Slashdot Mirror
Samba 3.0.0RC1 Released
dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
← Back to Stories (view on slashdot.org)
Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
Way to Go Samba!
3) New authentication system. The internal authentication system has
:)
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
Does this mean I won't have to authenticate for every directory I access?
(Or are we misconfigured from the get go, and I should know and fixed such an issue
http://use.perl.org
Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.
Shit.
always the first to get the nice stuff. I can't wait till the Windows port comes out ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.
Great job, Samba team!
I've been checking out a win2003 AD install for a client lately. A fairly fast workstation(2.4ghz) The creating of SID's thingy is soooo slow. My feeling is that the whole Active Directory is not mature yet.
my social life is pretty much in
I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.
I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.
Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.
Also, that build is compiled with GCC-3.3 if anyone's interested in that.
From the 3.0 FAQ
The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
AD is indeed VERY slow. I have to work with it at work and it blows. I wish they (the admins) would use a plain ole LDAP server. OpenLDAP is much better IMO.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Depends on the team. What some people release as "just an RC" others release as final and still others hold back as alpha or beta. Saying "release candidates are always garbage" takes nothing into account wrt the release management style of the programming team in question.
Now, if you had something to say about the quality of the Samba team's RC releases in particular, that'd be worthwhile -- but given how long the Samba 3 *betas* (not RCs, mind you, betas) have been stable, I doubt you'd be saying much the same thing.
Now, I would just love to see this in smbfs.
...MS agrees with agrees with everyone else in a public forum on a standard before implementation. Until then, we're reverse engineering and always behind the curve - by design.
Except there are many situations where it is impossible for everyone to just go ahead and install linux. I'm all for running linux, but in the "real world" people still run windows. If I can install a linux server running headless in the corner of a small office handling all of the file sharing/printing needs of that office, I'm happy. Programs like samba are important to show people that linux is a good operating system to use, even if it is just serving files.
Isn't NFS good enough?
No. How much security does NFS have built-in? Exactly none.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?
You don't have to install it Richard. For those of us with jobs to do however, this is a big step forward.
NFS is fine and all, but its limited to really unixy networking.
That said Active directory actively puzzles me (as does LDAP). I guess its back to the books again. I guess my windoze knowledge never did advance much beyond NT4.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
On a small scale, it seems that such crossover projects hurt Linux. On a large scale, however, the picture is quite different.
Anyone who has administered large numbers of computers knows that sweeping changes are nearly impossible to execute. This is not due to technological restrictions, but rather those of the social variety: people don't like change, and require help in adapting. They need a period of migration.
If there is no way to migrate, large scale deployments of Linux will be avoided-- it simply costs too much to change things without a smooth transition.
For this reason, Samba does not hurt Linux. It should certainly be noted also that Samba actually does alot of Windows networking things faster than Windows it self-- there are benchmarks kicking around to this effect.
So not only does Samba allow easy migration, but it allows interoperability between platforms and a superior solution to existing applications.
~geogeek
I think you're trolling, but I'll answer anyway. First of all, Active Directory is a Microsoft-specific directory services protocol, it's not an open specification that the Samba folks can go and download and implement. If it weren't for the Samba people, your only option would have been to purchase Windows 2000/03 Server for Active Directory support.
Furthermore, you've clearly never reverse-engineered a protocol before. Since Microsoft doesn't release specifications for Active Directory interactions, the Samba team has to pretty much capture thousands of packets as a workstation logs in, then logs out, then logs in, then logs out, etc. and stare at the data for weeks or months to figure out how to emulate the AD logon. And then they have to do this for domain discovery, resource sharing, and all the other operations that AD supports. To do this for an entire suite of functionality can take years.
Frankly, I'm surprised and pleased that they've managed to build the excellent support they have for MS' network protocols, and I think the Samba team deserves some congratulations. Thanks and keep up the good work!
One of the steps towards linux-only is getting the servers on linux. Linux servers are becoming very popular, but that doesn't mean that every place has them yet, let alone linux workstations.
Many IT departments have already replaced some (or all) windows servers with linux servers, running Samba to provide the same services to their workstations. If Samba didn't exist, they wouldn't be switching their servers to it, since it would be incompatible with their existing windows servers. Nobody is going to upgrade if it means they lose features (namely, all the features samba provides).
There is just beginning to be a move towards linux on the desktop, and there have been a few articles on /. about it recently. My personal view is that it's not quite there yet, but close. I just work at a small company, but likely within a year I will have linux on the desktops. Some companies are beginning to roll out linux workstations, but not that many. And certainly not many enterprises.
You even say it yourself:
I've already gone 100% Linux on any networks I can.
