Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba 3.0.0 Released

Posted by ryuzaki0 on from the dancing-the-night-away dept.

Matt writes "As posted on Samba.org the fine folks at Samba.org released their newest version of the popular free Windows File- and Print Server. Most famous additions are Active Directory integration and possibilities to form NT4 trust relationships. Release notes are online." See also their press release.

19 of 252 comments (clear)

  1. Does this ver. solve the WinXP security "features" by HiroProtagonist · · Score: 5, Interesting

    I was recently banging my head against the wall when attempting to use a Samba share on an XP box that had worked fine on all my Win2K boxes.

    Days & days of hacking the config and attempting to get it to work to no avail. Finally I find that it appears that WinXP has some security "features" added into it that break the use of samaba shares.

    This frustration I felt has actually pushed me one more step towards switching all of our machines over to Linux. It may not happen tomorrow, but it will happen.

    --
    --Remove chicken to e-mail
  2. Best new features by linuxkrn · · Score: 5, Interesting

    The author missed one of the bigger points that they have working now. BDC! You can finally, if it works - I haven't tried it, have automated fail over without hacking some scripts and running a few PDCs. Very COOL!

    That and it says it will work "out of the box" with Windows Server 2003. I wonder if that means they fixed the "trust" issue with Windows XP trying to auth with it for login without reg hacks....

    1. Re:Best new features by Jeremy+Allison+-+Sam · · Score: 2, Interesting

      It means we do SMB signing by default now :-).

      Jeremy Allison,
      Samba Team.

  3. Vulnerable? by gregarican · · Score: 5, Interesting
    Serious question here, not flamebait. Does Samba use similar RPC methods to thje Windoze NT family? If so are there potential exploits? I'm not sure. I've used Samba and Mars_NWE (a Linux emulator of a Novell Netware server) for years now but never thought of potential parallel security holes. I doubt that the code could be that similar, but am curious. I recall back in the day where anonymous RPC sessions on Windoze NT could totally give admin access through that simple sechole.exe exploit.

    Aside from that concern I can personally say that Samba rules. I have benchmarked it as being a faster file/print server compared to Windoze on identical hardware. A Linux box that can act as a domain controller, and now participate in cross-domain trust relationships and use AD is a helpful tool for weaning folks away from Micro$loth.

    1. Re:Vulnerable? by gregarican · · Score: 5, Interesting
      Here is a footnote of the other side of the coin. I recall back around 1999 working with Samba 2.0.something-or-other. Our company had many sites but centralized Windoze NT domain administration at CHQ. I was interested in trying to sneak a Samba server onto the domain.

      Typically in the Windoze NT model in order to add a server to the domain you have to have admin rights. I recall the Samba box added itself to the domain without any authentication necessary. It was funny when an NT admin from CHQ called me to ask me why our site had this new server showing up. He couldn't browse any of the shares (only local Linux accounts were defined in the Samba user file and /etc/passwd file) and was pissed.

      I apologized and proceeded to take the box off the network, but found it funny that no authentication was necessary. With all of the inherent flaws in Microsoft's security models I would bet that a Samba box could potentially wreak havok on a pre-Windows 2003 network!

    2. Re:Vulnerable? by requim · · Score: 4, Interesting

      Sounds to me like what you are describing is just the SAMBA server showing up in the browse list either via a WINS or NETBIOS name resolution. You cannot in fact join an NT domain without administrative rights to grant the machine an account in the domain, whether it be created on the server prior to joining the machine, or in the process of joing the machine to the domain from the joining machine.

      This isn't to say that there are not other ways in which a unix box can wreak havoc on an NT/200x network...

    3. Re:Vulnerable? by gregarican · · Score: 3, Interesting

      I hear what you are saying, but I mean that the Samba box was on the Server Manager list as a member server. If I would've tried to add an NT Workstation or Server to the domain in this capacity the action wouldn't failed because I wouldn't have known the admin logon to authenticate. AFAIK you can't add another node to the domain in this manner without admin rights. But the Linux box popped right in without a problem.

    4. Re:Vulnerable? by requim · · Score: 5, Interesting

      I would like to test the scenario for the answer I am about to give just to validate my thinking, but I will give it to you anyway. My understanding of how the Server Manager lists the machines is by how the machine is configured, not necessarily as a member of any particular domain/workgroup/etc. It would appear that it lists the machines that are configured to set their domain/workgroup name via netbios in the same groupings (ie if you have a workgroup named SERVERS and and a domain named SERVERS) machines from both the workgroup and domain will appear in the same listing (if using Explorer or some other tree listing. The NETBIOS protocol uses/stores the machine type used for Domain Master Browser functions for election purposes in specific packets. These packets use a code to determine what type of function/server the machine is setup, so in the Browser elections that take place in each subnet, the machine with the highest setting wins (ie PDC > BDC > Member Server > Workstation (it's really a little bit more complicated, but this should suffice.)).

