I authenticate my Windows logins against OpenLDAP, rather than AD?

Are these just oversights? "Blind spots", as you say? Hardly. It's a deliberate effort to confound interoperability and to compell the use of Active Directory rather than any alternative.

Open? Not.

Re:Lucky Linux users

[cheezit]

First off, the point of elaborating was to get past "AD sucks."

Export of passwords? Hmmm, given that the big metadirectory solutions have a problem doing this with non-AD servers, why should AD be different? They're called "salted hashes", by the way, and everyone does them a little differently. Exporting the clear password would be a horrible security problem.

How to push authentication credentials? If you mean importing accounts, then the above answer applies. You can always go over SSL as well. Do you mean implementing cross-domain trust?

And the reason you can authenticate Windows logins against OpenLDAP is that AD supports LDAP protocols, but Windows clients don't use it exclusively. AD may or may not be a great LDAP server, but I don't know that anyone has ever claimed that Windows boxes are vanilla LDAP clients.

AD is a MS product that has reasonable support for LDAP, not a great general-purpose LDAP server (then again I don't think openLDAP fits the bill either). My point was that some of the general-purpose LDAP servers have interoperability issues as well.

Re:Lucky Linux users

[Larthallor]

Let's just hope that VA Software doesn't try their own GINA implementation. I suspect that it would end up being susceptible to penetration by the Sobig virus.

Another bonus

[cleverhandle]

...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.

Great job, Samba team!

I wonder...

[slasher999]

...just how out of date I am running 2.0.10.

Re:I wonder...

Can I have your IP address sir?

Plz leave your system on so I can r00t it. Thanks.

Re:I wonder...

Just a remote root vulnerability.

Re:I wonder...

[BJH]

Up until last year or so, a machine I'd deployed at my old company was still running with 1.9.16 or so.

Under debian

[MC68040]

I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.

I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.

Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.

Also, that build is compiled with GCC-3.3 if anyone's interested in that.

Re:Under debian

[operagost]

So you've experienced several lockouts, and random slowdowns in performance, but it's no problem because you just restart and everything works fine?

Sounds like Samba really does work like Windows!

Re:Under debian

[trezor]

Except, you just have to restart samba. Not the entire system. But who cares about details like that :)

And it's RC1 - Release Candidate One. It's not a final as of yet.

Re:Under debian

[JKR]

Where did you find Debian packages for RC1?

Jon.

AD Controller Not Yet Suported

Just as an FYI,

From the 3.0 FAQ

The following functionalities are NOT provided by Samba-3:

*

SAM replication with Windows NT4 Domain Controllers (i.e. a Samba PDC and a Windows NT BDC or vice versa)
*

Acting as a Windows 2000 Domain Controller (i.e. Kerberos and Active Directory) - In point of fact, Samba-3 DOES have some Active Directory Domain Control ability that is at this time purely experimental AND that is certain to change as it becomes a fully supported feature some time during the Samba-3 (or later) life cycle.

The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...

Re:AD Controller Not Yet Suported

[cleverhandle]

"What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients."

Once they have AD controller support, that part is easy - and also not exactly Samba's job. Just create appropriate schemas for your LDAP server and have a Samba AD controller authenticate client requests via LDAP. What's not there yet is the ability to handle MS Kerberos properly - creating the Kerberos tokens in the proper format and passing them off to the client is more of a barrier than any LDAP protocol issue.

Re:AD Controller Not Yet Suported

[penguin_bear]

Dude, you're full of crap. Kerberos is the easiest part. LDAP is actually the hardest part so far. We just got support for GSS-SPNEGO (Window's preferred SASL authentication mechanism) this week (thanks to some awesome work by Volker). Then there's a bunch of AD-only controls and syntaxes that we're just begining to understand. True is, we can currently support an AD domain controller but it's buggy as all hell (mostly due to LDAP problems). That's not even getting into connectionless LDAP (see my latest presentation at last week's CIFS conference). - Anthony Liguori

Re:AD Controller Not Yet Suported

Expect Novell to do something on this soon - Active Directory is only crippled NDS code, after all...

Re:AD Controller Not Yet Suported

[cleverhandle]

I don't think we're disagreeing. What you're describing are the mechanics of the Windows client locating and authenticating against an AD controller. Yes, very challenging. Which is why I said "Once they have AD controller support..." at the beginning. That's a big, hairy issue that brings in LDAP as well.

I was only stating, perhaps incorrectly, that the OP's desire for a cross-platform directory service is not much of an extension provided that you have Samba mimicking an AD controller effectively. If you do, there's no reason you could not have that psuedo-AD controller pull its information from an OpenLDAP/Kerberos combo that provides authentication and account info for *nix clients as well.

Correct? Or not? You clearly understand the details better than I do...

Re:AD Controller Not Yet Suported

[lkaos]

Ok, this is my real nick, before I was responding from my girlfriend's account.

So here's the deal. AD domain controller support is really a nebulus phrase because it involves a lot of different things. Before the end of last week, an OpenLDAP server could not fool most AD clients into thinking it was a Windows LDAP server. This is no longer true though since we know have proper GSS-SPNEGO support.

I got Windows client authenticating without modification to a Heimdal KDC quite a while ago (with fully signed PAC etc.).

What's really missing at this point is actually a number of RPCs in Samba. Problem is these RPCs are coming directly over TCP (normally they're part of a named pipe over SMB) and they are encrypted. We should be able to figure these out soon enough though.

What's most interesting though is that of all CIFS vendors, Samba is by far furtherest along in AD compatibility (well... sort of).

Re:AD Controller Not Yet Suported

[Tokerat]

Ok, this is my real nick, before I was responding from my girlfriend's account.

I guess it's true after all...the only /.'ers who can get girlfriends have to be on the Samba team or something. :-(

Re:AD Controller Not Yet Suported

[operagost]

They've again left out the last piece necessary to eliminate Windows servers from the datacenter- proper domain controller support. I'm very disappointed. The reason this is a show-stopper is because you will have to either use Windows domain controllers or set yourself up for a single point of failure.

Re:AD Controller Not Yet Suported

In my experience the Kerberos issues are as complex as those related to LDAP, particularly once you start dealing with name canonicalization and cross-domain trust relationships, let along constrained delegation and protocol transition - Luke Howard

Re:just an RC

[cduffy]

Depends on the team. What some people release as "just an RC" others release as final and still others hold back as alpha or beta. Saying "release candidates are always garbage" takes nothing into account wrt the release management style of the programming team in question.

Now, if you had something to say about the quality of the Samba team's RC releases in particular, that'd be worthwhile -- but given how long the Samba 3 *betas* (not RCs, mind you, betas) have been stable, I doubt you'd be saying much the same thing.