Why not all of them? Without samba, it would basically be either 100% linux networks, or 0% linux networks. At the most, linux would be limited to being a router, NAS, webserver, etc.. which isn't bad, but it's leaving a monopoly on a fairly critical service (authentication) to one platform.
Speak before you think
Vanilla LDAP != inherently better than AD. There are some crappy LDAP servers out there. Whatever you can say about openLDAP, the management and administration side of it is primitive.
I consider AD to be a viable general-purpose LDAP server for certain applications. I'm using it for a 20K user directory right now...but I wouldn't go over 250K with it, especially one that required any kind of master-hub-replica architecture to scale.
Premature optimization is the root of all evil
Samba runs on a Linux/unix server, and lets Windows clients think they're talking to a Windows server.
So, you can share files and printers just like you would if you were running a Microsoft-based server, but without paying for an MS licence.
This is possible because originally MS' file sharing standards were published as an (incomplete) open standard, and many patient developers have figured out how to make it work.
A pure Linux network can also be configured with shared files and printers from a central server. There are a few standards that let you do that; most commonly the standard that's been around for a long time is called NFS.
I know that GimpPrint will make it into Panther, but I think it would be great if some version of Samba 3.0 could make its way into Mac OS X 10.3. The best reason being that Samba 3.0 is supposed to support the signed transmission security that Windows Server 2003 implements. Rock on!
Programmer Analyst
Davenport, FL
Man, couldn't he find a better place to live?
Please help metamoderate.
Anyone know how the wins support is? It looks like samba 3 will finally be able to replicate. Currently Samba can't replicate with NT servers, or as far as I know, even with other Samba servers. That sort of limits Samba in terms of redundancy. Is adding static entries to WINS new as well? I don't recall ever seeing that in the samba 2 documentation - that's been an unfortunate hang up where I work.
Samba isn't about creating a new 'innovative' network file system - it's about a tool for interoperating with the widest spread legacy protocol out there. And if you have noticed, MS isn't exactly keen on adopting any of the innovative open source ones like OpenAFS or CODA etc.
There are plenty of innovative open source protcols out there, but how do you expect them to be adopted when just about everybody else (ie MS) won't use them? And in the meantime you'd deny the usefulness of Samba?
It's a chicken and egg situation, and Samba breaks that. Samba allows Unix/Linux/*BSD to interoperate with Windows networks. Then once open source stuff is installed widely, then you can start using other open standards.
Gee and this is from and AC with no proof or benchmarks. Well that settles it, Samba RC3 is officially "broken and horribly slow."
:rolleyes:
Glad this was modded up to +5 Informative so we all know to never use Samba 3.x.
If you wanna get rich, you know that payback is a bitch
There are plenty of of more elegant solutions for filesharing that have been developed and implemented in an open manner. AFS was designed at CMU and OpenAFS is largely the result of U of Michigan. This is certainly inovative and it is also open source. Painting 'open source' as a monolithic entity is silly, you may as well say that "I knew an MIT grad and he was a git, so all MIT grads are gits."
I have no reason to make Linux 'act like' Windows at home, where I can run a LInux network. However, at work I don't have that luxury. Networking with Windows is a reality. For this, Samba is an amazingly good piece of kit.
Think global, act loco
Why, oh why chunk everything into one huge and fumbly command? I find "net ???" on Windows to be a pain in the arse to use and usually end up going through several 'net help blah' sessions when looking for how to do something.
Keep smbpasswd separate. You can still chunk it by prefixing smb-related commands with "smb" (hit [tab] to see the list of commands and start with smb). Not good, or what? I think it's fine.
I just got back from a weekend retreat, but I have written a script/gui for doing this, and it works fine in production (where the people know what they are doing) but the setup is pretty automatic, and the gui (based on kommander (part of quanta atm)) allows a simple gui interface to the setup, which should all work, but as I said I need people to play with it and break things!
It should work for gentoo and redhat, atm.
sloppyadm.sourceforge.net if you are interested in helping.
Care to back that up?
NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.
I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.
Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.
But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
Samba makes it very easy to get a linux box on a customers network. It also allows me to undercut the hell out of competitive bids in our area. All we are competing against it a bunch of vendors in the area and all they know how to do is windows and MS products. This allows us to completely smear any and all bids we run against them. We are doing it as much as we can right now because as linux spreads it is going to get a whole lot harder to do this and still make the profits we are making.
Got Code?
