Slashdot Mirror
Samba 3.0.0RC1 Released
dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
← Back to Stories (view on slashdot.org)
broken and horribly slow!
.. moved back to v2 after about an
i installed v3
hour of being pissed off at trying to speed it up
to the v2 levels
opps :)
Bug= Big
From the 3.0 FAQ
The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
Now, I would just love to see this in smbfs.
Isn't NFS good enough?
No. How much security does NFS have built-in? Exactly none.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Samba runs on a Linux/unix server, and lets Windows clients think they're talking to a Windows server.
So, you can share files and printers just like you would if you were running a Microsoft-based server, but without paying for an MS licence.
This is possible because originally MS' file sharing standards were published as an (incomplete) open standard, and many patient developers have figured out how to make it work.
A pure Linux network can also be configured with shared files and printers from a central server. There are a few standards that let you do that; most commonly the standard that's been around for a long time is called NFS.
why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some .dll to log a M$ box into an ldap ssha or cert , standards kerberos environment?
There is an open source GINA implementation to auth against other services.
http://pgina.xpasystems.com/
I think it comes in two parts, one a general backend and there are a bunch of different auth systems.
Some version did.
I believe the 5k limit has been raised in Windows Server 2003.
Care to back that up?
NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.
I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.
Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.
But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
Samba 3.0 has been in development and beta for quite some time. Those builds have all had functioning AD support. So they're not "just adding" it. They had to reverse-engineer it because Microsoft don't companies to have a choice outside of their shitty products. So yeah, go out and buy Windows 2000 Server. The rest of us will just download Samba 3.0 for free.
Idiot.
In fact SAMBA makes a BETTER print server than windows, at least if you add a little glue. Cisco systems has only two print admins for thousands of printers at hundreds of sites around the world, including many in manufacturing facilities that are absolutly mission critical (no labels or packing slips means nothing goes out the door). The man behind Cisco printing added a database and distributed printing system to SAMBA and made CEPS or Cisco Enterprise Printing System. We lost our local linux print server one day but other than a little longer queue time for large docs no one noticed because a remote print server took over the queue and handled all the functions from the failed unit. For more info see the Ceps project at sourceforge.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Apple may stick with an older version of SAMBA for the client if they judge it to be more stable: including it with the server is likely to be because it has compelling new features.
You are not alone. This is not normal. None of this is normal.
LDAP servers are pretty much quasi-object-oriented databases (LDAP is the protocol used to talk to the server). On a Unix-like system, you could store all the user information (/etc/passwd, /etc/shadow, /etc/group, everything) in an LDAP directory. But you can really store anything in an LDAP directory, such as the complete DNS database for a server. This can be handy because LDAP has replication and such built right in, so you no longer need to worry about DNS replication. These are the two big things stored in the Active Directory in Windows (user information and DNS records).
As for Kerberos, it's a secure authentication mechanism. The whole process is kind of complicated, but here are the basics. When you log in to a Kerberos domain (this is just a normal domain login for Windows) what you are doing is requesting a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC). The TGT is returned, encrypted. If your password decrypts the TGT properly, you're logged in. Note that your password never goes over the network! Now you want to access a service on another machine in the same domain. You give your TGT to the KDC, asking it for a ticket to the specified machine. You get the ticket back, then provide it to the server. The server verifies the ticket similar to how the TGT is verified at login, and if it passes, then you've identified yourself securely. This means you don't need your password at all once you get your TGT, unless for some reason you need to get a new TGT. So Kerberos is both a secure authentication mechanism and a single sign-on mechanism.
Believe me, all this is a huge leap forward for Microsoft. Even though they keep adding proprietary bits to both LDAP and Kerberos, they are at least getting on the open standards bandwagon. And technologically, this is all far superior to the way Windows NT did things.
There was a quite good article on EnterpriseITPlanet about upcoming Samba 3 and they discuss the possibility to run Samba 3-only network. Which is very feasible IMHO because you don't have to manage headaches such as AD. Of course, this works with Linux/Unix fellas only, not you, my dear MCSEs. Samba is way too complex software package for you GUI people to comprehend. ;)
I wrote a replacement GINA for $BIG_PROJECT that I was on. What a nightmare.
Unfortunately, GINA doesn't do everything, and it is (or at least was when I had the misfortune to write a replacement GINA) very badly documented. We had a $40K support contract with MS to provide us development support for this, but it was a complete waste of money - they couldn't answer our questions. We ended up essentially reverse engineering msgina.dll to find out exactly what needed to be set for everything to work correctly (we were writing a complete replacement, rather than a stub GINA).
Oolite: Elite-like game. For Mac, Linux and Windows
batch file:
v er\Parameters" /v "Users" /t REG_DWORD /d "0x000000FF" /f
echo Allow a maximum of 255 concurrent connections to this machine
reg add "HKLM\System\CurrentControlSet\Services\LanmanSer
see http://thegoldenear.org/tweak/ for more
AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!
You shouldn't make statements like that without doing your homework.