Cool feature that is easy to miss

[Gerdts]

As I was reading the announcement, I missed item 42 (Added win2k3 shadow copy operations to VFS interface). Taking a look at the discussion on the samba-technical list, this seems like it is a very cool feature. It paves the way for being able to look at snapshot file systems (Veritas, UFS, LVM, etc.) and even creating a VFS interface that will allow you to browse the last 64 revisions of file a CVS repository. Very cool.

Now, I would just love to see this in smbfs.

Re:Cool feature that is easy to miss

[pirodude]

That's freaking awesome. Didn't microsoft just start advertising this?

Re:Cool feature that is easy to miss

[afidel]

The problem is none of the Unix filesystems do snapshots the right way for a client facing system. They all do a whole filesystem at a time snapshotting, not just change vectors. MS and Netapp on the other hand do it correctly and simply store the changes. This makes snapshots of infrequently changing data take up significantly less room. Veritas style snapshots are really aimed at datacenters that want to be able to backup their database to a certain point in time while not effecting the live system. The one thing MS does wrong is place the revisions in a FIFO buffer where the 64th oldest backup is always the one that gets pushed off, I would like to be able to do things like you can on the netapp and make hourly, daily, weekly, and monthly backups, with the MS solution you can only keep a couple days back if you want to do hourly backup points.

Re:Cool feature that is easy to miss

[jelle]

AFAIK, lvm snapshotting on Linux only stores the differences.

Re:Cool feature that is easy to miss

[maj1k]

do you honestly think MS would give that away for free if you could do more than 64 backups? i'm sure the over-priced "enterprise" edition of this will have unlimited snapshots.

Re:Cool feature that is easy to miss

[pantherace]

hmm... sounds like something incredibly easy to implement via samba on openvms (just a wrapper, because openvms does this. (frankly linux AND windows need to catch up to this feature, which is built-in, and limited only by disk space.

Re:Cool feature that is easy to miss

[Gerdts]

You are completely wrong on Veritas checkpoints and UFS snapshots. Veritas checkpoints keep a bitmap of the blocks that have changed and does a copy-on-write of only the blocks that change. As such, the following are true

• If you remove a 1 gig file, only a couple blocks will change. One block will be the one that stores the directory entry. Another will be the one that contains the appropriate inode table. Any others will be the ones that store the free block bitmap. The odds are that other file system operations have already caused the copy-on-write (COW) for the inode and free block bitmaps. As such, most likely the only change will be to a block of the directory.
• If you change 1 byte in a terabyte file, two blocks may change. One will be the block where the byte is stored. The other is the inode for the file so that mtime (modification time) field can be updated.
• Adding a file is very similar to the situation found when removing a file.

Depending on the Veritas product used, you may be able to mount your snapshot read-write.

UFS snapshots (introduced in a patch to Solaris 8, standard on Solaris 9) allow you to store the changed blocks on a different backing store (another file system). If you look at the file used on that other file system with ls -l, you will see that it is the same size as the file system. Using du, you will see that it is only the size of the changed data.

On the other hand, you are right when talking about similar things on high-end arrays. For example, on an EMC Symmetrix you can create a Business Continuance Volume (BCV) which is esentially a third mirror that gets synced and split off. On a HP XP, you can create a Business Copy (BC). In this case a RAID5 mirror of your RAID5 data is synced up and split. These are commonly used for backups so that you can mount the disk on your backup server and completely bypass your database server when backing up your 5 terabyte database. Another useful feature of this is for having and instant restore in case an upgrade fails or doing data refreshes to test, staging, and development servers.

Watch the free coders out code MS when...

...MS agrees with agrees with everyone else in a public forum on a standard before implementation. Until then, we're reverse engineering and always behind the curve - by design.

Re:Watch the free coders out code MS when...

[afidel]

Actually it's funny but the guys on the SAMBA team know more about the SMB protocol than anyone currently working for MS. I remember reading a tech conference note from one of the team members back before 2.0 went final and he had talked to one of the senior design guys from MS and the guy couldn't answer some questions about the reasoning behind the design of certain parts of SMB, he had simply inherited the codebase and designed extensions to it to do the new things for windows 2000, he knew very little about the history or design behind the overall protocol framework. Don't attribute to mallice what can be more easily explained by ignorance =)

Re:Watch the free coders out code MS when...

[...]
> he had simply inherited the codebase and designed extensions to it
[...]

And then people are surprised when security holes show up :-|

Re:I'd like to be enthusiastic

[1010011010]

Ok, which moderator didn't recognize this as a troll?

Re:Samba wha?....

[pirodude]

Except there are many situations where it is impossible for everyone to just go ahead and install linux. I'm all for running linux, but in the "real world" people still run windows. If I can install a linux server running headless in the corner of a small office handling all of the file sharing/printing needs of that office, I'm happy. Programs like samba are important to show people that linux is a good operating system to use, even if it is just serving files.

Re:Samba wha?....

[1010011010]

Isn't NFS good enough?

No. How much security does NFS have built-in? Exactly none.

Re:Samba wha?....

[sg_oneill]

Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?

You don't have to install it Richard. For those of us with jobs to do however, this is a big step forward.
NFS is fine and all, but its limited to really unixy networking.

That said Active directory actively puzzles me (as does LDAP). I guess its back to the books again. I guess my windoze knowledge never did advance much beyond NT4.

Re:Samba wha?....

[geogeek6_7]

On a small scale, it seems that such crossover projects hurt Linux. On a large scale, however, the picture is quite different.

Anyone who has administered large numbers of computers knows that sweeping changes are nearly impossible to execute. This is not due to technological restrictions, but rather those of the social variety: people don't like change, and require help in adapting. They need a period of migration.

If there is no way to migrate, large scale deployments of Linux will be avoided-- it simply costs too much to change things without a smooth transition.

For this reason, Samba does not hurt Linux. It should certainly be noted also that Samba actually does alot of Windows networking things faster than Windows it self-- there are benchmarks kicking around to this effect.

So not only does Samba allow easy migration, but it allows interoperability between platforms and a superior solution to existing applications.

~geogeek

Re:I'd like to be enthusiastic

I think you're trolling, but I'll answer anyway. First of all, Active Directory is a Microsoft-specific directory services protocol, it's not an open specification that the Samba folks can go and download and implement. If it weren't for the Samba people, your only option would have been to purchase Windows 2000/03 Server for Active Directory support.

Furthermore, you've clearly never reverse-engineered a protocol before. Since Microsoft doesn't release specifications for Active Directory interactions, the Samba team has to pretty much capture thousands of packets as a workstation logs in, then logs out, then logs in, then logs out, etc. and stare at the data for weeks or months to figure out how to emulate the AD logon. And then they have to do this for domain discovery, resource sharing, and all the other operations that AD supports. To do this for an entire suite of functionality can take years.

