Slashdot Mirror
Samba 3.0.0 Released
Matt writes "As posted on Samba.org the fine folks at Samba.org released their newest version of the popular free Windows File- and Print Server. Most famous additions are Active Directory integration and possibilities to form NT4 trust relationships. Release notes are online." See also their press release.
..at O'Reilly's Safari Bookshelf!
Congrats to the Samba Team!
now my linux box has to deny having a relationship the that windows server next door.
There are exploits in every product, opensource or not. It's just a matter of you taking necessary precautions like using a decent firewall and patching regularly.
...and possibilities to form NT4 trust relationships.
but is it wise to trust a NT4 server?
We've had Samba in Brazil for centuries...
;)
Amazing how the USA thinks they are ahead of everyone else...
I was recently banging my head against the wall when attempting to use a Samba share on an XP box that had worked fine on all my Win2K boxes.
Days & days of hacking the config and attempting to get it to work to no avail. Finally I find that it appears that WinXP has some security "features" added into it that break the use of samaba shares.
This frustration I felt has actually pushed me one more step towards switching all of our machines over to Linux. It may not happen tomorrow, but it will happen.
--Remove chicken to e-mail
The author missed one of the bigger points that they have working now. BDC! You can finally, if it works - I haven't tried it, have automated fail over without hacking some scripts and running a few PDCs. Very COOL!
That and it says it will work "out of the box" with Windows Server 2003. I wonder if that means they fixed the "trust" issue with Windows XP trying to auth with it for login without reg hacks....
Aside from that concern I can personally say that Samba rules. I have benchmarked it as being a faster file/print server compared to Windoze on identical hardware. A Linux box that can act as a domain controller, and now participate in cross-domain trust relationships and use AD is a helpful tool for weaning folks away from Micro$loth.
I want to talk about Prevayler -- which is due to replace Samba in 2005. Anyway, noone uses Samba.
Take it easy? I'll take it anyway I can get it . . .
as we've seen so many times this week,
:-P
opensource != secure
by any stretch of the imagination, in fact there are probably numerous untold exploits available for this software. Its just a matter of time, as with any opensource product.
Yeah, so let's use the alternative.
Windows servers.
Those are more secure I heard.
Beware: In C++, your friends can see your privates!
Does anyone know why Mac OS X (10.2) hangs when mounted Windows-share suddently disapears from the network?
Works fine for me, with Windows XP Pro and Home (and Debian of course). Don't blame the software for user errors. Linux software takes more time to learn, but it will be worth it in the end, because you will have a much more intimate knowledge of the software and how it works.
I'm not entirely sure what you're talking about. I'm running Samba at home, and my XP boxes can pick up the shares on it just fine.
You may need to add smbpasswd entries for the machines users, but other than that, it should be ok.
Version 3.0 - HA! I got Windows version 3.1 many many many years ago! loosers...
opensource != secure
Thanks Egan, good safety tip.
by any stretch of the imagination, in fact there are probably numerous untold exploits available for this software. Its just a matter of time, as with any opensource product.
And let`s also remember that _because_ it is open source, we now have thousands of developers who can view the code, find potential exploits, and then propose patches, QUICKLY and WITHOUT BIAS. Unfortunately, for patches to the same styled exploits that would exist in a closed source networking protocol, we would need to depend on a small team of developers under a common management structure (one pointy haired boss = single point of failure).
Open Source != secure
Open Source == better method toward security
davejenkins.com |
I do not want to express my negative feelings for the XP OS, for I feel I may ramble much too long. However if a situation presents it self that pushes you away from XP towards Linux then that "feature" is a cloaked blessing!
"...covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0"
I'd rather wait a bit.
why the hell do you have XP anywhere?
XP does nothing that windows 2000 does.
That's one of the issues. Some boxes didn't have the problem, some boxes did.
I went so far as to fdisk the XP box, reformat and do a complete reinstall just to have the same problem after I reinstalled. All of that while other boxes _just_worked_. BTW, in my setup the Samba box was acting as the PDC for the Wintel boxes.
Oh, and we're talking XP Pro not Home.
--Remove chicken to e-mail
by any stretch of the imagination, in fact there are probably numerous untold exploits available for this software. Its just a matter of time, as with any opensource product.
