Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba 4 Reaches "Susan" Stage

Posted by CmdrTaco on from the i-love-that-description dept.

superfebs writes "Some day ago Samba4 reached a pretty serious test stage. Promises are beautiful: full SMB protocol implementation, Active Directory Domain Controller facility, and more; here's a full roadmap."

28 of 274 comments (clear)

  1. Heavyweight Protocol. by Anonymous Coward · · Score: 4, Funny

    "Samba 4 Reaches "Susan" Stage"

    So what happens when it reaches the "CowboyNeal" stage?

    1. Re:Heavyweight Protocol. by DARKFORCE123 · · Score: 5, Funny

      I am more in the mood for a lightweight protocol . Get back with me when it reaches the 'Mary Kate Olsen' stage.

  2. Luke Kenneth Casson Leighton by Anonymous Coward · · Score: 5, Interesting

    Just remember, that if it wasn't for Luke Kenneth Casson Leighton, most of the ideas in Samba 4 would never have even been thought of, never mind implemented.

    It'd be nice if they gave him some credit somewhere instead of just blanking him out because he 'rocked the boat'.

    1. Re:Luke Kenneth Casson Leighton by Vlad_the_Inhaler · · Score: 4, Interesting

      Is he the guy behind Samba TNG?

      I never knew the name but was told that he was difficult to work with. Classic innuendo tactics really, unless it happens to be the truth and that I can't judge.

      --
      Mielipiteet omiani - Opinions personal, facts suspect.
    2. Re:Luke Kenneth Casson Leighton by lkcl · · Score: 5, Informative

      yep, that's me.

      yes, i failed. i took on a fascinating and very large task - to help EVERYONE out of a difficult hole, both microsoft, the open source community AN D its users, AND microsoft and samba's competitors (the Storage Area Network community) i succeeded in getting the knowledge out there but i failed in implementing it in an "acceptable" way.

      yes, the times when i was working on samba got progressively more painful as the difference between the SAMBA_NTDOM and the main cvs branch got steadily further and further apart - in the end approximately 100,000 to 120,000 lines of code apart.

      yes, without the work that i did for four years, spurred by paul ashton's initial decoding of the NT domains logon system, the samba team would likely still be peddling you a system that was compatible with windows 95. that's a gross exaggeration: the Active Directory interoperability is a lot easier but still fraught with difficulties.

      one of the key problems was that andrew tridgell found it increasingly difficult to actually accept that i could think of things that he could not.

      he also had great difficulty, as most people do, in accepting the level of complexity of the MSRPC (aka DCE/RPC) subsystem and quite how inter-connected the whole thing is.

      in the end, i had to use other people (such as tim potter, to whom i am very grateful) to get ideas and code accepted.

      in particular, the winbind project: note the striking similarity between the use of unix domain sockets in winbind, which andrew tridgell reviewed and accepted, and the use of unix domain sockets in Samba TNG, which andrew tridgell REFUSED to review and REFUSED to accept.

      i was told, by andrew tridgell, things like "you should try to log in as root occasionally, and if you break out in a cold sweat, lie down for a while until the feeling goes away".

      whilst i learned an awful lot about systems programming from andrew, the way that he treated me was with disdain and complete lack of respect - which was terribly, terribly disappointing for me because, being absolutely honest, i loved and respected him greatly.

      anyway: he learned nothing from me, and consequently, he has set samba's development back by at least ten man-years.

      luke howard, in three years, ON HIS OWN, produced XAD (www.padl.com) which he has been selling for at least the past two years as a commercial product - an NT 5 Active Directory Server.

