Slashdot Mirror
Samba 4 Reaches "Susan" Stage
superfebs writes "Some day ago Samba4
reached a pretty serious test stage. Promises are beautiful: full SMB protocol implementation, Active Directory Domain Controller facility, and more; here's a full roadmap."
← Back to Stories (view on slashdot.org)
"Samba 4 Reaches "Susan" Stage"
So what happens when it reaches the "CowboyNeal" stage?
What is a 'sentance'?
Secure messaging: http://quickmsg.vreeken.net/
Just remember, that if it wasn't for Luke Kenneth Casson Leighton, most of the ideas in Samba 4 would never have even been thought of, never mind implemented.
It'd be nice if they gave him some credit somewhere instead of just blanking him out because he 'rocked the boat'.
Andrew Tridgell is the man behind two of the most interesting and usable free software products available; samba and rsync. Samba is truly great, but I find rsync so incredibly useful and smart. Does the Windows world have any kind of rsync-equivalent? (Besides the Windows rsync-ports, which require a lot of extra stuff like Cygwin.) Backing up data with rsync makes me sleep well at night :-)
Thanks Tridgell! :-)
http://www.mralert.com/ - Free web site monitoring
its not, thats an advert quite cleverly designed to liik like the rest of the site. The links are all ad.doubleclick.net and the blurb is all about windows being better.
slashdot even has MS adverts, they are just everywhere. and where better to put them? trying to scare inquisitive new users away.
How many computers are too many?
It can be a pain to set up at first because you have to deal with config files, but once it's set up, it Just Works (TM).
My little network at my apartment has two windows machines (roommates), my linux machine, and the xbox with XBMC. I can share movies and music across the network and it always works. The xbox and the windows machines can always see shared directories.
On the other hand, SMB on the windows xp and windows 98SE only works some of the time. I can always count on mine working though.
Good job, samba team!
If you had RTFA, you would realize that it mean that the head developer, Tridge, who started the whole samba thing years ago, go to the place where his wife, Susan, is testing it at home. She has apparently been a tester for ever major release, and she apparently encouraged him to started the Samba project to begin with.
Call me when it gets to the Pamela Anderson stage.
For those who don't follow too closely, what necessitated a rewrite of Samba 3 and/or what gains are to be expected?
"I assumed blithely that there were no elves out there in the darkness"
They actually made a full implementation of AD Controller (a very difficult thing to do).
This is really a major acheivement.
Kudos to the Samba Development
An ad called the "Linux Resource Center: Sponsored by Microsoft". The irony.
Karma whorin' since 1999
So basically the Samba team is doing what they believed was too ambtious in 2000, thus leading to the forked Samba - TNG project. Am I correct?
Judging from the results probably Tridgell & co. were right...
To this day my wife gives me a look when I tell her I need to work on AMANDA.
no because my partner is an adult
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I presume this something to do with some Windows functionality?
I remember reading Andrew Tridgell's comments in 'The Rebel Code' by Glyn Moody - "...And we try to remain bug-for-bug compatible where it makes sense. There are some cases where it doesn't make sense, and their [MS] bugs are just ridiculous, and you shouldn't emulate them. But in most cases, we emulate the bugs so that we interoperate completely with the Microsoft implementation."
Ever tried to add some Redhat servers to a windows domain with user-account given automagically by Active Directory? Tried for 2 days, gave up...
I certainly hope the configuration is more userfriendly now.
Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
I don't care if it's 90,000 hectares. That lake was not my doing.
I'd like to extend my heartfelt thanks for working so hard on this.
Thanks again!
Bill Gates
It would be nice if they actually fixed their LDAP code so that it would work with any directory server other than OpenLDAP. The fact of the matter is, I spent the last month trying to get PDC functionality to work with iPlanet Directory Server, and even Netscape Directory Server, which coincidentally Redhat just purchased, and the buggy Samba implementation of LDAP as a storage mechanism for account information just doesn't work with anything other than OpenLDAP. Users on a Windows XP workstation can't authenticate, and sometimes they can authenticate by the XP client gets a BSOD right after authenticating. It's bizzare, it's actually as if Samba is sending the XP client a buffer overflow while authenticating. If someone can prove me wrong I would be happy to hear it.
I spent weeks working with RHEL technical support, and even had one of the Redhat support techs rebuild my environment, and sure enough, his users can't authenticate either (and experience the same BSOD).
I'd love to be able to replace my entire Windows NT 4 domain with Samba running on Linux, but until Samba can actually provide a backup domain controller functionality that works with our existing LDAP infrastructure, I'm sorry, but Samba is not ready for prime-time. Having a single point of failure in your Samba PDC is not acceptable for enterprise use.
Can you believe the only workable enterprise-level solution for Samba is to make the Samba server a domain member of an Active Directory domain? And then you still have to purchase Windows Client Access Licenses (CALs) for all of your workstations, saving you $0!!! (Not to mention your RHEL license and support fees which are more expensive than Windows 2003 Server)....