I can tell you that here in corperate, a linux box can be put on the network without question. a windows box requires certification by the NOC as all windows version are deemed unsafe by the NOC.
so windows = unsafe and they are 20 times the exploits in windows than the worst version of sendmail and bind put together..
Only on Slashdot would that be moderated as "Interesting"! :-)
Have you considered that it is far more likely that the problem is with Samba than XP.
If MS were going to make XP not work with Samba, they would have made ALL XP not work, rather than just a few XP installs and at random.
Not everything is a conspiricy you know...
You mean like the OpenSSH bug that was around longer than Win32 operating systems have existed being found and patched quickly?
I quite happy with this new release, what I like the most about it is the new Active Directory support, I have been waiting for it since I started to use it in my homenetwork. Another impressive feature is UNICODE support (isn't mentioned in the post), one of my family members needed it badly to deal with non-latin charsets.
And the new "get" command which is similar to windows "net" is useful too.
Keep up the great work SAMBA team!
The IT section color scheme sucks.
Samba 2.2.x + XP + SP1 requires some tweaking to do domain logons for XP clients.
:)
Basic file sharing is fine, but if you're using Samba as a domain controller, you need to set a SignOrSeal reg value off to allow domain logons and also unset a "check profile ownership acls" setting which was introduced by SP1.
-- Someone who uses Samba 2.2.x as domain controller for several hundred XP boxes
I'd say no - the RPC vulnerabilities you mention are buffer overrun errors, which lie with the (somewhat braindamaged) implementation of the protocol. As long as there are no flaws discovered in the actual protocols, you won't see the same exploits unless the source code is copied directly between implementations.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Sounds to me like signorseal. You want to edit the following entry:
v ic es\Netlogon\Parameters\requiresignorseal and set it to 0. Reboot and your XP machines will now be able to logon to your samba domain.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser
That's only because there wasn't a "Very Intersting" selection...
Hahahaha.
Nobody said it was a conspiracy. It's not like I was stumbling around in the dark here. I read the docs for Samba, I read the man pages of Samba, I googled for the problem.
It appears to be some DNS-like issue that XP _sometimes_ does, and samba 2.8 didn't support. My bet is that 3.0 probably takes care of this issue, or at least addresses it in the readme or docs.
--Remove chicken to e-mail
The change log mentions creating trust relationships with NT4 machines, can I create trust relationships between two samba machines. I would assume so but I'm for a definite yes.
Didn't quite a few of the Microsoft hotfixes credit the Samba team for finding the weaknesses and bringing it to Microsoft's attention?
There is truth in that open source does not neccessarily mean secure.
.. so the obscurity breaks with time.
But with open source it is openly reviewed for such nasty exploits. Can one imagine how bad it would get if Microsoft source were released!
Microsoft is anti-open source as they still believe in security by obscurity and FUD. People find their vulnerabilities through normal coding
They will find new vulnerabilities in Windows for many years to come. Those who use Microsoft products aught to just get used to it.
If you Google "Microsoft SAMBA oplock" you'll see a lot of hits, some of which went away when oplocks were turned off in Samba.
Holy shit. A piece of software that's older than another!
Whodathunkit?
Let's count up security holes found in both:
OpenSSH: Not a billion
Windows: A billion
Yeah, great lil' comparison you got going there, bro. Asshat.
I've experienced numerous random lockups using samba v3. The mount point would just hang requiring a samba restart.
After searching for a while, I found that there's a bug in Redhat 9's new thread library which samba somehow triggers. There's a workaround on the net, look for it and avoid hassling the samba team - they're not at fault here!
We did this. It's the reg entry that's in the docs. Every machine that we attempted to connect has it. Thanks for trying though. Originally I found that information here:
The Samba unofficial HOWTO - 5.3. Joining your Samba Domain
--Remove chicken to e-mail
For those bots who have blocked it out from their memory, Samba is the Open-Source product that had a root level exploit in its code that went undetected(?) for eight years.
Open-Source secure...lol.
We've been waiting for this release as the version to start replacing Windows servers with. We'd like to build the farm clustered, however. From our research, it looks like clustering Samba can only be done with Mission Critical Linux' products. Anyone seen anything else out there that can also do the job?
