Slashdot Mirror
Samba 3.0.0RC1 Released
dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
← Back to Stories (view on slashdot.org)
Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
Way to Go Samba!
3) New authentication system. The internal authentication system has
:)
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
Does this mean I won't have to authenticate for every directory I access?
(Or are we misconfigured from the get go, and I should know and fixed such an issue
http://use.perl.org
Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.
Shit.
always the first to get the nice stuff. I can't wait till the Windows port comes out ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.
Great job, Samba team!
I've been checking out a win2003 AD install for a client lately. A fairly fast workstation(2.4ghz) The creating of SID's thingy is soooo slow. My feeling is that the whole Active Directory is not mature yet.
my social life is pretty much in
Just because you can't configure it right, don't call it 'broken'. Learn to read, and you'll figure it out.
I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.
I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.
Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.
Also, that build is compiled with GCC-3.3 if anyone's interested in that.
From the 3.0 FAQ
The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
AD is indeed VERY slow. I have to work with it at work and it blows. I wish they (the admins) would use a plain ole LDAP server. OpenLDAP is much better IMO.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Depends on the team. What some people release as "just an RC" others release as final and still others hold back as alpha or beta. Saying "release candidates are always garbage" takes nothing into account wrt the release management style of the programming team in question.
Now, if you had something to say about the quality of the Samba team's RC releases in particular, that'd be worthwhile -- but given how long the Samba 3 *betas* (not RCs, mind you, betas) have been stable, I doubt you'd be saying much the same thing.
Now, I would just love to see this in smbfs.
...MS agrees with agrees with everyone else in a public forum on a standard before implementation. Until then, we're reverse engineering and always behind the curve - by design.
Except there are many situations where it is impossible for everyone to just go ahead and install linux. I'm all for running linux, but in the "real world" people still run windows. If I can install a linux server running headless in the corner of a small office handling all of the file sharing/printing needs of that office, I'm happy. Programs like samba are important to show people that linux is a good operating system to use, even if it is just serving files.
Isn't NFS good enough?
No. How much security does NFS have built-in? Exactly none.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?
You don't have to install it Richard. For those of us with jobs to do however, this is a big step forward.
NFS is fine and all, but its limited to really unixy networking.
That said Active directory actively puzzles me (as does LDAP). I guess its back to the books again. I guess my windoze knowledge never did advance much beyond NT4.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
On a small scale, it seems that such crossover projects hurt Linux. On a large scale, however, the picture is quite different.
Anyone who has administered large numbers of computers knows that sweeping changes are nearly impossible to execute. This is not due to technological restrictions, but rather those of the social variety: people don't like change, and require help in adapting. They need a period of migration.
If there is no way to migrate, large scale deployments of Linux will be avoided-- it simply costs too much to change things without a smooth transition.
For this reason, Samba does not hurt Linux. It should certainly be noted also that Samba actually does alot of Windows networking things faster than Windows it self-- there are benchmarks kicking around to this effect.
So not only does Samba allow easy migration, but it allows interoperability between platforms and a superior solution to existing applications.
~geogeek
I think you're trolling, but I'll answer anyway. First of all, Active Directory is a Microsoft-specific directory services protocol, it's not an open specification that the Samba folks can go and download and implement. If it weren't for the Samba people, your only option would have been to purchase Windows 2000/03 Server for Active Directory support.
Furthermore, you've clearly never reverse-engineered a protocol before. Since Microsoft doesn't release specifications for Active Directory interactions, the Samba team has to pretty much capture thousands of packets as a workstation logs in, then logs out, then logs in, then logs out, etc. and stare at the data for weeks or months to figure out how to emulate the AD logon. And then they have to do this for domain discovery, resource sharing, and all the other operations that AD supports. To do this for an entire suite of functionality can take years.
Frankly, I'm surprised and pleased that they've managed to build the excellent support they have for MS' network protocols, and I think the Samba team deserves some congratulations. Thanks and keep up the good work!
One of the steps towards linux-only is getting the servers on linux. Linux servers are becoming very popular, but that doesn't mean that every place has them yet, let alone linux workstations.
Many IT departments have already replaced some (or all) windows servers with linux servers, running Samba to provide the same services to their workstations. If Samba didn't exist, they wouldn't be switching their servers to it, since it would be incompatible with their existing windows servers. Nobody is going to upgrade if it means they lose features (namely, all the features samba provides).