Frankly, I'm surprised and pleased that they've managed to build the excellent support they have for MS' network protocols, and I think the Samba team deserves some congratulations. Thanks and keep up the good work!

Which is why...

[mrscott]

Linux is still where it is. It's part instructions and part attitude. Attitudes like "leave it to the pros" is extremely condescending. I'm not saying that a newbie will be able to get Samba 3 up and running in 2 minutes, but when a Windows server can be had that can do it out of the box with very little administration, people will think twice.

Re:Which is why...

[shibashaba]

I would much rather see the distro makers come up with tools to set stuff themselves for their distribution rather than the developers of the indivudual projects spend a ton of time doing it themselves. That way they can get stuff out faster for the early adopters who are probably familiar with the software anyway. How many people new to linux/unix are really interested in jumping right in with a bunch of beta software/just released software?

Re:Which is why...

[pantherace]

I'm working on it :) (and need testers...)

I just got back from a weekend retreat, but I have written a script/gui for doing this, and it works fine in production (where the people know what they are doing) but the setup is pretty automatic, and the gui (based on kommander (part of quanta atm)) allows a simple gui interface to the setup, which should all work, but as I said I need people to play with it and break things!

It should work for gentoo and redhat, atm.

sloppyadm.sourceforge.net if you are interested in helping.

Re:Which is why...

[jonadab]

> when a Windows server can be had that can do it out of the
> box with very little administration

That would represent a very radical change in Microsoft policy.

Don't get me wrong, NT has some things going for it, but "doing
it all out of the box" isn't one of them. All that stuff is
*available*, of course, and once you install it you have a
pretty decent system, but it's not included OOTB. The reason
for this goes directly back to Microsoft policy: the OOTB system
is a base platform with basic functionality, suitable for the
majority of users who have simple expectations. The minority
who need features can obtain them separately. (Time was when
they obtained them separately from third-party software vendors.
These days with a few exceptions it's mostly either direct from
MS or ports of OSS stuff free from the net. But the principle
is the same.)

Out of the box, Windows systems are junk. You have to download
and install a couple of gigabytes of software to make a Windows
system useful. They don't ship with Apache, or a decent Java
vm, no python, no decent command shell, no decent text editor,
no secure shell server (critical for most servers, especially
headless servers), ... They don't even ship with Perl, for crying
out loud. *Every* OS ships with Perl -- well, pretty much every
non-handheld OS that matters, except Windows and VMS.

After you download and install a couple of gigs of software,
then your Windows system starts to become useful.

Most Linux distros have the reverse problem -- three or four
competing implementations of almost everything, with notable
singleton exceptions like (oooh, back to topic) Samba, and
ten or twelve competing implementations of some things, even
more of certain key things (shells, window managers, ...).

Samba IMO could use a competitor (that runs on something besides
Windows). Just one competitor, though, not four or five or six.
Preferably one written in a VHLL, and written in a more modular
and flexible fashion so it can do things like support for multiple
network/transport layers for compatibility with systems that are
configured not to route NetBIOS over TCP/IP.

Re:Which is why...

[operagost]

I don't see how the fact that Windows doesn't ship with Apache is relevant. After all, IIS doesn't ship with any Linux distributions I know of. I'm also curious as to what constitutes a "decent" command shell or text editor for you. *nix people still battle over vi vs. emacs, for crying out loud. There is also a secure shell included- terminal services.

Re:Which is why...

[pAnkRat]

...
> but as I said I need people to play with it and
> break things!

Hey, Butthead...,
lets get this stuff this dork is talking about.
Lets BREAK it!
YeahhY!!
HHiiihihiii....
HHmmm break it, .....

Hu Hu, yeah, breaking stuff is cool

Re:Which is why...

[arivanov]

Windows server cannot be "had out of the box". Tuning a windows server and adjusting a windows server for a "slightly non-standard" setup require 10 times more knowledge on the matter then putting a Samba box to do this. In btw, your average MSCE has no idea whatsoever on how to do this.

P.S. I am not even talking about securing a windows server and using a sane access policy to it.

Re:Which is why...

[j-pimp]

*nix people still battle over vi vs. emacs, for crying out loud.

First of all we battle over VIM vs Emacs. Secondly this is completly irrevelant to your argument. Linux ships with 2 text editors that kick the shit out of notepad. And I have minimal knowledge of emacs and find it to be notepads superior. So don't give me any learning curve arguments. Terminal services is only available on XP and advanced server. Also, there is no secure remote CLI. While not essential for a headless envirorment, very useful for a shop built on the autimation script mentality. Do not compare ssh to terminal services. If you want to compare ssh tunneled X or VNC to terminal services, that is another case entirely.

Re:Which is why...

[ruud+awakking]

Dear arivanov,

Along with many other participants in this thread, you seem to be referring to something called a "MSCE". I have absolutely no idea what one of these is. Perhaps you could enlighten me?

Thanks.

Re:Which is why...

[lateral]

MicroSoft Certified Engineer, I believe. Not a high-status monikcer around these parts.

L.

Re:Which is why...

[jonadab]

> I don't see how the fact that Windows doesn't ship with
> Apache is relevant.

I was trying to be nice. Allow me to rephrase so as to be more
clear: "Doesn't ship with any web server software that isn't
so infamous no sane sysadmin would permit it on his network".

> I'm also curious as to what constitutes a "decent" command
> shell or text editor for you.

A decent command shell is one that's good enough you can easily
do all your file management from it, so that you don't need a
GUI file manager. One critical feature of a decent command shell
is the ability to put the output of one command on the command
line of another command, but there are other key features.

A decent text editor? Of course I mean Emacs, but I can make a
*lengthy* list of important features that are present in twenty
or thirty major text editors but absent in the ones that ship
with Windows. The ones that ship with Windows don't even have
basic macro capabilities, for crying out loud.

> There is also a secure shell included- terminal services.

I thought terminal services was a thinclient server? Maybe I
was confused about that.

Re:Which is why...

[steveg]

Ahem.

Microsoft Certified System Engineer

So it's MCSE, not MSCE. Which was what OP was getting at.

Still not a very high status moniker around these parts, nor most others really.

But if you're going to sneer at them, at least sneer at the right people.

Re:Which is why...

[lateral]

No sneering intended, not sure why you think I was, but sorry if you read it that way.

L.

Re:Which is why...