    3. Re:Luke Kenneth Casson Leighton by lkcl · · Score: 5, Interesting

      yeh, i'll accept that - both parts.

      i see patterns. i mean i SEE patterns. it freaks people out. especially those people who are insecure in their abilities and position.

      one thing i do have a lot of difficulty with when i fail to explain or get across a deep understanding of a complex topic.

      i find it particularly frustrating in areas where people are supposed to have the capabilities and expertise to cope with a certain level of complexity.

      but - basically - the one way to absolutely GUARANTEE to make me see pink mist is for you to be dishonest. whereever i find people being dishonest with themselves, me, or other people, i WILL go for the throat - without fail.

      and it gets me into difficulties. c'est la vie.

    4. Re:Luke Kenneth Casson Leighton by lkcl · · Score: 4, Interesting

      one other thing that i really should make clear is that i used - and still use - a programming technique which recently gained a name: "extreme programming".

      basically what i do is i build up a picture in my head of what results i want to achieve, and how, in broad architectural terms that that picture should be built.

      then i start incessantly, repeatedly, rapidly, bluntly and brutally chipping away at the details: in the case of coding that could result in 30 cvs commits per day.

      does this work? oops, no it didn't, let's try something else.

      occasionally, usually due to exhaustion or frustration, i would sit and re-think.

      i bounced hundreds of messages off of the samba mailing lists, most of which were not actually understood but that was okay because it allowed me to think out loud.

      this process drove jeremy allison completely nuts.

      jeremy's development model was radically different: very controlled, very calculated, very infrequent cvs commits (relatively speaking) - if it's not ready, if it don't work, it ain't going in the cvs repository.

      contrast this with me having at best a pentium 90 with 16mb of memory (my fastest machine) and having to do partial-builds (ccache didn't exist) due to a complete build taking 90 minutes, and random cvs commits in case someone stole my computer from the cybercafe... ... i frequently had no choice but to commit in code at the risk of breaking the build.

      this also drove jeremy nuts.

      c'est la vie.

    5. Re:Luke Kenneth Casson Leighton by lkcl · · Score: 4, Interesting

      working with others requires cooperation both ways.

      _i_ have learned where i have failed.

      now PLEASE will you do me the favour of communicating to andrew and to jeremy where THEY have failed.

      the samba team is not a team at all: it is a group of people who work on their own areas with hardly any actual cooperation at all.

      i WISH that the samba project had an ASF charter, with an additional clause that lends equal weight to "strategic" decisions in the part about code being accepted on "technical merit".

      if the ASF charter was in place on the samba project, so many many people would not have left it in frustration.

      there is much more that i could say but the number of comments on this topic is getting high (and consequently thinner), and is distracting me from my work.

    6. Re:Luke Kenneth Casson Leighton by Jeremy+Allison+-+Sam · · Score: 4, Interesting

      I'm only going to say one thing here, and then leave it at that. As has been pointed out before, Luke has a very selective memory about his involvement with Samba.

      Yes he made substantial contributions, for which we were very grateful, but in the end the difficulties in working together outweighed the benfits.

      I'm not going to say any more - those who are interested can read the relevent email archives.

      Jeremy.

  3. Andrew Tridgell - a free software hero by mralert · · Score: 5, Insightful

    Andrew Tridgell is the man behind two of the most interesting and usable free software products available; samba and rsync. Samba is truly great, but I find rsync so incredibly useful and smart. Does the Windows world have any kind of rsync-equivalent? (Besides the Windows rsync-ports, which require a lot of extra stuff like Cygwin.) Backing up data with rsync makes me sleep well at night :-) Thanks Tridgell! :-)

    --
    http://www.mralert.com/ - Free web site monitoring
    1. Re:Andrew Tridgell - a free software hero by MisterP · · Score: 5, Informative

      Check out cwrsync

      It is a stand alone package of rsync for windows. It even comes with an installer to make it run as a service. I use to it replicate web content on some faily major websites.

    2. Re:Andrew Tridgell - a free software hero by Tony+Hoyle · · Score: 4, Informative

      Robocopy != Rsync

      Rsync copies the minimum amount required to make the old file == the new file - works well over slow links. Robocopy can only copy whole files.