There is just beginning to be a move towards linux on the desktop, and there have been a few articles on /. about it recently. My personal view is that it's not quite there yet, but close. I just work at a small company, but likely within a year I will have linux on the desktops. Some companies are beginning to roll out linux workstations, but not that many. And certainly not many enterprises.
You even say it yourself:
I've already gone 100% Linux on any networks I can.
Why not all of them? Without samba, it would basically be either 100% linux networks, or 0% linux networks. At the most, linux would be limited to being a router, NAS, webserver, etc.. which isn't bad, but it's leaving a monopoly on a fairly critical service (authentication) to one platform.
Speak before you think
I personally don't think it's flamebait, it's a valid comment. But just misinformed and poorly approached. The fact he has his signature in the comment and not as a specific signature (which I have turned off) does increase his newbie rating, but whatever.
Samba isn't just Linux, I run Samba on a Solaris box. Unfortunately, at this point in time, you still need Samba and Microsoft, but as Tridge has said, in 20 years time, people will still be using Rsync, but Samba will have been forgotten.
Vanilla LDAP != inherently better than AD. There are some crappy LDAP servers out there. Whatever you can say about openLDAP, the management and administration side of it is primitive.
I consider AD to be a viable general-purpose LDAP server for certain applications. I'm using it for a 20K user directory right now...but I wouldn't go over 250K with it, especially one that required any kind of master-hub-replica architecture to scale.
Premature optimization is the root of all evil
Samba runs on a Linux/unix server, and lets Windows clients think they're talking to a Windows server.
So, you can share files and printers just like you would if you were running a Microsoft-based server, but without paying for an MS licence.
This is possible because originally MS' file sharing standards were published as an (incomplete) open standard, and many patient developers have figured out how to make it work.
A pure Linux network can also be configured with shared files and printers from a central server. There are a few standards that let you do that; most commonly the standard that's been around for a long time is called NFS.
I know that GimpPrint will make it into Panther, but I think it would be great if some version of Samba 3.0 could make its way into Mac OS X 10.3. The best reason being that Samba 3.0 is supposed to support the signed transmission security that Windows Server 2003 implements. Rock on!
Programmer Analyst
Davenport, FL
Man, couldn't he find a better place to live?
Please help metamoderate.
Anyone know how the wins support is? It looks like samba 3 will finally be able to replicate. Currently Samba can't replicate with NT servers, or as far as I know, even with other Samba servers. That sort of limits Samba in terms of redundancy. Is adding static entries to WINS new as well? I don't recall ever seeing that in the samba 2 documentation - that's been an unfortunate hang up where I work.
Samba isn't about creating a new 'innovative' network file system - it's about a tool for interoperating with the widest spread legacy protocol out there. And if you have noticed, MS isn't exactly keen on adopting any of the innovative open source ones like OpenAFS or CODA etc.
There are plenty of innovative open source protcols out there, but how do you expect them to be adopted when just about everybody else (ie MS) won't use them? And in the meantime you'd deny the usefulness of Samba?
It's a chicken and egg situation, and Samba breaks that. Samba allows Unix/Linux/*BSD to interoperate with Windows networks. Then once open source stuff is installed widely, then you can start using other open standards.
Gee and this is from and AC with no proof or benchmarks. Well that settles it, Samba RC3 is officially "broken and horribly slow."
:rolleyes:
Glad this was modded up to +5 Informative so we all know to never use Samba 3.x.
If you wanna get rich, you know that payback is a bitch
There are plenty of of more elegant solutions for filesharing that have been developed and implemented in an open manner. AFS was designed at CMU and OpenAFS is largely the result of U of Michigan. This is certainly inovative and it is also open source. Painting 'open source' as a monolithic entity is silly, you may as well say that "I knew an MIT grad and he was a git, so all MIT grads are gits."
I have no reason to make Linux 'act like' Windows at home, where I can run a LInux network. However, at work I don't have that luxury. Networking with Windows is a reality. For this, Samba is an amazingly good piece of kit.
Think global, act loco
You should. OpenLDAP is very good. However, you can also look at commercial versions put out by Novell and Sun. Present them with choice over the MS dictate method.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
The problem is, is that AD is not a general purpose LDAP server. They diverged too much from regular ole LDAP which makes coding against it a pain. The company I am at have 110,000 employees in it plus other junk. It just get a little too slow for me with that much stuff in it. OpenLDAP and Novell can handle it with no problems. I also had more of a pain coding a java app and a php site to use it over a standard LDAP server.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Why, oh why chunk everything into one huge and fumbly command? I find "net ???" on Windows to be a pain in the arse to use and usually end up going through several 'net help blah' sessions when looking for how to do something.