"It remains to be seen if the human brain is powerful enough to solve the problems it has created." Dr. Richard Wallace
Now that's something I haven't seen before.
"unset a 'check profile ownership acls'"
I'll have to look into that.
Thanks!
--Remove chicken to e-mail
I imagine the flamebait was for:
/.'s have been attempting to help me solve the problem instead of modding me out of existence. :(
"This frustration I felt has actually pushed me one more step towards switching all of our machines over to Linux. It may not happen tomorrow, but it will happen"
It's not flamebait people, it's actualy how I feel. Other nice
--Remove chicken to e-mail
It's accessable from the MMC on each client machine, or alternatively if you have a recent enough samba, there's a "profile acls = yes" option you can set in the smb.conf
Linux/FreeBSD
Apache
Gcc
PostgreSQL
Samba
In that order. Thank you.
Merlin
(kind of a newbie question, but other people might want to know)
e s/RedHat/RPMS/i386/) Can I use these on my RH 7.1 system?
I'm running Red Hat 7.1 on my file server. The only binaries I can find at the site even close to that say they are for RH 7.3.(http://us3.samba.org/samba/ftp/Binary_Packag
"For a successful technology, honesty must take precedence over public relations for nature cannot be fooled." -Feynman
The promise of single sign-on for the various servers I have around here seems great :) While I know how to get Windows clients to authenticate against a Samba server, and also how to get *nix boxes to connect to a Samba server, is there a way to replace the traditional *nix login/authentication methods and replace it with Samba? Our domain is predominantly NT/2k, with a small scattering of Linux and FreeBSD boxes. Would be great if users could change their NT password and still be able to log in to our *nix boxes for e-mail and such.
5) A new "net" command has been added. It is somewhat similar to the "net" command in windows. Eventually we plan to replace numerous other utilities (such as smbpasswd) with subcommands in "net".
Now making it more useful for windows users might be a good idea, but is'nt replacing the older commands with windows style commands a bad idea? the "net" command does not take a standard "-" or "--" for parameters, also we now have to worry about our "/"s and "\"es. With everything in the GUI already looking like windows , why do we want our CLI to be spoiled too? Are we more worried about existing linux users or the people who probably might migrate from windows?
.ACMD setaloiv siht gnidaeR
Very true.
The advantage of opensource is that you can examine the internals yourself, and fix it yourself.
The more sophisticated the user, the more valuable opensource is. If you're a low level admin who can't do anything more than apply pre-canned patches, opensource may be cheaper but it isn't defacto better. If you can participate in the patch process by either writing your own patches or applying patches from the developers directly or from other users, rather than waiting for a vendor, you can be way ahead of the game.
Can anyone tell me if 3.0 includes an easier way to get computers in more than one workgroup to connect? I know you can do it with by running an extra instance of samba but it's awkward. Any better ideas?
I've got a bunch of laptops that have to connect to different workgroups but I'd like to have them all connect to my samba server. But they have different workgroups and that cannot easily be changed. Samba doesn't deal well with this out of the box, though it works pretty well under Windows proper.
I'm not an admin but I still need samba in order to get work done at the office... I have been using it to send people files from my laptop, and just yesterday I figured out how to get printing to work with samba+cups+foomatic+hpijs(finally). Thanks to the samba team I can have the only linux box (my laptop) in the office (or quite possibly entire company) and still get things done, without having to reboot or use the slow computer that's under my desk...
I just compiled and installed samba-3.0.0 over the existing install and everything still works great too...
Chaos is Divine *
I think I need to look into using this, but I need to learn more.
I had a lot of trouble getting xp to read a public samba share with no password - 2k worked fine, but for xp I needed to do (in the command prompt):
/USER:
net use t: \\linux-box\samba-share *
(and just press enter for the password)
This maps it to drive t:
I call bullshit here. I regularly set up Linux Samba servers (file and print) that work fine with Win98, NT, 2K and XP machines. Both standalone and as domain members. I've used both the normal smb password file and LDAP passwords for authentication, and it all works faultlessly.
In fact I'm sitting at an XP machine right now that's mounting from 3 different Samba servers...
Code, Hardware, stuff like that.
You could do this with 2.2.8a if your AD server allowed anonymous authentication. If not, you need 3.0.0.
See how we do it on Mandrake (since 9.0).