[jo42]

Big diff:

Microsoft Certified Solitare Expert
or
Microsoft Solitare Certified Expert

One groks RPN, the other doesn't...

q from a newbie

can anyone tell me what exactly samba does ? is it the linux implementation of the filesharing thing in windows where you right click on a folder and share it out to the lan so i can access it like \\machinename\myfolder\ in explorer

what does linux usually use for using that simple method of folder sharing, does it has its own version or does it use this samba can windows see linux folders and drives if its connected to the lan

thanks and sorry for the q but linux for amateurd is pretty daunting

David

Re:q from a newbie

Samba runs on a Linux/unix server, and lets Windows clients think they're talking to a Windows server.

So, you can share files and printers just like you would if you were running a Microsoft-based server, but without paying for an MS licence.

This is possible because originally MS' file sharing standards were published as an (incomplete) open standard, and many patient developers have figured out how to make it work.

A pure Linux network can also be configured with shared files and printers from a central server. There are a few standards that let you do that; most commonly the standard that's been around for a long time is called NFS.

Re:q from a newbie

thanks , sometimes this site presumes everyone is an expert already when some of us are still trying to make the change

all the best

David

Re:q from a newbie

[afidel]

In fact SAMBA makes a BETTER print server than windows, at least if you add a little glue. Cisco systems has only two print admins for thousands of printers at hundreds of sites around the world, including many in manufacturing facilities that are absolutly mission critical (no labels or packing slips means nothing goes out the door). The man behind Cisco printing added a database and distributed printing system to SAMBA and made CEPS or Cisco Enterprise Printing System. We lost our local linux print server one day but other than a little longer queue time for large docs no one noticed because a remote print server took over the queue and handled all the functions from the failed unit. For more info see the Ceps project at sourceforge.

Re:q from a newbie

We recently dumped all our unix print services because of some many problems. Many times a day certain pdf files would cause the printers to go into a death loop when sending the documents across samba. It would repeat the job for weeks! Now that we host in on Windows we haven't had to kill a hung print job since March.

BUT DOES IT RUN LINUX

[slash-tard]

Does this run linux or not?

You have to crawl before you walk

[gregmac]

Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?

One of the steps towards linux-only is getting the servers on linux. Linux servers are becoming very popular, but that doesn't mean that every place has them yet, let alone linux workstations.

Many IT departments have already replaced some (or all) windows servers with linux servers, running Samba to provide the same services to their workstations. If Samba didn't exist, they wouldn't be switching their servers to it, since it would be incompatible with their existing windows servers. Nobody is going to upgrade if it means they lose features (namely, all the features samba provides).

There is just beginning to be a move towards linux on the desktop, and there have been a few articles on /. about it recently. My personal view is that it's not quite there yet, but close. I just work at a small company, but likely within a year I will have linux on the desktops. Some companies are beginning to roll out linux workstations, but not that many. And certainly not many enterprises.

You even say it yourself:

I've already gone 100% Linux on any networks I can.

Why not all of them? Without samba, it would basically be either 100% linux networks, or 0% linux networks. At the most, linux would be limited to being a router, NAS, webserver, etc.. which isn't bad, but it's leaving a monopoly on a fairly critical service (authentication) to one platform.

Real pros can do a hell of a lot more than...

...just set up a Samba box. The documentation is dense for a reason; the authors cram as much factual information per sentence as possible. You may find it difficult to read, and may believe that setting up a 2K or XP AD/Domain is on par with planning a large scale client/server deployment, more power to you. When it's time to take a job and get paid doing more than departmental level administration, you'll discover that it takes project planning skills combined with extensive knowledge of the underlying technology to do a competent job. Sorry if that sounds condescending, but that's how the real word works. And BTW: this fact has nothing to do with Linux, UNIX, or any other OS. Professionals who deploy large numbers of Win boxes must deal with the same issues.

Re:Real pros can do a hell of a lot more than...

Professionals who deploy large numbers of Win boxes must deal with the same issues

Professionals would never deploy large numbers of Windows boxes!

Unless that's the oldest profession you're on about...

Re:Samba wha?....

[Large+Green+Mallard]

I personally don't think it's flamebait, it's a valid comment. But just misinformed and poorly approached. The fact he has his signature in the comment and not as a specific signature (which I have turned off) does increase his newbie rating, but whatever.

Samba isn't just Linux, I run Samba on a Solaris box. Unfortunately, at this point in time, you still need Samba and Microsoft, but as Tridge has said, in 20 years time, people will still be using Rsync, but Samba will have been forgotten.

Re:Samba is useless

Perhaps if you spent as much time looking for hardware that only works with windows on looking for hardware that works with linux, you'd not be in such a jam.

this bugs me

[escape]

its great that so many people can get samba and not have to worry about windows clients and whatnot, but im getting sick of the open source developers complaining about how crappy the smb protocol is and dont do anything about it. atleast the windows developers created something(even if it sucks) other than reverse engineering everything to making linux/X/whatever look and act like windows. create something better dont copy. they say microsoft isnt inovative, well niether is the open source community.

Re:this bugs me

[styrotech]

Samba isn't about creating a new 'innovative' network file system - it's about a tool for interoperating with the widest spread legacy protocol out there. And if you have noticed, MS isn't exactly keen on adopting any of the innovative open source ones like OpenAFS or CODA etc.

There are plenty of innovative open source protcols out there, but how do you expect them to be adopted when just about everybody else (ie MS) won't use them? And in the meantime you'd deny the usefulness of Samba?

It's a chicken and egg situation, and Samba breaks that. Samba allows Unix/Linux/*BSD to interoperate with Windows networks. Then once open source stuff is installed widely, then you can start using other open standards.

Re:this bugs me

[shis-ka-bob]

I don't understand your issues. CIFS/SMB is a protocol controlled by Microsoft. The Samba team has no ability to 'do anything' about the protocols. The EC may have the ability to force Microsoft to release full documents of the protocol, but the Samba team can only ready what they can and reverse engineer the rest.

There are plenty of of more elegant solutions for filesharing that have been developed and implemented in an open manner. AFS was designed at CMU and OpenAFS is largely the result of U of Michigan. This is certainly inovative and it is also open source. Painting 'open source' as a monolithic entity is silly, you may as well say that "I knew an MIT grad and he was a git, so all MIT grads are gits."

I have no reason to make Linux 'act like' Windows at home, where I can run a LInux network. However, at work I don't have that luxury. Networking with Windows is a reality. For this, Samba is an amazingly good piece of kit.

Re:this bugs me

More to the point, why are M$ still extending a crappy protocol originally written for LAN Mangler?

It creates even more broadcasts than Netware's SAPs used to, is shit slow on push copying, and takes so long to synchronise that it may as well be manual.