      This being the case, I would have to interpret the samba server appearing in the Server Manager as a result of the code passed in the netbios protocol and it being used to determine machine times when listing the (PDC, BDC, Member Server, etc) I would also imagine that if you were to setup a second NT/200x server as a PDC using the same Domain Name, that that machine would also appear in the Browse List and have a similar effect, though in reality the two domains would not be related except by name (the SID's would be different which would cause many problems that I would rather not go into.).

  4. Re:wonderful! by Anonymous Coward · · Score: 1, Interesting

    It isn't really wise to trust any Windows server. But it allows people to start replacing them with Linux/UNIX systems.

    Samab also allows authentication with UNIX. This is the way I prefer to run it. You can make it act just like a Windows server but without the crashes. And unlike windows, file distribution (rsync versus sms), secure shell, samba and others don't come with the nickle and dime pricing.

  5. Nah... by zonix · · Score: 1, Interesting
    If so are there potential exploits?

    I'd say no - the RPC vulnerabilities you mention are buffer overrun errors, which lie with the (somewhat braindamaged) implementation of the protocol. As long as there are no flaws discovered in the actual protocols, you won't see the same exploits unless the source code is copied directly between implementations.

    z
    --
    What would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
  6. Re:Becareful about using this by weave · · Score: 3, Interesting
    in fact there are probably numerous untold exploits available for this software. Its just a matter of time, as with any opensource product.

    Didn't quite a few of the Microsoft hotfixes credit the Samba team for finding the weaknesses and bringing it to Microsoft's attention?

  7. Slightly OT - Samba Clustering by jACL · · Score: 2, Interesting

    We've been waiting for this release as the version to start replacing Windows servers with. We'd like to build the farm clustered, however. From our research, it looks like clustering Samba can only be done with Mission Critical Linux' products. Anyone seen anything else out there that can also do the job?

    --
    "It remains to be seen if the human brain is powerful enough to solve the problems it has created." Dr. Richard Wallace
  8. Open source top 5 best contributions by MagicMerlin · · Score: 2, Interesting

    Linux/FreeBSD
    Apache
    Gcc
    PostgreSQL
    Samba

    In that order. Thank you.

    Merlin

  9. Single Sign-On by CromeDome · · Score: 2, Interesting

    The promise of single sign-on for the various servers I have around here seems great :) While I know how to get Windows clients to authenticate against a Samba server, and also how to get *nix boxes to connect to a Samba server, is there a way to replace the traditional *nix login/authentication methods and replace it with Samba? Our domain is predominantly NT/2k, with a small scattering of Linux and FreeBSD boxes. Would be great if users could change their NT password and still be able to log in to our *nix boxes for e-mail and such.

  10. Multiple workgroups? by sjbe · · Score: 2, Interesting

    Can anyone tell me if 3.0 includes an easier way to get computers in more than one workgroup to connect? I know you can do it with by running an extra instance of samba but it's awkward. Any better ideas?

    I've got a bunch of laptops that have to connect to different workgroups but I'd like to have them all connect to my samba server. But they have different workgroups and that cannot easily be changed. Samba doesn't deal well with this out of the box, though it works pretty well under Windows proper.

  11. So Am I Nuts by Anonymous Coward · · Score: 1, Interesting

    ...to put a Samba server exposed to the internet?

    Seriously, I'd like to know if people do it and if it is secure.

  12. Re:How many hidden root exploits in this version? by Tenareth · · Score: 2, Interesting

    I'm sure a lot less than in W2K3.

    2 so far?

    --
    This sig is the express property of someone.
  13. Looks like a great leap in the right direction... by NtroP · · Score: 2, Interesting
    But...

    One of the stumbling blocks I've run into in the past (I am no Samba guru) is dealing with the occasionally complex, nested groupings, permisions, and far more detailed ACLs than the ext2-3 filesystems provide. I know that there are some filesystems (and what? overlays?) that can be applied to ext3 which allow more than OWNER-GROUP-WORLD permissions.

    How does this improved AD integration tie in with the various exended-ACL solutions?

    I would LOVE to yank most or all of our windows fileservers and replace them with Linux boxes. The increased security and protection from viruses, etc. would be great. But with thousands of users in hundreds of departments in our domain(s) needing to access some of the same resources with different permissions - I've not found a satisfactory Linux solution.

    Obviously, I'm missing something. But it would be great to have an out-of-the-box solution that takes the best of NTFS (for what it's worth) and the best of journaled Linux FSs to provide a truly stable, yet flexible fileserver.

    Any /.'ers have a solution that's worked for them which you'd be willing to share?

    --
    "terrorism" and "pedophilia" are the root passwords to the Constitution
  14. Re:Get the doc! by Rudeboy777 · · Score: 2, Interesting

    Is anyone here privy to any insider O'Reilly information regarding a release date of Using Samba, 3rd ed.? I was hoping it would follow closely on the tails of Samba 3.0.0's release, and I'm sure many of the other geeks here are interested in buying it as well.

    --

    From hell's heart I fstab at /dev/hdc