I run a Mandrake 8.2 box in production as a mail server in an AD domain, all authentication is via winbind.
Unless you are talking about domains, no, there is no reason you should be having any trouble to connect (besides the usual windows browsing problems, but you should use WINS to prevent that).
I'm not a windows admin so I may have got the wrong end of the stick here , but I can't see
too many people getting excited over support for NT4 trust relationships just as MS is phasing NT4 out. Isn't this a classic example of
too little too late since anyone who wanted NT with this functionality would have long ago gone the all MS route and is unlikely to suddenly
want to zap their legacy NT4 servers and replace them with *nix and samba. Are they?
One thing that does change with Samba 3 is the way that you need to configure Squid to use NTLM authentication...
If you upgrade and try using the old authenticators built with squid, you'll be stuck. Samba 3 comes with it's own helper utility (ntlm_auth) to work with other applications such as Squid.
I have written a Samba 3 / Squid Walkthrough that takes users step by step through getting this going.
Find out about it here:
http://itmanagers.net/article-4--0-0.html
That's nice, you still don't know what you're talking about though.
...to put a Samba server exposed to the internet?
Seriously, I'd like to know if people do it and if it is secure.
It would be nice if there wasn't a "KDE VFS" and a "Gnome VFS" on top of the kernel VFS... it'd be nicer if there was, perhaps, a LibC VFS, or kernel-mountable userspace filesystems.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Does this work for XP Home Edition as well as Professional Edition?
I seriously doubt that OpenSSH is 10 years old.
SCO will be happy to have a new item included in Unixware to crow about.
It is time they ate their crow.
I am the unwilling control for my Origin.
Just like in the movies: secure and securerer
nope, SignOrSeal is supported now!
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
Have you noticed? The Mods are on crack again.
Jaysyn
There is a war going on for your mind.
This is a well-documented problem with XP and 2000 when service pack 4 is installed. Besides setting the registry entry "RequireSignOrSeal" to "0," you must run the "mmc" program, add a "Group Policy" Snap-in, then in there find and option that says something about ignore permissions on roaming profile. Set that to "enabled." I'm not yet at work, but when I get there, I'll get the exact key name and post it here. A quick search of google reveals it's not terribly obvious, although I found this before.
And hey, who can't love the fisher-price dialog system. You have no need to go in and change a setting that you know where it goes. There is a ritual now by which you painstaking step through a set of droolproof dialogs, enter the setting you wanted 4 steps in, and then have step 7 negate them.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
There is an easy fix to this for XP:
Settings -> Control Panel -> Admin Tools -> Local Security Policy
Look under Local Policies, then Security Options.
Look for "Domain Member: Digitally encrypt or sign secured channel (always)" and set it to DISABLED.
That should solve some of your problems.
XP only wants to trust other Windows machines when working in a domain environment.
Upon trying to build my own RPMs (mainly as a learning exercise), I get this:
/bin/sh -e /var/tmp/rpm-tmp.44093 /usr/src/redhat/BUILD /usr/src/redhat/BUILD /bin/mkdir -p smbldap-tools-0.8 /usr/bin/id -u /bin/chown -Rhf root . /usr/bin/id -u /bin/chgrp -Rhf root . /bin/chmod -Rf a+rX,g-w,o-w . /bin/sh -e /var/tmp/rpm-tmp.65514 /usr/src/redhat/BUILD /root/mkntpwd.tar.gz /root/mkntpwd.tar.gz: Cannot open: No such file or directory /var/tmp/rpm-tmp.65514 (%build)
[root@dhogan root]# rpmbuild -ta samba-latest.tar.gz
Executing(%prep):
+ umask 022
+ cd
+ LANG=C
+ export LANG
+ cd
+ rm -rf smbldap-tools-0.8
+
+ cd smbldap-tools-0.8
++
+ '[' 0 = 0 ']'
+
++
+ '[' 0 = 0 ']'
+
+
+ exit 0
Executing(%build):
+ umask 022
+ cd
+ cd smbldap-tools-0.8
+ LANG=C
+ export LANG
+ tar zxvf
tar (child):
tar (child): Error is not recoverable: exiting now tar: Child returned status 2
tar: Error exit delayed from previous errors
error: Bad exit status from
What is this mkntpwd.tar.gz and why is it missing?