Re:this bugs me

[drinkypoo]

You don't even have to create shit from scratch, the tools are there, they just shit themselves often. It would be nice if, say, coda were stable with whatever feature set it currently has, and had some nice user tools. So in that sense there are complete projects to be done. Or even afs. I don't give a shit really, but something, anything with some more interesting design has got to be better than the crap we're using now. You can always treat a more advanced filesystem like a less advanced one if you want to for some bizarre reason. (Which will probably involve windows.)

Mac OS X integration?

[PrimeWaveZ]

I know that GimpPrint will make it into Panther, but I think it would be great if some version of Samba 3.0 could make its way into Mac OS X 10.3. The best reason being that Samba 3.0 is supposed to support the signed transmission security that Windows Server 2003 implements. Rock on!

Re:Mac OS X integration?

[davebo]

I think it would be great if some version of Samba 3.0 could make its way into Mac OS X 10.3.

Some version did.

Re:Mac OS X integration?

[mr_tap]

Please mod up the parent post as it contains the link stating that OS X 10.3 will have Samba 3

Re:Mac OS X integration?

[PrimeWaveZ]

Much as I love Apple, and they've made announcements, we will see for sure when it arrives in my mailbox.

Re:Mac OS X integration?

[davebo]

When has Apple ever failed to deliver on their promises*? I think you need another glass of the kool-aid.

*excluding OpenDoc, Bedrock, Copeland, Yellow Box for Windows . . .

Re:Mac OS X integration?

[squiggleslash]

Only Panther Server. Apple does routinely vary the versions of open source packages between the server/desktop versions of its OSes. For example, Jaguar ships with Apache 1.3, whereas the version shipped with OS X 1.2 Server is Apache 2.0.

Apple may stick with an older version of SAMBA for the client if they judge it to be more stable: including it with the server is likely to be because it has compelling new features.

Re:Mac OS X integration?

[PrimeWaveZ]

My primary concern wasn't with Apple, as much as it was with the Samba project itself. Should Samba not be 3.0 final by the time Apple wants to GM Panther, it would be a difficult decision wether or not to ship a final OS version with beta software in the mix.

Given, a SW update would not be difficult, I'm sure there is more beta SW in the OS distribution than I'm aware of. Just my mind wandering.

Re:Samba is useless

[finkployd]

I'd suggest you keep trying, as tons of people use it daily at home, small offices, major corporations, and large universities. Not exactly "useless". More like one of the most popular open source projects.

I suggest getting in touch with your local linux user group. I'm not sure why you had problems with help forums and documentation, but someone local to you wuld probably be able to walk you through it.

Finkployd

First Post

Holy crap i got first post

Ben Franklin?

[SuperBanana]

--Ben Franklin
Programmer Analyst
Davenport, FL

Man, couldn't he find a better place to live?

Re:Ben Franklin?

[Wumpus]

Have you seen his house in Philadelphia? It's nothing but a steel frame. No wonder he moved.

Re:Ben Franklin?

[AstroDrabb]

Hey, Davenport is a great place to live. Ben is 10 miles from Walt Disney World and 25 minutes from Orlando. Ben got tired of all the snow up in Philly and moved to sunny Florida instead.

Re:Ben Franklin?

[aminorex]

Ah, but his *MINT*, that's where he spent all of
his time when he wasn't off in Paris being waited
on by Aristocratic coquettes calling him "mon cher
papa".

Wins support

[archen]

Anyone know how the wins support is? It looks like samba 3 will finally be able to replicate. Currently Samba can't replicate with NT servers, or as far as I know, even with other Samba servers. That sort of limits Samba in terms of redundancy. Is adding static entries to WINS new as well? I don't recall ever seeing that in the samba 2 documentation - that's been an unfortunate hang up where I work.

Re:Wins support

[An+Onerous+Coward]

What the hell are you talking about? Do you really want your Windows computers and your Unix computers replicating with each other? Right in the server room? When your boss walks in and sees two Intel boxes replicating right there on the server room floor, just what are you going to tell him?

And just what will the offspring of this Windows/Unix replication be like? Will its NT kernel be able to handle Unix-style system calls? Or will the offspring be a penguin with Bill Gates' face?

No matter how I look at this, I just cannot see that this "replication" can be a good thing. You're going to create an abomination that will bring only misery to the world. Keep your computers on opposite sides of the room, with very short power cables, or you will doom us all.

/me goes off to look up "replication."

Re:Wins support

Don't worry about it... MS WINS servers don't replicate either

Re:Wins support

WINS is going away anyways. It was supposed to be dropped in 2003 but it still made it in...probably for backwards compatiblity. They are trying to go to straight dns model.

Re:Wins support

[sean.peters]

Must... not... make... "I, for one, welcome our new masters"... joke... here

Sean

Re:helpiamlost

[shis-ka-bob]

You have entered a strange dimension where geeks rule and Samba has nothing to do with a racial slur.

Re:Samba is useless

[BigBadBri]

North West of where?

If it's the UK, try Hadfield (aka Royston Vaisey)

It's about 10 minutes walk from here, and I don't slag Samba (good people working to fix a bad protocol), just SMB and Microsoft's insistence on sticking with it.

Are you local?

Parent is SAMBA hacker, +Informative

n/t

Re:Samba wha?....

[Kunta+Kinte]

No. How much security does NFS have built-in? Exactly none

Care to back that up?

NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.

I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.

Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.

But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.

Re:helpiamlost

[Ataeagina]

Samba is a racial slur? I always thought it was a type of dancing... Was I wrong?

Re:I'd like to be enthusiastic

[Durandal64]

Samba 3.0 has been in development and beta for quite some time. Those builds have all had functioning AD support. So they're not "just adding" it. They had to reverse-engineer it because Microsoft don't companies to have a choice outside of their shitty products. So yeah, go out and buy Windows 2000 Server. The rest of us will just download Samba 3.0 for free.

Idiot.

Samba is the greatest

[codepunk]

Samba makes it very easy to get a linux box on a customers network. It also allows me to undercut the hell out of competitive bids in our area. All we are competing against it a bunch of vendors in the area and all they know how to do is windows and MS products. This allows us to completely smear any and all bids we run against them. We are doing it as much as we can right now because as linux spreads it is going to get a whole lot harder to do this and still make the profits we are making.

Re:Samba is the greatest

But jesus...do your clients know that you're equipping them with dodgy, third-rate hobbyist software that may not even have a legally licensed implementation of the SMB protocol. I'd hope your competitors bring this to light, because in the end signing on to use Samba is probably just as risky as using Linux what with the SCO situation.

Re:Samba is the greatest

[codepunk]

SCO what who is SCO?

