Slashdot Mirror
Samba 3.0.0RC1 Released
dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
← Back to Stories (view on slashdot.org)
Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
Way to Go Samba!
Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.
Shit.
always the first to get the nice stuff. I can't wait till the Windows port comes out ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.
Great job, Samba team!
I've been checking out a win2003 AD install for a client lately. A fairly fast workstation(2.4ghz) The creating of SID's thingy is soooo slow. My feeling is that the whole Active Directory is not mature yet.
my social life is pretty much in
I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.
I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.
Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.
Also, that build is compiled with GCC-3.3 if anyone's interested in that.
From the 3.0 FAQ
The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
My brain doesn't have the neural paths to understand some unix documentation, including samba, many man pages, etc. They seem to be produced from the old IBM school that says that the documentation should be for people that already is expert on the topic.
And don't forget all those switchs that are platform dependent, remember the source code is the documentation.
"I think this line is mostly filler"
Depends on the team. What some people release as "just an RC" others release as final and still others hold back as alpha or beta. Saying "release candidates are always garbage" takes nothing into account wrt the release management style of the programming team in question.
Now, if you had something to say about the quality of the Samba team's RC releases in particular, that'd be worthwhile -- but given how long the Samba 3 *betas* (not RCs, mind you, betas) have been stable, I doubt you'd be saying much the same thing.
Now, I would just love to see this in smbfs.
...MS agrees with agrees with everyone else in a public forum on a standard before implementation. Until then, we're reverse engineering and always behind the curve - by design.
Except there are many situations where it is impossible for everyone to just go ahead and install linux. I'm all for running linux, but in the "real world" people still run windows. If I can install a linux server running headless in the corner of a small office handling all of the file sharing/printing needs of that office, I'm happy. Programs like samba are important to show people that linux is a good operating system to use, even if it is just serving files.
Isn't NFS good enough?
No. How much security does NFS have built-in? Exactly none.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?
You don't have to install it Richard. For those of us with jobs to do however, this is a big step forward.
NFS is fine and all, but its limited to really unixy networking.
That said Active directory actively puzzles me (as does LDAP). I guess its back to the books again. I guess my windoze knowledge never did advance much beyond NT4.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
On a small scale, it seems that such crossover projects hurt Linux. On a large scale, however, the picture is quite different.
Anyone who has administered large numbers of computers knows that sweeping changes are nearly impossible to execute. This is not due to technological restrictions, but rather those of the social variety: people don't like change, and require help in adapting. They need a period of migration.
If there is no way to migrate, large scale deployments of Linux will be avoided-- it simply costs too much to change things without a smooth transition.
For this reason, Samba does not hurt Linux. It should certainly be noted also that Samba actually does alot of Windows networking things faster than Windows it self-- there are benchmarks kicking around to this effect.
So not only does Samba allow easy migration, but it allows interoperability between platforms and a superior solution to existing applications.
~geogeek
I think you're trolling, but I'll answer anyway. First of all, Active Directory is a Microsoft-specific directory services protocol, it's not an open specification that the Samba folks can go and download and implement. If it weren't for the Samba people, your only option would have been to purchase Windows 2000/03 Server for Active Directory support.
Furthermore, you've clearly never reverse-engineered a protocol before. Since Microsoft doesn't release specifications for Active Directory interactions, the Samba team has to pretty much capture thousands of packets as a workstation logs in, then logs out, then logs in, then logs out, etc. and stare at the data for weeks or months to figure out how to emulate the AD logon. And then they have to do this for domain discovery, resource sharing, and all the other operations that AD supports. To do this for an entire suite of functionality can take years.
Frankly, I'm surprised and pleased that they've managed to build the excellent support they have for MS' network protocols, and I think the Samba team deserves some congratulations. Thanks and keep up the good work!
One of the steps towards linux-only is getting the servers on linux. Linux servers are becoming very popular, but that doesn't mean that every place has them yet, let alone linux workstations.
Many IT departments have already replaced some (or all) windows servers with linux servers, running Samba to provide the same services to their workstations. If Samba didn't exist, they wouldn't be switching their servers to it, since it would be incompatible with their existing windows servers. Nobody is going to upgrade if it means they lose features (namely, all the features samba provides).
There is just beginning to be a move towards linux on the desktop, and there have been a few articles on /. about it recently. My personal view is that it's not quite there yet, but close. I just work at a small company, but likely within a year I will have linux on the desktops. Some companies are beginning to roll out linux workstations, but not that many. And certainly not many enterprises.
You even say it yourself:
I've already gone 100% Linux on any networks I can.
Why not all of them? Without samba, it would basically be either 100% linux networks, or 0% linux networks. At the most, linux would be limited to being a router, NAS, webserver, etc.. which isn't bad, but it's leaving a monopoly on a fairly critical service (authentication) to one platform.
Speak before you think
Vanilla LDAP != inherently better than AD. There are some crappy LDAP servers out there. Whatever you can say about openLDAP, the management and administration side of it is primitive.
I consider AD to be a viable general-purpose LDAP server for certain applications. I'm using it for a 20K user directory right now...but I wouldn't go over 250K with it, especially one that required any kind of master-hub-replica architecture to scale.
