Slashdot Mirror
Samba 3.0.0 Released
Matt writes "As posted on Samba.org the fine folks at Samba.org released their newest version of the popular free Windows File- and Print Server. Most famous additions are Active Directory integration and possibilities to form NT4 trust relationships. Release notes are online." See also their press release.
..at O'Reilly's Safari Bookshelf!
Congrats to the Samba Team!
Works fine for me, with Windows XP Pro and Home (and Debian of course). Don't blame the software for user errors. Linux software takes more time to learn, but it will be worth it in the end, because you will have a much more intimate knowledge of the software and how it works.
I'm not entirely sure what you're talking about. I'm running Samba at home, and my XP boxes can pick up the shares on it just fine.
You may need to add smbpasswd entries for the machines users, but other than that, it should be ok.
The BDC functionality has been in Samba for awhile now. I recall working with a beta test of that back before the Y2K. There's a decent amount of tweaking and fine-tuning to be done to get it to work, but once it works it usually works well. Companies who still think they have to run Windoze on the client end due to the application suite folks are supposedly so used to can still migrate the server end to Linux, potentially without anyone noticing any difference.
File Locking. You can tune Samba to fix this.
"...covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0"
I'd rather wait a bit.
They're really very professional, and a pleasure to work with.
--dave (the Using Samba 3rd author) c-b
davecb@spamcop.net
I quite happy with this new release, what I like the most about it is the new Active Directory support, I have been waiting for it since I started to use it in my homenetwork. Another impressive feature is UNICODE support (isn't mentioned in the post), one of my family members needed it badly to deal with non-latin charsets.
And the new "get" command which is similar to windows "net" is useful too.
Keep up the great work SAMBA team!
The IT section color scheme sucks.
Samba 2.2.x + XP + SP1 requires some tweaking to do domain logons for XP clients.
:)
Basic file sharing is fine, but if you're using Samba as a domain controller, you need to set a SignOrSeal reg value off to allow domain logons and also unset a "check profile ownership acls" setting which was introduced by SP1.
-- Someone who uses Samba 2.2.x as domain controller for several hundred XP boxes
Sounds to me like signorseal. You want to edit the following entry:
v ic es\Netlogon\Parameters\requiresignorseal and set it to 0. Reboot and your XP machines will now be able to logon to your samba domain.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser
If you Google "Microsoft SAMBA oplock" you'll see a lot of hits, some of which went away when oplocks were turned off in Samba.
I've experienced numerous random lockups using samba v3. The mount point would just hang requiring a samba restart.
After searching for a while, I found that there's a bug in Redhat 9's new thread library which samba somehow triggers. There's a workaround on the net, look for it and avoid hassling the samba team - they're not at fault here!
It's accessable from the MMC on each client machine, or alternatively if you have a recent enough samba, there's a "profile acls = yes" option you can set in the smb.conf
It's a fair enough question.. one that someone asked Tridge at LCA2003.
;)
Basically no.
Buffer overflows in RPC are due to server programming, and since both are entirely different server codebases, they don't share vulnerabilities. But the Samba team have found many of these RPC bugs with windows
You could do this with 2.2.8a if your AD server allowed anonymous authentication. If not, you need 3.0.0.
See how we do it on Mandrake (since 9.0).
I run a Mandrake 8.2 box in production as a mail server in an AD domain, all authentication is via winbind.
Yes, use pam and the winbind. I can ssh to my samba box and authenticate against Active Directory. There are how tos out there, here are a few links I used. http://www.netadmintools.com/part172.html http://www.flatmtn.com/computer/Linux-Samba3.html http://us1.samba.org/samba/docs/man/winbind.html
One thing that does change with Samba 3 is the way that you need to configure Squid to use NTLM authentication...
If you upgrade and try using the old authenticators built with squid, you'll be stuck. Samba 3 comes with it's own helper utility (ntlm_auth) to work with other applications such as Squid.
I have written a Samba 3 / Squid Walkthrough that takes users step by step through getting this going.