Sure they always try to throw those arguments, but let me be the first to tell you that joes manufacturing company only cares about the cost not what operating system they are running.

Re:Samba is the greatest

dodgy, third-rate hobbyist software

He said they were ALREADY using Windows, right?

Stupid question...

[CyberSnyder]

Has samba ever been such a good implementation of M$ that it's fallen victim to viruses that are targeted at one of the M$ variants?

Re:Stupid question...

[devphil]

If you're talking about the viruses that simply "infect all Word files it can find, even on network shares," for example, then running Samba instead of Windows makes no difference. The infected client simply sees a share like any other -- that being the whole point, after all. The Samba server simply sees a write request like any other.

So yes, files shared via Samba can be infected, if it's that kind of virus.

Exploits that try to break into a Windows file server directly (as opposed to writing to exported files) will almost certainly fail for what I hope are obvious reasons.

Re:Samba wha?....

[Kenshiro70]

Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?

No, this is exactly what is needed to displace Mictosoft. Other than email, the second biggest use by client computers of a server is for file-serving. No matter how good Linux is, Microsoft has an iron-clad hold on that area for Windows clients, because users can browse and print through the interface they know so well. If that can be subbed out in a way invisible to the user, the reason for having Windows servers gets a great deal weaker. Breaking Microsoft's server hold is critical - if they can't control the protocols that they talk to the client in, then they cannot create propietary standards on the client, which eventually allows real competition.

Being a good implementation

[TCaM]

of a specification or protocol does not mean it has to be full of buffer overflows just because the "real" version is.

Re:I wonder....

[wolrahnaes]

think about it...what is the primary reason to run samba?

give up? it's integration in to a Windows network. there are other network share protocols that work on basically every other OS, and would be the first choice for networks containing only those OSes (i.e. NFS for *nix nets, Appleshare for Mac nets)

Most people who run samba will simply be wanting to access the data the same way they would on their windows box. using the same commands will make it simpler on them.

Usually when the subject of windows imitation is brought up, I don't like it, but this is one situation where it is very useful.

Lets say you have a WinXP box that you need to get a PDF off of and on to a few of your systems. Which is easier:

1.
Go to Win2k box, run "net use * \\WinXPBox\C$"
Go to Linux box, run "smbmount blah blah..." (sorry i havent used smbmount in forever)
Go to OS X box, mount it however that does it

or

2.
On all boxen, run "net use [chosen mount point] \\WinXPBox\C$"

obviously using the same command everywhere simplifies things.

Windows did SMB first, and the point of SAMBA is to duplicate the SMB services that Windows offers, so logically unless Microsoft did something so horribly wrong that most users would prefer doing things a different way, make the command identical.

Looking for some info.

[trippinonbsd]

Where would one look for some good solid infomation on what all these buzzwords such as "shadow copy" and "active directy" accually mean? Ive seen those horrid 2003 server ads, but what do these features accually do?

Re:Looking for some info.

http://www.microsoft.com/windowsserver2003/techinf o/overview/scrfaq.mspx
and
http://www.microsoft. com/windowsserver2003/techinf o/overview/activedirectory.mspx

Both straight from the source, and both easily found on Google.

Google it!

Re:Looking for some info.

[ctr2sprt]

Active Directory is basically an LDAP directory server with Kerberos 5 authentication. In case you don't know what those are either...

LDAP servers are pretty much quasi-object-oriented databases (LDAP is the protocol used to talk to the server). On a Unix-like system, you could store all the user information (/etc/passwd, /etc/shadow, /etc/group, everything) in an LDAP directory. But you can really store anything in an LDAP directory, such as the complete DNS database for a server. This can be handy because LDAP has replication and such built right in, so you no longer need to worry about DNS replication. These are the two big things stored in the Active Directory in Windows (user information and DNS records).

As for Kerberos, it's a secure authentication mechanism. The whole process is kind of complicated, but here are the basics. When you log in to a Kerberos domain (this is just a normal domain login for Windows) what you are doing is requesting a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC). The TGT is returned, encrypted. If your password decrypts the TGT properly, you're logged in. Note that your password never goes over the network! Now you want to access a service on another machine in the same domain. You give your TGT to the KDC, asking it for a ticket to the specified machine. You get the ticket back, then provide it to the server. The server verifies the ticket similar to how the TGT is verified at login, and if it passes, then you've identified yourself securely. This means you don't need your password at all once you get your TGT, unless for some reason you need to get a new TGT. So Kerberos is both a secure authentication mechanism and a single sign-on mechanism.

Believe me, all this is a huge leap forward for Microsoft. Even though they keep adding proprietary bits to both LDAP and Kerberos, they are at least getting on the open standards bandwagon. And technologically, this is all far superior to the way Windows NT did things.

Re:Looking for some info.

http://www.pcwebopedia.com/TERM/A/Active_Directory .html ... pcwebopedia.com is always a good place to look. failing that jargon.org is pretty cool too.

Re:helpiamlost

and what about being a gimp user?

Re:helpiamlost

[helpiamlost]

Help I'm IP banned!!

Re:I wonder....

[whereiswaldo]

so logically unless Microsoft did something so horribly wrong that most users would prefer doing things a different way, make the command identical.

I agree with your reasoning, *except* they said replace existing commands. If they had said "augment" existing commands, I would have been satisfied. Right now, it sounds like the same thing with using some command with a cryptic command-line argument to replace ifconfig.

thats nice and all...

but it would be nice if newbies didnt have to run a webserver just to configure Samba

Re:thats nice and all...

[omega9]

If you were able to complete your tasks in the most efficient manner possible, then you wouldn't be a newbie. Barring that, the easy way out does often require you to run otherwise unneeded service just to make the task easier.

Also, you don't need a webserver to run SWAT. SWAT is handled by xinetd (inetd if your distro is a bit dated) and listens by default on port 901. No webserver needed.

Re:Samba wha?....

Crash course

AD = DDNS + LDAP

The Samba Docs

[Kris+Magnusson]

My friend, John Terpstra, wrote those docs. Way to go, John! Your long hours paid off with a compliment on Slashdot! Your life is redeemed! ................ kris

Re:just an RC

[2057]

all i really meant was there were like posts saying "v3 sucked i had to switch to v2" and those werent really fair because this is still a release canidate, and even if the betas were "stable" that still doesnt make them perfect, a point which i was trying to make.

Re:Samba wha?....

[cgleba]

I have *really* wished for years to be able to do the reverse -- get Windows machines to talk NFS. Unfortunately I have yet to find a stable, reliable fast NFS client for Windows. . .

Re:Samba wha?....

[1010011010]

Well, that's excellent news.

Re:Samba wha?....

[Paul+Jakma]

How much security is NFS supposed to have built-in? Exactly none.

