Samba 4 Reaches "Susan" Stage

superfebs writes "Some day ago Samba4 reached a pretty serious test stage. Promises are beautiful: full SMB protocol implementation, Active Directory Domain Controller facility, and more; here's a full roadmap."

Luke Kenneth Casson Leighton

Just remember, that if it wasn't for Luke Kenneth Casson Leighton, most of the ideas in Samba 4 would never have even been thought of, never mind implemented.

It'd be nice if they gave him some credit somewhere instead of just blanking him out because he 'rocked the boat'.

Re:Luke Kenneth Casson Leighton

[lkcl]

yep, that's me.

yes, i failed. i took on a fascinating and very large task - to help EVERYONE out of a difficult hole, both microsoft, the open source community AN D its users, AND microsoft and samba's competitors (the Storage Area Network community) i succeeded in getting the knowledge out there but i failed in implementing it in an "acceptable" way.

yes, the times when i was working on samba got progressively more painful as the difference between the SAMBA_NTDOM and the main cvs branch got steadily further and further apart - in the end approximately 100,000 to 120,000 lines of code apart.

yes, without the work that i did for four years, spurred by paul ashton's initial decoding of the NT domains logon system, the samba team would likely still be peddling you a system that was compatible with windows 95. that's a gross exaggeration: the Active Directory interoperability is a lot easier but still fraught with difficulties.

one of the key problems was that andrew tridgell found it increasingly difficult to actually accept that i could think of things that he could not.

he also had great difficulty, as most people do, in accepting the level of complexity of the MSRPC (aka DCE/RPC) subsystem and quite how inter-connected the whole thing is.

in the end, i had to use other people (such as tim potter, to whom i am very grateful) to get ideas and code accepted.

in particular, the winbind project: note the striking similarity between the use of unix domain sockets in winbind, which andrew tridgell reviewed and accepted, and the use of unix domain sockets in Samba TNG, which andrew tridgell REFUSED to review and REFUSED to accept.

i was told, by andrew tridgell, things like "you should try to log in as root occasionally, and if you break out in a cold sweat, lie down for a while until the feeling goes away".

whilst i learned an awful lot about systems programming from andrew, the way that he treated me was with disdain and complete lack of respect - which was terribly, terribly disappointing for me because, being absolutely honest, i loved and respected him greatly.

anyway: he learned nothing from me, and consequently, he has set samba's development back by at least ten man-years.

luke howard, in three years, ON HIS OWN, produced XAD (www.padl.com) which he has been selling for at least the past two years as a commercial product - an NT 5 Active Directory Server.

Re:Luke Kenneth Casson Leighton

[lkcl]

yeh, i'll accept that - both parts.

i see patterns. i mean i SEE patterns. it freaks people out. especially those people who are insecure in their abilities and position.

one thing i do have a lot of difficulty with when i fail to explain or get across a deep understanding of a complex topic.

i find it particularly frustrating in areas where people are supposed to have the capabilities and expertise to cope with a certain level of complexity.

but - basically - the one way to absolutely GUARANTEE to make me see pink mist is for you to be dishonest. whereever i find people being dishonest with themselves, me, or other people, i WILL go for the throat - without fail.

and it gets me into difficulties. c'est la vie.

Andrew Tridgell - a free software hero

[mralert]

Andrew Tridgell is the man behind two of the most interesting and usable free software products available; samba and rsync. Samba is truly great, but I find rsync so incredibly useful and smart. Does the Windows world have any kind of rsync-equivalent? (Besides the Windows rsync-ports, which require a lot of extra stuff like Cygwin.) Backing up data with rsync makes me sleep well at night :-) Thanks Tridgell! :-)

Re:Andrew Tridgell - a free software hero

[MisterP]

Check out cwrsync

It is a stand alone package of rsync for windows. It even comes with an installer to make it run as a service. I use to it replicate web content on some faily major websites.

Re:Heavyweight Protocol.

[DARKFORCE123]

I am more in the mood for a lightweight protocol . Get back with me when it reaches the 'Mary Kate Olsen' stage.

Re:Why a rewrite?

[Anthony+Liguori]

Samba3 is a mess. All the RPC code is hand-written, the SMB parsing logic is all over the place.

Samba4 automates the generate of most of the RPC code (the numbers change frequently, but it's something like 3,000 lines of IDL now replaces 100,000 lines of handcoded C).

Plus, Samba3 took the approach of just doing enough of the protocol so that it worked. You'd see a lot of mysterious += 8 where you'd just skip over chunks of the packet. In Samba4, every field is understand and accounted for.

Samba3 never could have been written as Samba4. Noone knew enough about SMB to understand that Samba4 was needed. This is really just Samba4 growing up.

The biggest user-visible change is going to be better Active Directory support. Active Directory support in Samba3 is painful. Very painful. If Samba4 does get it's own LDAP server, you may seem some extremely good interop in Samba4.

Re:Fix LDAP first...

[Anthony+Liguori]

It would be nice if they actually fixed their LDAP code so that it would work with any directory server other than OpenLDAP.

It does. We routinely run it with IBM Directory Server.

and the buggy Samba implementation of LDAP as a storage mechanism for account information just doesn't work with anything other than OpenLDAP.

Were you linking against iPlanet LDAP libs or OpenLDAP libs? It's quite possible that you're linking against the OpenLDAP libs and that they're not getting along with iPlanet.

Samba only uses the standard LDAP calls. Other than the schema extensions (which unfortunately aren't in a standardized format) there's no LDAP-platform dependence.

It's bizzare, it's actually as if Samba is sending the XP client a buffer overflow while authenticating.

Why haven't you submitted this as a bug report at samba.org?

I spent weeks working with RHEL technical support,

Grab the latest from samba.org. The RHEL packages are sometimes quite old.

I'm sorry, but Samba is not ready for prime-time.

It's good that you made this decision for the world. Since noone's actually using Samba in production environments right now.

Look, Samba's used in a lot of enterprise environments. You're experience isn't the norm. You're environment also isn't the norm. Not many folks use iPlanet. Netscape's DS is also considered one of the lesser LDAP servers out there.

If this is a reproducable bug, and of the severity you describe, and is still present in the latest version of Samba, it's certainly be a high priority fix.

Keep in mind though, we don't do a lot of testing with things like iPlanet because we don't have access to copies of it. OpenLDAP and IDS get a lot of testing with Samba because people who work on Samba have ready access to it.

What's more, I don't see a single way in which any kind of LDAP failure could result in Samba sending an incorrect packet (with an incorrectly sized buffer) to a Windows client.

Bugzilla is your friend.