  4. Samba's great by Stevyn · · Score: 4, Interesting

    It can be a pain to set up at first because you have to deal with config files, but once it's set up, it Just Works (TM).

    My little network at my apartment has two windows machines (roommates), my linux machine, and the xbox with XBMC. I can share movies and music across the network and it always works. The xbox and the windows machines can always see shared directories.

    On the other hand, SMB on the windows xp and windows 98SE only works some of the time. I can always count on mine working though.

    Good job, samba team!

  5. Re:Samba 4 Reaches "Susan" Stage???? by LEgregius · · Score: 4, Informative

    If you had RTFA, you would realize that it mean that the head developer, Tridge, who started the whole samba thing years ago, go to the place where his wife, Susan, is testing it at home. She has apparently been a tester for ever major release, and she apparently encouraged him to started the Samba project to begin with.

  6. Call me when by mboverload · · Score: 4, Funny

    Call me when it gets to the Pamela Anderson stage.

  7. Easy to install? by DoktorTomoe · · Score: 4, Interesting

    Ever tried to add some Redhat servers to a windows domain with user-account given automagically by Active Directory? Tried for 2 days, gave up...

    I certainly hope the configuration is more userfriendly now.

    --
    Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
  8. Thanks for the roadmap, Samba guys! by teamhasnoi · · Score: 4, Funny
    I've already given coders the order to embrace this improved version for inclusion into Longhorn.

    I'd like to extend my heartfelt thanks for working so hard on this.

    Thanks again!
    Bill Gates

  9. Fix LDAP first... by illumin8 · · Score: 4, Interesting

    It would be nice if they actually fixed their LDAP code so that it would work with any directory server other than OpenLDAP. The fact of the matter is, I spent the last month trying to get PDC functionality to work with iPlanet Directory Server, and even Netscape Directory Server, which coincidentally Redhat just purchased, and the buggy Samba implementation of LDAP as a storage mechanism for account information just doesn't work with anything other than OpenLDAP. Users on a Windows XP workstation can't authenticate, and sometimes they can authenticate by the XP client gets a BSOD right after authenticating. It's bizzare, it's actually as if Samba is sending the XP client a buffer overflow while authenticating. If someone can prove me wrong I would be happy to hear it.

    I spent weeks working with RHEL technical support, and even had one of the Redhat support techs rebuild my environment, and sure enough, his users can't authenticate either (and experience the same BSOD).

    I'd love to be able to replace my entire Windows NT 4 domain with Samba running on Linux, but until Samba can actually provide a backup domain controller functionality that works with our existing LDAP infrastructure, I'm sorry, but Samba is not ready for prime-time. Having a single point of failure in your Samba PDC is not acceptable for enterprise use.

    Can you believe the only workable enterprise-level solution for Samba is to make the Samba server a domain member of an Active Directory domain? And then you still have to purchase Windows Client Access Licenses (CALs) for all of your workstations, saving you $0!!! (Not to mention your RHEL license and support fees which are more expensive than Windows 2003 Server)....

    Fucking ridiculous... If I sound a little pissed off it's because I wasted a month of my time trying to get this buggy software to work properly and even Redhat enterprise support just threw up their hands and said: Sorry, it's not supported and doesn't work.

    --
    "When the president does it, that means it's not illegal." - Richard M. Nixon
    1. Re:Fix LDAP first... by ink · · Score: 4, Interesting
      BTW, does Windows Server support any LDAP back-end that is not Microsoft's Active directory?

      Shhhhhh. Microsoft doesn't have to work with 3rd parties; the 3rd parties are responsible for reverse-engineering Windows and working perfectly with every possible combination that an end user may choose. And, god forbid anyone track down the bugs with iPlanet and fix them... it's much more efficient to complain about it on Slashdot.