Find out about it here:
http://itmanagers.net/article-4--0-0.html
Why dont you configure samba as PDC and use LDAP for all the authentication purpose?. I found it a robust solution. The beuty is that you can use it as a back end for any services/servers which requires authentication and can act as a truly single source of authentication. All the requirements you mentioned is possible with this.
http://www.nasirudheen.blogspot/
nope, SignOrSeal is supported now!
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
This is a well-documented problem with XP and 2000 when service pack 4 is installed. Besides setting the registry entry "RequireSignOrSeal" to "0," you must run the "mmc" program, add a "Group Policy" Snap-in, then in there find and option that says something about ignore permissions on roaming profile. Set that to "enabled." I'm not yet at work, but when I get there, I'll get the exact key name and post it here. A quick search of google reveals it's not terribly obvious, although I found this before.
There is an easy fix to this for XP:
Settings -> Control Panel -> Admin Tools -> Local Security Policy
Look under Local Policies, then Security Options.
Look for "Domain Member: Digitally encrypt or sign secured channel (always)" and set it to DISABLED.
That should solve some of your problems.
XP only wants to trust other Windows machines when working in a domain environment.
The real key is that where there is money involved (ie. a company stands to lose money on good bug hunting and peer review) security is always going to come second to last. With Microsoft, here's the hierarchy:
1. Profit!
2. PR/Spin
3. ???
4. Satisfy customers just enough to keep them
5. Everything else (ie. security, stability, etc...)
Since a lot of OSS projects aren't made in the name of profit, the hierarchy is more like this:
1. Write something useful/cool
2. Share it with everyone and get peer review
3. Patch holes and bugs
4. Wind up with excellent quality software (Emacs, GNU, etc..)
5. Rinse and repeat
With either approach, you have to keep in mind that the cycles are unending because the bars are always being raised. But, which bar is payed more attention varies based on the end goal. For proprietary/non-free software, the only goal is to write software to make money. For free software, the primary goal is to write good software for the sake of writing good software. This approach angers the capitalists because it potentially threatens their system. And in the long run, Emacs is still going to be around long after MS Notepad is gone. Just like classical music has more lasting value than Eminem or Kidd Rock. Someday 25 years from now you can ask a 10 year old who Kidd Rock is, and they'll say, "Who"? But if you ask the same 10 year old who Beethoven is, they'll probably have heard of him.
Un-news
XP Home does not allow logon to domains, so there's no problem to fix.
Actually, I think the most important feature is this:
10) Support for migrating from a Windows NT 4.0 domain to a Samba domain and maintaining user, group and domain SIDs.
Why? NT Server is coming to the end of support period (Dec 2003). There are still LOTS of NT4 server out there. Last time I checked, you had to recreate ALL of the groups and users whenever you migrated them from NT4 to any other PDC (there is a little support for automating this activity, but it just saves you from retyping the users and groups names).
My other OS is the MCP!
Not any more. We implemented sign&seal for Samba 3.0.
If it doesn't work when you remove this please log
a bug at bugzilla.samba.org.
Thanks,
Jeremy Allison,
Samba Team.
It's probably the Web sharing service. Turn off the client :-).
side on the XP box. It tries to contact a port on the Samba
server that isn't open and times out. Sorry, I can't remember
the exact instructions to turn this off (I only use Windows
under VMware to test Samba
Jeremy Allison,
Samba Team.
I wouldn't do it. And I write lots of the Samba code :-).
The protocol is just too complex to be sure any implementation
is safe.
Hopefully that should tell you something. It should also
tell you why we don't want it in the Linux kernel. Microsoft
put it in their kernel - I think that's a mistake.
Jeremy Allison,
Samba Team.
Yes it works.
Jeremy Allison,
Samba Team.
ACLs aren't just limited to XFS. ext2/3 has had ACLs for years, with support being rolled into the kernel proper with 2.6.
Marxism is the opiate of dumbasses
It is relatively easy to migrate from NT4 to an AD domaing using ADMT.