NOTE: This is on a RedHat 9 system.
The real key is that where there is money involved (ie. a company stands to lose money on good bug hunting and peer review) security is always going to come second to last. With Microsoft, here's the hierarchy:
1. Profit!
2. PR/Spin
3. ???
4. Satisfy customers just enough to keep them
5. Everything else (ie. security, stability, etc...)
Since a lot of OSS projects aren't made in the name of profit, the hierarchy is more like this:
1. Write something useful/cool
2. Share it with everyone and get peer review
3. Patch holes and bugs
4. Wind up with excellent quality software (Emacs, GNU, etc..)
5. Rinse and repeat
With either approach, you have to keep in mind that the cycles are unending because the bars are always being raised. But, which bar is payed more attention varies based on the end goal. For proprietary/non-free software, the only goal is to write software to make money. For free software, the primary goal is to write good software for the sake of writing good software. This approach angers the capitalists because it potentially threatens their system. And in the long run, Emacs is still going to be around long after MS Notepad is gone. Just like classical music has more lasting value than Eminem or Kidd Rock. Someday 25 years from now you can ask a 10 year old who Kidd Rock is, and they'll say, "Who"? But if you ask the same 10 year old who Beethoven is, they'll probably have heard of him.
Un-news
What I think
Sorry guys, couldn't resist. Posts like the one I'm replying to drive me insane.
XP Home does not allow logon to domains, so there's no problem to fix.
thats not what he was talking about ya' big gorilla.
The original poster made the ridiculios claim that in open source projects bugs are fixed quickly and efficiently by an army of programmers. The response about the OpenSSH bug was pointing out that not all bugs are fixed quickly. He wasn't making a comparison about the relative security of either product.
...You bandwith whores, I only get 2 KB/s on my norwegian mirror - you`r NOT living in Norway, are you ? Goddamn outlanders :)
-Wants it, me wants it so bad.
Doolittle :
Bomb no.20 : To explode of course.
...he did not have sexual relations with that woman.
:-)
It was the cigar that had the sex!! Bwuh huh huh
What I want to know is did Bill smoke the cigar afterwards?
Of course you're worried about migrating users. If Samba gets easier to use, you'll find people migrating from the biggest user base on the planet - Windows.
And worry about alienating Linux users? Please, where are you going to go to get something better? On a Mac? I know you're not going to stop using Linux (maybe Samba, but who cares, I guess) and go to Windows because your system is operating more and more like Windows.
Unless you're losing functionality, cheer the changes. As more users (like me) migrate to open source, your exclusive club will get better and better. I'll tell you one thing - if Samba gets easier to figure out, I'll certainly start using it to get my systems connected to a single file server.
All of your contributions have given some good leads. I'm out digging into them now.
"It remains to be seen if the human brain is powerful enough to solve the problems it has created." Dr. Richard Wallace
What happens is that if you fail to listen to your Primary Domain Controller, the Bondage and Discipline Cop steps in to beat and humiliate you until you submit creditentials to the proper authorities. Usually, this happens when you're standing in front of many people and attempting to get at Powerpoint slides you left on your client machine.
I forget what 8 was for.
Wow. I wish I had mod points. Bravo.
Then, Gnome Vs. KDE
Now its MySQL Vs. Postgres
At least we are evolving from text editors and eye-candy to relational databases.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Off-topic, but... You post because you can't resist the Pavlovian response that most Slashdotters seem to be slave to. Of course, what fun would Slashdot be if we didn't all have trigger fingers from time to time? :)
Un-news
How's support for LDAP in 3?
Last time I touched samba, there were issues joining machines to a domain where I had to manually add LDAP entries for machines, then join them.. Kinda tedious..
Also, passwd sync was hell, I ended up writing a password change web CGI that fed values into ldapmodify and smbpasswd to keep passwds in sync, since samba used LM and NT passwd fields within the samba ldap schema. Has this been addressed? It made using standard LDAP GUI utils rather painful..
One of the stumbling blocks I've run into in the past (I am no Samba guru) is dealing with the occasionally complex, nested groupings, permisions, and far more detailed ACLs than the ext2-3 filesystems provide. I know that there are some filesystems (and what? overlays?) that can be applied to ext3 which allow more than OWNER-GROUP-WORLD permissions.
