Slashdot Mirror
Samba 3.0.0RC1 Released
dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
← Back to Stories (view on slashdot.org)
Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
Way to Go Samba!
Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.
Shit.
...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.
Great job, Samba team!
I've been checking out a win2003 AD install for a client lately. A fairly fast workstation(2.4ghz) The creating of SID's thingy is soooo slow. My feeling is that the whole Active Directory is not mature yet.
my social life is pretty much in
I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.
I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.
Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.
Also, that build is compiled with GCC-3.3 if anyone's interested in that.
From the 3.0 FAQ
The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
Since some versions of Windows acting as an SMB server actually limit the number of allowed connections (that's Microsoft's Licensing for you), a Windows port of Samba actually wouldn't be that crazy of an idea for certain configurations.
Now, I would just love to see this in smbfs.
Doesn't the creation of Linux tools for interfacing with Windows just further validate a needlessly Microsoftian System?
You don't have to install it Richard. For those of us with jobs to do however, this is a big step forward.
NFS is fine and all, but its limited to really unixy networking.
That said Active directory actively puzzles me (as does LDAP). I guess its back to the books again. I guess my windoze knowledge never did advance much beyond NT4.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
I think you're trolling, but I'll answer anyway. First of all, Active Directory is a Microsoft-specific directory services protocol, it's not an open specification that the Samba folks can go and download and implement. If it weren't for the Samba people, your only option would have been to purchase Windows 2000/03 Server for Active Directory support.
Furthermore, you've clearly never reverse-engineered a protocol before. Since Microsoft doesn't release specifications for Active Directory interactions, the Samba team has to pretty much capture thousands of packets as a workstation logs in, then logs out, then logs in, then logs out, etc. and stare at the data for weeks or months to figure out how to emulate the AD logon. And then they have to do this for domain discovery, resource sharing, and all the other operations that AD supports. To do this for an entire suite of functionality can take years.
Frankly, I'm surprised and pleased that they've managed to build the excellent support they have for MS' network protocols, and I think the Samba team deserves some congratulations. Thanks and keep up the good work!
pGina does essentially what you describe. It replace GINA and allows MS boxes to authenticate directly against an LDAPv3 server. But people who understand this stuff much better than myself tell me that this is not really a great solution. GINA is a fairly superficial authentication component, and replacing it doesn't make some of the more subtle bits fit together. Modifying the LSA (Local Security Authority) would be necessary to do the job properly. But, not surprisingly, documentation for it is not forthcoming.
Gee and this is from and AC with no proof or benchmarks. Well that settles it, Samba RC3 is officially "broken and horribly slow."
:rolleyes:
Glad this was modded up to +5 Informative so we all know to never use Samba 3.x.
If you wanna get rich, you know that payback is a bitch
Actually it's funny but the guys on the SAMBA team know more about the SMB protocol than anyone currently working for MS. I remember reading a tech conference note from one of the team members back before 2.0 went final and he had talked to one of the senior design guys from MS and the guy couldn't answer some questions about the reasoning behind the design of certain parts of SMB, he had simply inherited the codebase and designed extensions to it to do the new things for windows 2000, he knew very little about the history or design behind the overall protocol framework. Don't attribute to mallice what can be more easily explained by ignorance =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Care to back that up?
NFS protocol has built in encryption/authentication using GSS-API since version 3. That was quite a few years ago. NFS version 4 is out.
I maintained a lab running on an encrypted NFS FS about 3 years ago, on Solaris 7.
Linux didn't have support for encrypted NFS because the kernel hackers couldn't get encryption into the kernel at the time. Now that 2.6 has kernel encryption services Linux will support the full NFSv4 spec. Or at least support the security features.
But you can't blame the engineers that developed NFS, they've had encryption/authentication built into the protocol for years now.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
In the spirit of GNU/Linux, I think GINA should be prefixed with the initials of the state where the lead developer originated... Virginia.
(For non-US, that would be VA)
http://pcblues.com - Digits and Wood
My friend, John Terpstra, wrote those docs. Way to go, John! Your long hours paid off with a compliment on Slashdot! Your life is redeemed! ................ kris
"I thought I could organize freedom. How Scandinavian of me."