In fact SAMBA makes a BETTER print server than windows, at least if you add a little glue. Cisco systems has only two print admins for thousands of printers at hundreds of sites around the world, including many in manufacturing facilities that are absolutly mission critical (no labels or packing slips means nothing goes out the door). The man behind Cisco printing added a database and distributed printing system to SAMBA and made CEPS or Cisco Enterprise Printing System. We lost our local linux print server one day but other than a little longer queue time for large docs no one noticed because a remote print server took over the queue and handled all the functions from the failed unit. For more info see the Ceps project at sourceforge.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
think about it...what is the primary reason to run samba?
give up? it's integration in to a Windows network. there are other network share protocols that work on basically every other OS, and would be the first choice for networks containing only those OSes (i.e. NFS for *nix nets, Appleshare for Mac nets)
Most people who run samba will simply be wanting to access the data the same way they would on their windows box. using the same commands will make it simpler on them.
Usually when the subject of windows imitation is brought up, I don't like it, but this is one situation where it is very useful.
Lets say you have a WinXP box that you need to get a PDF off of and on to a few of your systems. Which is easier:
1.
Go to Win2k box, run "net use * \\WinXPBox\C$"
Go to Linux box, run "smbmount blah blah..." (sorry i havent used smbmount in forever)
Go to OS X box, mount it however that does it
or
2.
On all boxen, run "net use [chosen mount point] \\WinXPBox\C$"
obviously using the same command everywhere simplifies things.
Windows did SMB first, and the point of SAMBA is to duplicate the SMB services that Windows offers, so logically unless Microsoft did something so horribly wrong that most users would prefer doing things a different way, make the command identical.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
My friend, John Terpstra, wrote those docs. Way to go, John! Your long hours paid off with a compliment on Slashdot! Your life is redeemed! ................ kris
"I thought I could organize freedom. How Scandinavian of me."
LDAP servers are pretty much quasi-object-oriented databases (LDAP is the protocol used to talk to the server). On a Unix-like system, you could store all the user information (/etc/passwd, /etc/shadow, /etc/group, everything) in an LDAP directory. But you can really store anything in an LDAP directory, such as the complete DNS database for a server. This can be handy because LDAP has replication and such built right in, so you no longer need to worry about DNS replication. These are the two big things stored in the Active Directory in Windows (user information and DNS records).
As for Kerberos, it's a secure authentication mechanism. The whole process is kind of complicated, but here are the basics. When you log in to a Kerberos domain (this is just a normal domain login for Windows) what you are doing is requesting a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC). The TGT is returned, encrypted. If your password decrypts the TGT properly, you're logged in. Note that your password never goes over the network! Now you want to access a service on another machine in the same domain. You give your TGT to the KDC, asking it for a ticket to the specified machine. You get the ticket back, then provide it to the server. The server verifies the ticket similar to how the TGT is verified at login, and if it passes, then you've identified yourself securely. This means you don't need your password at all once you get your TGT, unless for some reason you need to get a new TGT. So Kerberos is both a secure authentication mechanism and a single sign-on mechanism.
Believe me, all this is a huge leap forward for Microsoft. Even though they keep adding proprietary bits to both LDAP and Kerberos, they are at least getting on the open standards bandwagon. And technologically, this is all far superior to the way Windows NT did things.
Samba 3.0 is the first real samba (excluding samba-tng), imho, that can replace a WinNT4 PDC (Primary Domain Controller) *fully*.
(eg: with samba3, the windows usrmgr.exe works for adding/deleting users & groups. (usrmgr.exe communicates over RPC, so I consider it something that should work for a windows primary domain controller). I have just recently setup for a company:
A samba PDC, with usrmgr.exe working.
With an LDAP backend for authenciation.
With posix ACLs on the file system (to allow *real* permission settings. The perms are still a bit wierd, and I feel better setting them in Linux rather than through the windows gui, but they do work).
With cups printer backend, so printing works great.
Basically, this machine fully replaces their windows NT4 server, and does it pretty damn well.
The move from NT4 to PDC was pretty good. Once everything is setup on the samba side, you can "net vampire" all of the user and group accounts over to the samba server, and the users can login with no problems.
The only missing feature was I needed some way to copy the file system on the NT box to the linux box and keep the ACLs.
Anyway, the samba team does a great job
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
Just replace C:\WINDOWS\SYSTEM32\KERNEL32.DLL with /boot/vmlinuz-2.6.0 and you're all set.
To Terminate, or not to Terminate, that's the question - SCSIROB
batch file:
v er\Parameters" /v "Users" /t REG_DWORD /d "0x000000FF" /f
echo Allow a maximum of 255 concurrent connections to this machine
reg add "HKLM\System\CurrentControlSet\Services\LanmanSer
see http://thegoldenear.org/tweak/ for more
AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!
You shouldn't make statements like that without doing your homework.