How does this improved AD integration tie in with the various exended-ACL solutions?
I would LOVE to yank most or all of our windows fileservers and replace them with Linux boxes. The increased security and protection from viruses, etc. would be great. But with thousands of users in hundreds of departments in our domain(s) needing to access some of the same resources with different permissions - I've not found a satisfactory Linux solution.
Obviously, I'm missing something. But it would be great to have an out-of-the-box solution that takes the best of NTFS (for what it's worth) and the best of journaled Linux FSs to provide a truly stable, yet flexible fileserver.
Any /.'ers have a solution that's worked for them which you'd be willing to share?
"terrorism" and "pedophilia" are the root passwords to the Constitution
It's accessable from the MMC on each client machine
Cool, I actually have to visit each and everyone of my clients, personally?
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
portalfs
Our home network ran a samba-2.2.8a+LDAP domain controller (for me to test), but some of the machines are in their own workgroup, and can access the samba server (which is in another workgroup) with no problems.
...
On our business network (running samba-2.2.8a on LDAP etc), we often have consultants bring their own machines, some of which are joined to their own Windows domains, and they have no problems accessing our samba boxes.
Of course, it would help if you gave more detail, but it would be more appropriate for the samba list.
But, I don't think the problems you were seeing are common.
BTW, we have been running samba as a production DC since 2.0.7
Well given that you have to visit them to join a machine to a domain in the first place, I don't see how this is a problem?
Last time I touched samba, there were issues joining machines to a domain where I had to manually add LDAP entries for machines, then join them.. Kinda tedious..
...
<plug>
Implementing a Samba LDAP PDC Setup
and
Implementing Disconnected Authentication and PDC/BDC Relationships Using Samba and OpenLDAP
</plug>
Those two documents cover a setup which will give you a PDC-BDC setup where any member of the right group (adm by default) will be able join machines to the domain without having to pre-make machine accounts.
Also, passwd sync was hell, I ended up writing a password change web CGI that fed values into ldapmodify and smbpasswd to keep passwds in sync, since samba used LM and NT passwd fields within the samba ldap schema.
This can be addressed by using 'pam password change' and ensuring your pam_ldap setup is correct.
The biggest issue that samba-3.0.0 addresses (IMHO) is password expiry, which could be hacked onto 2.2.8a, but not easily
Hmm same here - one XP box quite happily connecting to Samba shares on my 2 Linux servers.
Not any more. We implemented sign&seal for Samba 3.0.
If it doesn't work when you remove this please log
a bug at bugzilla.samba.org.
Thanks,
Jeremy Allison,
Samba Team.
It's probably the Web sharing service. Turn off the client :-).
side on the XP box. It tries to contact a port on the Samba
server that isn't open and times out. Sorry, I can't remember
the exact instructions to turn this off (I only use Windows
under VMware to test Samba
Jeremy Allison,
Samba Team.
Your machine may have -appeared- on the network, but it wasn't part of the domain, unless the admin password was blank. You simply -cannot- join the domain without domain admin rights. Period.
Please help metamoderate.
a hell of a lot more. Please site examples other than the obvious software limitations of 2K. I have twice as many problems with XP than I have with 2K, and yes my XP is patched like an old quilt. Although, I do appreciate the "Send Error Report" dialog that rears it's ugly head every few hours or so.
So should I just remove these entries completely, or change them to certain values? What are the correct values?
I'm talkin' XP Pro, not Home.
--Remove chicken to e-mail
Oh, XFS is also journaled.
To anyone who has tried XFS/Samba on a large scale, would you care to comment?
well, that's super, but I have XP Home and he was replying to my question.
"Its just a matter of time, as with any opensource product."
It's just a matter of time, as with any product, regardless of whether it is open or closed. Windows is closed source, but we see exploits for it every single day, now don't we? qmail is open source, but to this day not a single remote hole has been found, even with the author offering a substantial chunk of change for anyone who finds one.
Everyone is entitled to their own opinion. It's just that yours is stupid.
What about using Active Directory's dynamic DNS features for member servers? 3.0alpha didn't assign a fully qualified domain name to the member server after a "net join." Any fix here?