      FWIW, we have PDC/BDC witih Samba3; and we previously used a 'hot standby' Samba2 server in a PDC/coldPDC configuration. Samba is incredible; we love it. We're even using <gasp> OpenLDAP with Samba3 right now. It plugs in with Squirrelmail, Courier, Exim, Apache, Tomcat, Coldfusion, and a buch of custom applications. Oh, and I also wrote a Samba-to-fax gateway that doesn't require any Windows programs to work (and works from any OS). It's a verah niiice.

      --
      The wheel is turning, but the hamster is dead.
    2. Re:Fix LDAP first... by Anthony+Liguori · · Score: 5, Informative

      It would be nice if they actually fixed their LDAP code so that it would work with any directory server other than OpenLDAP.

      It does. We routinely run it with IBM Directory Server.

      and the buggy Samba implementation of LDAP as a storage mechanism for account information just doesn't work with anything other than OpenLDAP.

      Were you linking against iPlanet LDAP libs or OpenLDAP libs? It's quite possible that you're linking against the OpenLDAP libs and that they're not getting along with iPlanet.

      Samba only uses the standard LDAP calls. Other than the schema extensions (which unfortunately aren't in a standardized format) there's no LDAP-platform dependence.

      It's bizzare, it's actually as if Samba is sending the XP client a buffer overflow while authenticating.

      Why haven't you submitted this as a bug report at samba.org?

      I spent weeks working with RHEL technical support,

      Grab the latest from samba.org. The RHEL packages are sometimes quite old.

      I'm sorry, but Samba is not ready for prime-time.

      It's good that you made this decision for the world. Since noone's actually using Samba in production environments right now.

      Look, Samba's used in a lot of enterprise environments. You're experience isn't the norm. You're environment also isn't the norm. Not many folks use iPlanet. Netscape's DS is also considered one of the lesser LDAP servers out there.

      If this is a reproducable bug, and of the severity you describe, and is still present in the latest version of Samba, it's certainly be a high priority fix.

      Keep in mind though, we don't do a lot of testing with things like iPlanet because we don't have access to copies of it. OpenLDAP and IDS get a lot of testing with Samba because people who work on Samba have ready access to it.

      What's more, I don't see a single way in which any kind of LDAP failure could result in Samba sending an incorrect packet (with an incorrectly sized buffer) to a Windows client.

      Bugzilla is your friend.

  10. Re:Quick remote file ops? by Vancorps · · Score: 4, Informative
    There is a rather fundimental flaw in your request that Windows could not allow unless it was between two domain controllers. Every resource has its own session key. You would not have the permissions to create a new session key on your remote server since only system and krtg are allowed to do such things.

    My solution is to either use ssh and copy the file from the box, or if the two servers/shares are Windows I use AnalogX TS Drop Copy which does exactly what you ask for.

  11. Re:Why a rewrite? by Anthony+Liguori · · Score: 5, Informative

    Samba3 is a mess. All the RPC code is hand-written, the SMB parsing logic is all over the place.

    Samba4 automates the generate of most of the RPC code (the numbers change frequently, but it's something like 3,000 lines of IDL now replaces 100,000 lines of handcoded C).

    Plus, Samba3 took the approach of just doing enough of the protocol so that it worked. You'd see a lot of mysterious += 8 where you'd just skip over chunks of the packet. In Samba4, every field is understand and accounted for.

    Samba3 never could have been written as Samba4. Noone knew enough about SMB to understand that Samba4 was needed. This is really just Samba4 growing up.

    The biggest user-visible change is going to be better Active Directory support. Active Directory support in Samba3 is painful. Very painful. If Samba4 does get it's own LDAP server, you may seem some extremely good interop in Samba4.

  12. Re:Implementing Microsoft "Standards" by JohnnyKlunk · · Score: 4, Interesting

    OK, I know it's popular to bash MS here, but precisely what is the the horror that is AD on XP? Like MS or not if you've got x thousand users needing shared file/print resources across multiple servers / sites then AD with XP does a pretty reasonable job. It's easy to administer, easy for users to understand and the flexibility of clever combinations of site / ou / group based policies give a level of intuitive usability that very little else will provide.