Fucking ridiculous... If I sound a little pissed off it's because I wasted a month of my time trying to get this buggy software to work properly and even Redhat enterprise support just threw up their hands and said: Sorry, it's not supported and doesn't work.
"When the president does it, that means it's not illegal." - Richard M. Nixon
Samba has been my savior on many occasions because of the damn Macs. They don't just handle remote file-systems very well. They never release a file they open. The G5s at my work I often have to boot off because other users are unable to move files around which is part of our workflow process currently so its quite annoying. Samba fixes the problem by acting as my proxy. It talks very nicely to all major network platforms. They've done some nice work this far, Samba 4 looks even more promising.
What is truly amazing about the Samba project is their consistent ability to emulate MS screw up, go "buf for bug" is the term I think is used. To implement something like Active Directory, bugs and, which included 4 or 5 different standard (but not quite) services is amazing. Just look at the problems with write support for NTFS. I don't know if its intentional, but MS products are not exactly easy to reverse engineer. Thanks, release us from the horror that is AD on XP!
Spencer Ogden
FTA: "Samba4 reached an important milestone tonight, as I installed it for my wife to use as her file server for all of her important documents, email, the book she is working on etc."
Ok, there are two rules I follow:
1. Never touch a running system.
but even more importantly:
2. Never touch the running system of your girlfriend/wife.
I did that a few weeks ago and upgraded her machine. Due to bad luck I bought a faulty RAM module and "thought" I had double checked it. Well, long story short, I got her machine ready in time for her finals but I went through a lot of absolutely unnecessery trouble. Ok, now she's happy and all but I nearly failed it. I would never ever try my development code on her productive box.
I would prefer to see NDS implementations and Novell server integrations than to give MS the fuel to convince IT that Windows is the way to go since Unix only works with AD.
http://saveie6.com/
even worse: My exgirlfriends name is Susann, and I am actively deploying a Samba Server next week.
I guess I'd better stick with Samba3 or else my girl thinks I am out latin-dancing with my exgirlfriend...
The BSD and Apple categories would be just as appropriate. Perhaps Slashdot needs a *nix category ...
Linux at home
yes - i wanted to introduce several stand-alone daemons, for several reasons:
... would anyone DREAM of merging postfix, cyrus, nntpd and apache into a single daemon??
1) project manageability.
you tell people that samba is 350,000 lines of code and they freak out. you tell them that they can work on say writing a special samr daemon (e.g. a sql db one) which would be oh about 30-50k lines, and they start to calm down a bit.
2) clear delineation and separation of code at logical boundaries.
the complexity of the samba project was getting out of hand, and it is still out-of-hand.
by introducing separate services, which almost every other implementor of NT-compatible servers have done, you don't end up feeling like you've swallowed a tiger.
3) commercial and other-licensed-projects can interoperate.
sun microsystems would never have bothered to license AT&T's AFPS code [NT 3.5 ported to SysV by microsoft - badly - and bought by AT&T].
or, at least, if they had, they would have chucked away the file-server part of it, and used smbd as the file server, whilst still using the NT-based services from NT 3.5-ported-to-unix!
and they would have used the published interfaces - the ones used to communicate with the external DCE/RPC services.
the reasons i was quoted AGAINST doing separate services were that a) it would be several milliseconds too slow (which is a rubbish argument on a network-based protocol) and b) unix domain sockets cannot be used securely (which, given that they are used in winbind is again rubbish)
no, the real reasons why samba was not turned into separate daemons was a) so that samba could be used to maintain control as a single GPL project b) because i was the one advocating it c) the level of complexity was not understood and i failed to explain it clearly enough.
Well, first off, eDirectory which replaces NDS already runs in a Linux environment. Secondly, Samba is an implementation of SMB, which is what Microsoft uses. Samba would not seek to replace Novell servers, because they don't work using SMB (aka CIFS).
XAD is very interesting, and it works, yet is ... lacking in key areas that would aid in migration.
you can make a XAD server be a member of an NT-controlled forest, but the replication protocol is itself a beast-and-a-half, such that it is not yet possible for a XAD server to replicate and then "take over" an NT server.
which is a pity.
also, lukeh has modified a number of open source projects to allow "plugin" components to be added, such that he can out-source to his own components.
the source code for these plugin methods _is_ available - ironically, the one for samba does pretty much EXACTLY what i do for samba tng - outsource the DCE/RPC traffic - yet unfortunately, XAD itself, the core of it, perhaps unsurprisingly, is proprietary.
- Andrew: There is a branch tag. Some lines of code has been written, and it can print the word "Samba" in a log file
- Susan: Core things work. That is, you can see a share folder, and when MS-Word crashes, it is not clear, if it is the Samba pile that caused it
- Alpha: Susan threw it out! Andrew is now pestering his paying customers to use it. Status is: what works, works. Features are missing (like reading from files)
- Beta: Paying customers threw it out! Andrew is seeking the Linux distributors to try it out.