Winbind is the logon utility (pam/nss modules) that provides the broadest interoperability and now can use Kerberos/LDAP if in an ActiveDirectory like environment or use DCE/RPC if in a Samba 2.2 or Windows NT environment. It also has a flexible backend with function pointers that can be mapped with little code to other authentication and user/group models. Its dual daemon and caching support are much better than the alternatives.
Winbind is less known than it should be, probably because it is included in the Samba tree, and not immediately obvious to some is that is useful on clients whether or not Samba is present.
Even better! I get to spend a few hours downloading things AND configuration on ach machine, just to make basic Networking Things (tm) up-to-date and possible. This is so cool!
I love being an NT admin...
I love being an NT admin...
I love being an NT admin...
I love being an NT admin...
I love being an NT admin...
I love being an NT admin...
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Winbind already does use LDAP, if available, and is faster and more tolerant of different LDAP schema.
Is this problem in Win98 fixed?
:-)
The problem is that you get this error:
"You can not view the list of users. Try again later" on Win98 clients.
If it is solved, it will be really great.
Congrats for the 3.0 to the Samba Team!
Get my e-mail after a captcha test in: http://tinymailt
Someone please explain why my post was moderated as redundant. I looked at all previous posts and did not see a single overlord comment. If the joke isn't funny then it should be rated offtopic, or overated, but not redundant. Unless, maybe the moderators were saying that the joke was getting redundant. I think moderators should provide an explanation for their decisions. That way posters would learn what makes a good post good and a bad post bad.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Lol, sorry, I surf at +2 & didn't see you.
--Remove chicken to e-mail
I'm looking at your page and I can't find the actual walkthrough.
Is the user interface that bad or am I blind?
If MS were going to make XP not work with Samba, they would have made ALL XP not work, rather than just a few XP installs and at random.
But if it was a conspiracy, and MS really was secretly, intentionally breaking compatibility with Samba, then they'd want to do it on just a few random installs.
That way they deflect attention from themselves, making everyone assume (as you did) that the problem is in Samba, not XP. And when the Samba team goes to try reproducing the user's bug report, chances are it works fine.
Whereas if it were broken all the time, they'd be more quickly able to reverse engineer whatever's needed to achieve compatibility again.
Would someone mind explaining to me why the parent post is offtopic? He is talking about Samba 3.0.0.
If you really WERE an admin and not just some disgruntled linux user, you would possibly know about ways to automate software rollouts and patches such as this one. Guess you don't though.
No, it's probably just a whole lot easier to set the "profile acls = yes" option in the smb.conf ;p
So, anyone here developed a intranet hosted on a Linux server w/ Apache that authenticates to an NT domain? I've googled and read a lot about winbind, pam_auth modules, etc. but, not being a domain administrator, have not yet truly understood. Pointers?
My request for an explanation gets modded funny? I just don't understand it. I think I'm turning into Charlie Brown.
wha wa whawha wa wha wawawaw wha wha wha.
You say charlie brown was funnier than me?
wa wha wha whana wha wawa wa.
Arrrghh!. And better looking? Unbelievable. I just don't understand! I just don't Understand.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Because he's asking a question that's better suited to a Samba mailing list than a general discussion board such as slashdot, and he's boring the snot out of people.
Without proper documentation, the idea of inspecting and fixing an open source project is only wishful thinking. Reading thousands of pages of code (written by someone else) is fun but it takes far to much time to consider this option seriously. It's like searching for a specific information in a reference book without an index. Now I'd like to know... How many times have you seen a simple design specification for an open source project?
So here's the problem : because there's no documentation, a "regular" user (like a network administrator) cannot look at the internals of a program as it would take to much time but, on the other hand, a good cracker who target a specific program can scrutinize a project to find a flaw somewhere. Do the math.
If there is a fundamental architectural problem with the code then, yeah, it will be a cold day in hell before a network/system admin can do anything about it.
For the medium scale bugs, the admin has the ability to take any "early" patch from an untrusted source, inspect the patch, and apply it instead of waiting for his vendor to produce an approved patch. With closed software, he might find an "early" patch, but will have no way of seeing whether it contains a trojan. His only option is to wait until his vendor provides him a patch, assuming the vendor is interested.
Why the fuck is Ninnle offtopic?
It couldn't be more ON topic!