    Bash MS all you like. I dont like alot of their stuff either, just give some evidence for the stuff you dislike and admit to the stuff they do well.

  13. Re:Quick remote file ops? by Anthony+Liguori · · Score: 4, Informative

    Actually, there is a CopyFile SMB. If it's there, Samba4 supports it. However, the burden really falls to the client here. It depends on how smart KDE would be in using the appropriate SMB's. Samba4's client libraries are much richer than Samba3's so the ability to do this would be exposed to them.

    So, the short answer is yes, but it would require a much more sophisticated client than what you presently see today.

  14. several additional daemons by lkcl · · Score: 4, Interesting

    yes - i wanted to introduce several stand-alone daemons, for several reasons:

    1) project manageability.

    you tell people that samba is 350,000 lines of code and they freak out. you tell them that they can work on say writing a special samr daemon (e.g. a sql db one) which would be oh about 30-50k lines, and they start to calm down a bit.

    2) clear delineation and separation of code at logical boundaries.

    the complexity of the samba project was getting out of hand, and it is still out-of-hand.

    by introducing separate services, which almost every other implementor of NT-compatible servers have done, you don't end up feeling like you've swallowed a tiger. ... would anyone DREAM of merging postfix, cyrus, nntpd and apache into a single daemon??

    3) commercial and other-licensed-projects can interoperate.

    sun microsystems would never have bothered to license AT&T's AFPS code [NT 3.5 ported to SysV by microsoft - badly - and bought by AT&T].

    or, at least, if they had, they would have chucked away the file-server part of it, and used smbd as the file server, whilst still using the NT-based services from NT 3.5-ported-to-unix!

    and they would have used the published interfaces - the ones used to communicate with the external DCE/RPC services.

    the reasons i was quoted AGAINST doing separate services were that a) it would be several milliseconds too slow (which is a rubbish argument on a network-based protocol) and b) unix domain sockets cannot be used securely (which, given that they are used in winbind is again rubbish)

    no, the real reasons why samba was not turned into separate daemons was a) so that samba could be used to maintain control as a single GPL project b) because i was the one advocating it c) the level of complexity was not understood and i failed to explain it clearly enough.

    1. Re:several additional daemons by Anonymous Coward · · Score: 4, Interesting

      So, you had better ideas and better code but, your fork died and the original branch continued.

      Your fork died because the original branch refused to merge your "superior" code and concepts? Come on, who's kidding who?

      SAMBA did not force you to abandon your fork. You could have continued with the SAMBA TNG fork. Had you produced superior concepts and code, as you claimed to have, I doubt that the community would continue to use the original "inferior" branch.

    2. Re:several additional daemons by lkcl · · Score: 4, Insightful

      samba tng is still going: i don't actively work on it but elrond does.

      samba tng was, and still is, capable of acting as a PDC for thousands - yes, thousands - of users.

      samba tng is the only PDC that doesn't fall over when a few hundred students all simultaneously log in at once.

      i stopped working on samba tng because it was too distressing.

      and you know just as well as i do that better ideas are useless when there is a monopoly power already in place.

  15. Andrew Tridgell's side of the story by DragonHawk · · Score: 4, Informative

    Here is the link M. Coward posted, but fixed, plus my +2 score so more will see it. (Sorry M. Coward, but then, I figure if you're Anonymous, you're not worried about credit or karma.)

    http://lists.samba.org/archive/samba-technical/200 2-January/018388.html

    I don't know the people or the situation enough to judge either one, but I figure it is good to see both sides. The truth, I suspect, is somewhere in the middle, but I say that onlly because it usually is.

    --

    dragonhawk@iname.microsoft.com
    I do not like Microsoft. Remove them from my email address.