(it can make use of security contexts, eg for permissions checking of file access - but establishing those security contexts is /not/ NFSes job).

So where should that security be then? RPC.

(see Solaris and most commercial Unixen also OpenBSD for implementations of the more secure types of RPCSEC than the default AUTH_UNIX. Also, Linux 2.6 should have the secure AUTH_GSSAPI RPCSEC method, hopefully.)

Re:just an RC

[cduffy]

Ahh.

Dunno, though -- I'm (strongly) guessing that these folks are suffering from configuration issues more than anything else. A release candidate, after all, is something which actually *could* become the .0 release (unless, of course, you're Linus... *sigh*).

As a result, a RC generally won't have known issues large enough to prevent release -- because if it had such known issues, it wouldn't be eligable for .0 designation. A few scenarios, therefore, present themselves:

1. The folks complaining about Samba 3.0 here had severe configuration issues (failure to RTFM).

2. The folks complaining about Samba 3.0 here are basing their complaints from a release *prior* to the release candidate.

3. The folks complaining about Samba 3.0 here are hitting bugs obscure enough that the maintainers didn't know about them when deciding to make this a RC release.

4. The folks complaining about Samba 3.0 here are hitting bugs minor enough that the maintainers are willing to release with them in place.

No doubt the truth is a mix of these -- but I'm guessing that a strong majority of issues encountered will be of the former two varieties.

Re:Samba wha?....

[afidel]

I've had good experience with Reflections NFS from WRQ. I've also had good experience with their X server. They had incredible technical support people too.

I had an issue with their X server after win2k came out and we were piloting our new desktop. We ran dual heads on some of our engineering stations and some of the guys were having really weird problems. I call up and go through about a half hour of troubleshooting with their very knowledgable level 1 support people, no dice, so she puts me through to the lead developer of the product! He asks me some questions and then notes that he has had two other clients reporting similar problems and asks for some time to come up with a test case. He does and emails it to me before the next morning. I follow it and report the results, he then tests it in his own lab and figures out what happened. Turns out MS gives junk screen geometry back if you are running dual head and the task bar is anywhere but the bottom of the first display with autohide disabled, the effected engineers were longtime mac users and had their taskbars at the top of the window. He gave us the workaround and told us he would see if he could code in a fix for the next release. From that point on I got a cd with a prerelease of each version until the problem was solved to our satisfaction.

Why not 2 days go??

[compange]

And I just killed AD on my server because my Linux boxes couldn't connect to it. Why didn't I just wait 2 more days.... Darn OpenSource Software. Changes too often.... :-P

Run Samba-only network

[whitmer]

There was a quite good article on EnterpriseITPlanet about upcoming Samba 3 and they discuss the possibility to run Samba 3-only network. Which is very feasible IMHO because you don't have to manage headaches such as AD. Of course, this works with Linux/Unix fellas only, not you, my dear MCSEs. Samba is way too complex software package for you GUI people to comprehend. ;)

Re:Run Samba-only network

[pe1chl]

Never used SWAT?

Re:Run Samba-only network

[licketyspit]

shhh... quit giving away our secrets!!! actually, I've never been very good at using swat. I just vi the smb.conf.

Features galour.

[Zaffle]

Samba 3.0 is the first real samba (excluding samba-tng), imho, that can replace a WinNT4 PDC (Primary Domain Controller) *fully*.

(eg: with samba3, the windows usrmgr.exe works for adding/deleting users & groups. (usrmgr.exe communicates over RPC, so I consider it something that should work for a windows primary domain controller). I have just recently setup for a company:

A samba PDC, with usrmgr.exe working.

With an LDAP backend for authenciation.

With posix ACLs on the file system (to allow *real* permission settings. The perms are still a bit wierd, and I feel better setting them in Linux rather than through the windows gui, but they do work).

With cups printer backend, so printing works great.

Basically, this machine fully replaces their windows NT4 server, and does it pretty damn well.

The move from NT4 to PDC was pretty good. Once everything is setup on the samba side, you can "net vampire" all of the user and group accounts over to the samba server, and the users can login with no problems.

The only missing feature was I needed some way to copy the file system on the NT box to the linux box and keep the ACLs.

Anyway, the samba team does a great job

Re:Features galour.

[pe1chl]

>The only missing feature was I needed some way to copy the file system on the NT box to the linux box and keep the ACLs.

How about installing the ROBOCOPY from the Windows 2000 Server resource kit in the NT box, and then using that (with the /SEC switch) to copy the files over. Wouldn't that work?

I use this ROBOCOPY version regularly for copying files with ACL info between NT servers. The version from the NT resource kit won't copy security info.

(The NT resource kit includes SCOPY but it is quite unreliable)

Re:Features galour.

[Zaffle]

How about installing the ROBOCOPY from the Windows 2000 Server resource kit in the NT box, and then using that (with the /SEC switch) to copy the files over. Wouldn't that work?

I tried that, well, tried scopy, didn't have the 2k resource kit. Kept getting, of all things, permission denied errors when trying to copy the file. (I permission to read the source, and permissiong to write to the destination). If I manually copied (eg using xcopy) the src to the dest, and manually applied the acl, it worked..

Must have been some strange bug/missing feature.

Re:Features galour.

[jeffkinney]

Source options /S : copy Subfolders /E : copy Subfolders, including Empty subfolders. /SEC : copy SECurity info (both source and dest must be NTFS).##

Re:Samba is useless

haha.

asshole.

it's possible to get it working even on beos.

hahaha.

Windows port not needed

[scsirob]

Just replace C:\WINDOWS\SYSTEM32\KERNEL32.DLL with /boot/vmlinuz-2.6.0 and you're all set.

Yep...

[haeger]

but it would be nice if newbies didnt have to run a webserver just to configure Samba

Don't. Use Comanche instead.

.haeger

AD Support & ACL's coming.. WhooHoo!

[1stflight]

Have to say Linux is coming right along!! With AD support, and soon to be ACL's in the filesystem (some already have it), all I'm wanting is a pretty GUI admin tool...

Okay, sorry I'm spoiled :)

Good job Samba Team!!!!

Re:Samba is useless

The only thing I can find about "Siemens Speedstream 2" is a Cable/DSL router, which is an external device. Not only that, but "Compatible with any operating system that supports Netscape or IE 4.0 and up web browsers, including Windows, MacOS, and Linux"

All your other hardware is supported either by the manufacturer (Audigy 2 and GeForce 4) or as a generic device (CD writer).

That was hard, wasn't it?

Re:Samba wha?....