Keep smbpasswd separate. You can still chunk it by prefixing smb-related commands with "smb" (hit [tab] to see the list of commands and start with smb). Not good, or what? I think it's fine.
I just got back from a weekend retreat, but I have written a script/gui for doing this, and it works fine in production (where the people know what they are doing) but the setup is pretty automatic, and the gui (based on kommander (part of quanta atm)) allows a simple gui interface to the setup, which should all work, but as I said I need people to play with it and break things!
It should work for gentoo and redhat, atm.
sloppyadm.sourceforge.net if you are interested in helping.
Care to back that up?
NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.
I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.
Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.
But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
Samba 3.0 has been in development and beta for quite some time. Those builds have all had functioning AD support. So they're not "just adding" it. They had to reverse-engineer it because Microsoft don't companies to have a choice outside of their shitty products. So yeah, go out and buy Windows 2000 Server. The rest of us will just download Samba 3.0 for free.
Idiot.
Samba makes it very easy to get a linux box on a customers network. It also allows me to undercut the hell out of competitive bids in our area. All we are competing against it a bunch of vendors in the area and all they know how to do is windows and MS products. This allows us to completely smear any and all bids we run against them. We are doing it as much as we can right now because as linux spreads it is going to get a whole lot harder to do this and still make the profits we are making.
Got Code?
Has samba ever been such a good implementation of M$ that it's fallen victim to viruses that are targeted at one of the M$ variants?
In fact SAMBA makes a BETTER print server than windows, at least if you add a little glue. Cisco systems has only two print admins for thousands of printers at hundreds of sites around the world, including many in manufacturing facilities that are absolutly mission critical (no labels or packing slips means nothing goes out the door). The man behind Cisco printing added a database and distributed printing system to SAMBA and made CEPS or Cisco Enterprise Printing System. We lost our local linux print server one day but other than a little longer queue time for large docs no one noticed because a remote print server took over the queue and handled all the functions from the failed unit. For more info see the Ceps project at sourceforge.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?
No, this is exactly what is needed to displace Mictosoft. Other than email, the second biggest use by client computers of a server is for file-serving. No matter how good Linux is, Microsoft has an iron-clad hold on that area for Windows clients, because users can browse and print through the interface they know so well. If that can be subbed out in a way invisible to the user, the reason for having Windows servers gets a great deal weaker. Breaking Microsoft's server hold is critical - if they can't control the protocols that they talk to the client in, then they cannot create propietary standards on the client, which eventually allows real competition.
think about it...what is the primary reason to run samba?
give up? it's integration in to a Windows network. there are other network share protocols that work on basically every other OS, and would be the first choice for networks containing only those OSes (i.e. NFS for *nix nets, Appleshare for Mac nets)
Most people who run samba will simply be wanting to access the data the same way they would on their windows box. using the same commands will make it simpler on them.
Usually when the subject of windows imitation is brought up, I don't like it, but this is one situation where it is very useful.
Lets say you have a WinXP box that you need to get a PDF off of and on to a few of your systems. Which is easier:
1.
Go to Win2k box, run "net use * \\WinXPBox\C$"
Go to Linux box, run "smbmount blah blah..." (sorry i havent used smbmount in forever)
Go to OS X box, mount it however that does it
or
2.
On all boxen, run "net use [chosen mount point] \\WinXPBox\C$"
obviously using the same command everywhere simplifies things.
Windows did SMB first, and the point of SAMBA is to duplicate the SMB services that Windows offers, so logically unless Microsoft did something so horribly wrong that most users would prefer doing things a different way, make the command identical.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Where would one look for some good solid infomation on what all these buzzwords such as "shadow copy" and "active directy" accually mean? Ive seen those horrid 2003 server ads, but what do these features accually do?
> when a Windows server can be had that can do it out of the
... They don't even ship with Perl, for crying
...).
> box with very little administration
That would represent a very radical change in Microsoft policy.
Don't get me wrong, NT has some things going for it, but "doing
it all out of the box" isn't one of them. All that stuff is
*available*, of course, and once you install it you have a
pretty decent system, but it's not included OOTB. The reason
for this goes directly back to Microsoft policy: the OOTB system
is a base platform with basic functionality, suitable for the
majority of users who have simple expectations. The minority
who need features can obtain them separately. (Time was when
they obtained them separately from third-party software vendors.