Premature optimization is the root of all evil
Yes documentation should be the expert on the topic written for somebody with a background in real engineering (your average MSCE dosent count) let the howto's and the for dummys books deal with spoon feeding cookbooks to end users if your having the authoritive person on the subject write documentation aka the programming team write the most technical documentation you should ever need without having to do redo code yourself.
I say this because there are to many porly documented applications out there. Documentation to often is looked at by the marketing department and dumbed down so nobody might get scared of it. If you have ever looked at the home service manual for a Saturn (the $500 one thats an option) that nearly would allow you to machine replacment parts thats documentation. Want something easy to read with pretty pictures get a for dummy's book aka the dumbed down book from somebody that read and understood most of the documentation.
No sir I dont like it.
Some version did.
Samba isn't about creating a new 'innovative' network file system - it's about a tool for interoperating with the widest spread legacy protocol out there. And if you have noticed, MS isn't exactly keen on adopting any of the innovative open source ones like OpenAFS or CODA etc.
There are plenty of innovative open source protcols out there, but how do you expect them to be adopted when just about everybody else (ie MS) won't use them? And in the meantime you'd deny the usefulness of Samba?
It's a chicken and egg situation, and Samba breaks that. Samba allows Unix/Linux/*BSD to interoperate with Windows networks. Then once open source stuff is installed widely, then you can start using other open standards.
Gee and this is from and AC with no proof or benchmarks. Well that settles it, Samba RC3 is officially "broken and horribly slow."
:rolleyes:
Glad this was modded up to +5 Informative so we all know to never use Samba 3.x.
If you wanna get rich, you know that payback is a bitch
Why, oh why chunk everything into one huge and fumbly command? I find "net ???" on Windows to be a pain in the arse to use and usually end up going through several 'net help blah' sessions when looking for how to do something.
Keep smbpasswd separate. You can still chunk it by prefixing smb-related commands with "smb" (hit [tab] to see the list of commands and start with smb). Not good, or what? I think it's fine.
Care to back that up?
NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.
I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.
Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.
But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
Samba makes it very easy to get a linux box on a customers network. It also allows me to undercut the hell out of competitive bids in our area. All we are competing against it a bunch of vendors in the area and all they know how to do is windows and MS products. This allows us to completely smear any and all bids we run against them. We are doing it as much as we can right now because as linux spreads it is going to get a whole lot harder to do this and still make the profits we are making.
Got Code?
In fact SAMBA makes a BETTER print server than windows, at least if you add a little glue. Cisco systems has only two print admins for thousands of printers at hundreds of sites around the world, including many in manufacturing facilities that are absolutly mission critical (no labels or packing slips means nothing goes out the door). The man behind Cisco printing added a database and distributed printing system to SAMBA and made CEPS or Cisco Enterprise Printing System. We lost our local linux print server one day but other than a little longer queue time for large docs no one noticed because a remote print server took over the queue and handled all the functions from the failed unit. For more info see the Ceps project at sourceforge.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
And just what will the offspring of this Windows/Unix replication be like? Will its NT kernel be able to handle Unix-style system calls? Or will the offspring be a penguin with Bill Gates' face?
No matter how I look at this, I just cannot see that this "replication" can be a good thing. You're going to create an abomination that will bring only misery to the world. Keep your computers on opposite sides of the room, with very short power cables, or you will doom us all.
/me goes off to look up "replication."
You want the truthiness? You can't handle the truthiness!
My friend, John Terpstra, wrote those docs. Way to go, John! Your long hours paid off with a compliment on Slashdot! Your life is redeemed! ................ kris
"I thought I could organize freedom. How Scandinavian of me."
LDAP servers are pretty much quasi-object-oriented databases (LDAP is the protocol used to talk to the server). On a Unix-like system, you could store all the user information (/etc/passwd, /etc/shadow, /etc/group, everything) in an LDAP directory. But you can really store anything in an LDAP directory, such as the complete DNS database for a server. This can be handy because LDAP has replication and such built right in, so you no longer need to worry about DNS replication. These are the two big things stored in the Active Directory in Windows (user information and DNS records).
As for Kerberos, it's a secure authentication mechanism. The whole process is kind of complicated, but here are the basics. When you log in to a Kerberos domain (this is just a normal domain login for Windows) what you are doing is requesting a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC). The TGT is returned, encrypted. If your password decrypts the TGT properly, you're logged in. Note that your password never goes over the network! Now you want to access a service on another machine in the same domain. You give your TGT to the KDC, asking it for a ticket to the specified machine. You get the ticket back, then provide it to the server. The server verifies the ticket similar to how the TGT is verified at login, and if it passes, then you've identified yourself securely. This means you don't need your password at all once you get your TGT, unless for some reason you need to get a new TGT. So Kerberos is both a secure authentication mechanism and a single sign-on mechanism.
Believe me, all this is a huge leap forward for Microsoft. Even though they keep adding proprietary bits to both LDAP and Kerberos, they are at least getting on the open standards bandwagon. And technologically, this is all far superior to the way Windows NT did things.
AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!
You shouldn't make statements like that without doing your homework.