- Distro: Some advanced stuff doesn't come out right. The distributors release it anyhow in the hope that some geek will fix it.
- Limbo: The geek fixed it and made an obscure backdoor. He is now using your host for compiling his kernel
- Retro: Most people revert to an earlier version, with a better backdoor. The geek has now a nextdoor neighbor geek to compile X on the host
- Fiasco: Well, yeah. Your drop Windows service.
Sorry, got a bit carried away...:-) = I am happy
:^) = I am happy with my big nose
C:\> = I am happy with my OS
Tridge wrote the core of Samba4 in about a day of coding spread over about a day and a half elapsed. That blew my mind. He did have a clear idea of what he was going to do when he started, but nevertheless it's startling to watch. He also wrote the core to have unprecedented flexibility, so it's going to be just as interesting to see what some of the other Samba geniuses do with it now that it's airborne (just).
It's also going to be interesting to see if naming his test tool "smbtorture" this time around (instead of "smbclient") is going to prevent people coming to rely upon it for day-to-day administration. (-:
Got time? Spend some of it coding or testing
"My experience is with AD in small networks, where the usesrs want something simple like central passwords and roaming profiles."
..."
Yah, that's generally what we use it for, too. (I work for an IT systems integrator.)
"... there have been nothing but problems. Slow logons, the server requires rebooting
Dollars to donuts, your DNS configuration is wrong. For most small networks, this usually boils down to: "You need to make sure the one and only resolving DNS server mentioned anywhere in your configuration is your Active Directory Domain Controller". Along that same line: "Never mention your ISP's DNS servers anywhere!" (This is a tremendous over-simplication, but it will do for Slashdot. Reply if you really want to know the details.)
A lot of people are still used to NT4. There wasn't much you could do to mis-configure NT4. Sure, it might not work in the first place, but it was always due to Microsoft bugs and limitations and there wasn't anything you could do about it. If it could be done with NT4 "out of the box", it was generally pretty easy to do.
Contrast that with Windows 2000 and Active Directory. Suddenly, DNS, DHCP, dynamic DNS updates, DNS record types, DNS SRV records, LDAP, and Kerberos all get involved. Your DNS infrastructure has to correct or Active Directory will blow chunks. You cannot get by without reading the manual. That is a stark constrast to NT4.
"... and user management is a pain."
This strikes me as odd. If anything, I find user management much easier in AD vs NT4. What makes you say it is a pain? Maybe I can offer some advice.
FYI and FWIW, we also frequently deploy Samba in NT4 PDC emulation mode, and find it works very well at that. Centralized security database, roaming profiles, etc. I just miss Active Directory Group Policy.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Here is the link M. Coward posted, but fixed, plus my +2 score so more will see it. (Sorry M. Coward, but then, I figure if you're Anonymous, you're not worried about credit or karma.)
0 2-January/018388.html
http://lists.samba.org/archive/samba-technical/20
I don't know the people or the situation enough to judge either one, but I figure it is good to see both sides. The truth, I suspect, is somewhere in the middle, but I say that onlly because it usually is.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
If I'm in a good mood and I want to become angry, all I have to do is click on Network Neighborhood, and I go from happy to pissed off in no time flat. First of all, it practically locks up the entire computer while it SEARCHES for network shares.
In the default configuration, that is pretty common. If you are interested, I can explain how to make it work well.
1. Create a WINS server (NetBIOS name server). Point all your SMB/CIFS clients to the WINS server.
2. Set your NetBIOS Node type to 2 (P-node, or Peer Node -- WINS resolution only).
3. Disable the NetBIOS computer browser service on all but a handful of "reliable server" machines.
To disable the NetBIOS browser on NT, disable the "Computer Browser" service.
On Win 95/98/ME, set the "Master Browser" option to "No" instead of "Auto" in the "Windows File and Printer Sharing" component in Network properties. (I might have the names wrong; I don't use 9X much anymore, and I don't have one handy to check.)
I usually recommend disabling the browser service on all computers expect for domain controller(s). If you do not have a domain, disable said service on all but one or two of your servers. If you do not have any servers, you're hosed, regardless of protocol. Designate a computer "the server" to fix things.
Once this is done, Windows name resolution works pretty well.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
This has come up before with web servers -- Microsoft got on Orielly's case because Orielly's web server allowed as many connections as the machine could handle, and didn't restrict it to 10 even if the machine wasn't licensed for it. (This was at least 10 years ago, so maybe my memory is sketchy. I had a friend who was working at Orielly at the time and he was fussing about this ...)
I don't think Orielly gave in, and I'm sure this has come up again and again with every web server, ftp server, mail server, etc. that runs under Windows. But Microsoft can't really enforce it, so ...