These days with a few exceptions it's mostly either direct from
MS or ports of OSS stuff free from the net. But the principle
is the same.)
Out of the box, Windows systems are junk. You have to download
and install a couple of gigabytes of software to make a Windows
system useful. They don't ship with Apache, or a decent Java
vm, no python, no decent command shell, no decent text editor,
no secure shell server (critical for most servers, especially
headless servers),
out loud. *Every* OS ships with Perl -- well, pretty much every
non-handheld OS that matters, except Windows and VMS.
After you download and install a couple of gigs of software,
then your Windows system starts to become useful.
Most Linux distros have the reverse problem -- three or four
competing implementations of almost everything, with notable
singleton exceptions like (oooh, back to topic) Samba, and
ten or twelve competing implementations of some things, even
more of certain key things (shells, window managers,
Samba IMO could use a competitor (that runs on something besides
Windows). Just one competitor, though, not four or five or six.
Preferably one written in a VHLL, and written in a more modular
and flexible fashion so it can do things like support for multiple
network/transport layers for compatibility with systems that are
configured not to route NetBIOS over TCP/IP.
Cut that out, or I will ship you to Norilsk in a box.
My friend, John Terpstra, wrote those docs. Way to go, John! Your long hours paid off with a compliment on Slashdot! Your life is redeemed! ................ kris
"I thought I could organize freedom. How Scandinavian of me."
There was a quite good article on EnterpriseITPlanet about upcoming Samba 3 and they discuss the possibility to run Samba 3-only network. Which is very feasible IMHO because you don't have to manage headaches such as AD. Of course, this works with Linux/Unix fellas only, not you, my dear MCSEs. Samba is way too complex software package for you GUI people to comprehend. ;)
Samba 3.0 is the first real samba (excluding samba-tng), imho, that can replace a WinNT4 PDC (Primary Domain Controller) *fully*.
(eg: with samba3, the windows usrmgr.exe works for adding/deleting users & groups. (usrmgr.exe communicates over RPC, so I consider it something that should work for a windows primary domain controller). I have just recently setup for a company:
A samba PDC, with usrmgr.exe working.
With an LDAP backend for authenciation.
With posix ACLs on the file system (to allow *real* permission settings. The perms are still a bit wierd, and I feel better setting them in Linux rather than through the windows gui, but they do work).
With cups printer backend, so printing works great.
Basically, this machine fully replaces their windows NT4 server, and does it pretty damn well.
The move from NT4 to PDC was pretty good. Once everything is setup on the samba side, you can "net vampire" all of the user and group accounts over to the samba server, and the users can login with no problems.
The only missing feature was I needed some way to copy the file system on the NT box to the linux box and keep the ACLs.
Anyway, the samba team does a great job
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
Just replace C:\WINDOWS\SYSTEM32\KERNEL32.DLL with /boot/vmlinuz-2.6.0 and you're all set.
To Terminate, or not to Terminate, that's the question - SCSIROB
Have to say Linux is coming right along!! With AD support, and soon to be ACL's in the filesystem (some already have it), all I'm wanting is a pretty GUI admin tool...
:)
Okay, sorry I'm spoiled
Good job Samba Team!!!!
3000 dead over past 2 years, still no free Palestinians, still
Linux is going to start the march on the server end. Only after you build confidence using Linux for things like internal DNS and DHCP will management let you roll it out to things like file serving and domain control. After it's clear that Linux is reliable and secure you can push for Linux on the desktop within a small test group.
Right now (here on the east coast, at least) most managers and IT people will laugh you out of the room if you mention Linux seriously. Hell, most places I won' even mention that I 'do' Linux because people automatically think you're a neer-do-well or a commie, not to mention that those in IT who DO know are scared SHITLESS that their days are numbered.
A huge portion of the IT department where I work (a big bank) don't know ANYTHING about linux other than what they've read in 'Information Week'. I had a server admin ask me last week if she can 'run version 8 of Linux on Windows XP', this lady earns three times what I do as a server admin and all she knows is how to 'end task' and reboot, there's no chance an army of that kind of person is going to want to accept a new player on the network, she'd smell her job evaporating.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
batch file:
v er\Parameters" /v "Users" /t REG_DWORD /d "0x000000FF" /f
echo Allow a maximum of 255 concurrent connections to this machine
reg add "HKLM\System\CurrentControlSet\Services\LanmanSer
see http://thegoldenear.org/tweak/ for more
AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!
You shouldn't make statements like that without doing your homework.