[MarcQuadra]

Linux is going to start the march on the server end. Only after you build confidence using Linux for things like internal DNS and DHCP will management let you roll it out to things like file serving and domain control. After it's clear that Linux is reliable and secure you can push for Linux on the desktop within a small test group.

Right now (here on the east coast, at least) most managers and IT people will laugh you out of the room if you mention Linux seriously. Hell, most places I won' even mention that I 'do' Linux because people automatically think you're a neer-do-well or a commie, not to mention that those in IT who DO know are scared SHITLESS that their days are numbered.

A huge portion of the IT department where I work (a big bank) don't know ANYTHING about linux other than what they've read in 'Information Week'. I had a server admin ask me last week if she can 'run version 8 of Linux on Windows XP', this lady earns three times what I do as a server admin and all she knows is how to 'end task' and reboot, there's no chance an army of that kind of person is going to want to accept a new player on the network, she'd smell her job evaporating.

Re:Lucky Linux userssimple registry change

[thegoldenear]

batch file:

echo Allow a maximum of 255 concurrent connections to this machine
reg add "HKLM\System\CurrentControlSet\Services\LanmanServ er\Parameters" /v "Users" /t REG_DWORD /d "0x000000FF" /f

see http://thegoldenear.org/tweak/ for more

How to use the documentation...

[oliverthered]

1: MAN pages are like RFC's: it takes a while to work out how there written and what information they provide, but they tend to be consistant.

2: If you don't have a clue what the documentation is talking about then either look it up or don't touch anything that is anywhere nere a production system, because YOU DON'T KNOW WHAT YOUR DOING.

3: Once you know what your doing the man pages are quite easy to follow. You don't need to be an expert, just proficient in looking things up and working out whats going on in a logical manner.

Re:How to use the documentation...

[aled]

I mean that there has to be a better (easier) way. Nobody does know everything (except John Doe :-), but most people (like me) has general knowledge and need to learn a new tool why make it the difficult way? I insist: it can be done; the new samba documentation (which I haven't read in detail yeet, mea culpa) seems to be a very good attempt to easy the step.
Of course I don't know what I'm doing, if the only help I have is a few just-switch-names man pages, I may never do.

Re:How to use the documentation...

[oliverthered]

Using Samba, Second Edition
Samba Unleashed (Unleashed)

At least the documentation is better than most of the documentation you get with windows.

Re:How to use the documentation...

[aled]

Does are books, not the product documentation.

that's not true ..

[Macka]

The problem is none of the Unix filesystems do snapshots the right way for a client facing system. They all do a whole filesystem at a time snapshotting, not just change vectors

AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!

You shouldn't make statements like that without doing your homework.

Re:Lucky Linux userssimple registry change

[sonicattack]

How does this fit in the licensing scheme you've accepted when deciding to use Microsoft's products?

Of course a lot of systems are out there running without being in compliance, but for some administrators this is not an option. Not that I ever, ever would deploy a product with these kinds of synthetic usage restrictions.

Thanks for paying for our product. Now pay more if you want another 10 people to be able to use it.

simple registry change

[thegoldenear]

I don't know how/if that contravens the licence. if anyone can tell us then I can add a comment to that option in the program I referenced, for those who have to 'conform or die'

Replace Netatalk

[randomErr]

Now if only Samba 3 could replace Netatalk my life would be complete.

License Limits

The MS EULA is what artificially limits the number of connections. Running software which "multiplexes" user connections beyond those limits is a direct violation of the EULA.

Re:License Limits

[T3kno]

Isn't that exactly what Gateway Services for NetWare was designed to do? This is a bit old, but Microsoft is really the pot calling the kettle black on this issue.

FEULAs

Re:License Limits

[thegoldenear]

is it a violation of the EULA to change the registry to allow more than the default limit, or to actually have more concurrent connections than the default limit?

Pretty GUI?

[haeger]

Did You say pretty GUI?

Here's comanche for You.

.haeger

Re:Pretty GUI?

[Manic+Ken]

Pretty GUI...I dont know if the TK widgetset is pretty...

Slashdot does not use UBB

:rolleyes:

This is not a UBB forum, you moron.

Netware 7?

[FreeLinux]

I believe you will get your wish with the upcoming Netware 7. According to Novell it can be Linux based and I'm sure that they will fully support MS Clients. eDirectory is already head and shoulders above AD. This combined with the incredible power of ZenWorks should be very interesting.

Spend 2 more days RingTFM

[omega9]

Windows 2000 AD can run in one of two modes: mixed or native. In mixed mode, clients older then W2K can join the AD domain and SMB authentication can be performed. In native mode, only clients as recent as W2K can join the AD domain and KRB5 authentication is used exclusively (I'm pretty sure).

If you were using AD in a mixed mode environment, once you create the account for the machine in AD make sure you check the box that says something similar to "Allow pre-Windows 2000 computers to use this account" or it will not work. Of course, the documentation that comes with any recent stable version of Samba has had clear directions on how to do this for a long time.

mmm... Salted Hash...

[tommck]

They're called "salted hashes", by the way, ...

I think I had some of that with breakfast today!

T

Duel License

[LWATCDR]

Maybe Samba should be dual Licensed. GPL if used with a GPL'd or BSD's OS and a non free licence when used with non-free OS's like..... SCO... For SCO it is a billion zillion dollars per CPU cycle yea that's the ticket! And if the do not pay we get to turn there CEO inside out!.... Man I really have to stop reading SCO stories.

MCSE stands for

[SHEENmaster]

Minesweeper Consultant Solitaire Expert

("Call me Ishmail, dummy.", Moby Dick for Dummies)

Delixus makes Samba easy for Windows Admins

If you want a pretty GUI that is easy to use for Windows admins
then checkout Delixus: Delixus Screenshots.

It is an easy to use tool for the MCSE crowd. The GUI actually runs on Windows
and then accesses Linux over the network.

Re:Samba wha?....

[Medievalist]

Sure, modern (post V3) implementations of NFS have a key-passing mechanism.

But is it worth the ridiculous amount of time it takes to get competing vendors' software to interoperate?

It took me over a year to get HP-UX to run a stable NFS environment (because HP-UX 11.00's NFS was absolutely riddled with bugs that I had to wait for HP to patch - and HP is dead slow with patches) even before I introduced it to IBM and Sun machines.

Granted, this is more a criticism of HP and their hideous, antique *nix than it is of NFS. But I had samba up and running on HP-UX in a day....

MOD PARENT DOWN

[Medievalist]

The first twenty times I configured samba I wasn't running a web server. Come to think of it, I don't use a web server to configure samba now.

The parent post is either a troll or someone grievously misinformed. It should not have been moderated "interesting".

Samba does not require a web server, regardless of whether one is a "newbie" or not.