Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba 4 Technology Preview Released

Posted by ryuzaki0 on from the it-may-eat-your-cat dept.

daria42 writes "Samba creator Andrew Tridgell has officially released a technology preview of Samba 4 at the Linux.conf.au conference in New Zealand, ending a three-year wait for users. But wait before upgrading those servers. 'It may eat your cat,' says the Samba team in a statement, 'but is far more likely to choose to munch on your password database.'" From the article: "'Samba 4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients,' the group said in a statement on its Web site, noting this feature was 'the main emphasis' for the new software."

5 of 167 comments (clear)

  1. Jeremy Allison on Samba 4 by Anonymous Coward · · Score: 5, Informative

    Came across this (short but interesting) interview with Jeremy Allison, one of the project's lead developers, where he talks about Samba 4:

    http://www.linuxformat.co.uk/modules.php?op=modloa d&name=News&file=article&sid=217

    Any software that has a 'Susan Stage' has got to be cool :-)

  2. it's in Debian by CAPSLOCK2000 · · Score: 5, Informative

    Debian allready has packages.
    Install them by running:
    aptitude install -t experimental samba

    But you'll need to add an entry for experimental to /etc/apt/sources.list first.
    If you don't know how to, you shouldn't be messing with experimental software anyway.

  3. Samba 4 by YearOfTheDragon · · Score: 5, Informative

    There has been info about Samba 4 for some time. Andrew Bartlett wrote a year ago an interesting thesis about Samba 4 and Active Directory (PDF).

    But the release of this TP is good news, I hope that the use of Microsoft's Active Directory as an authentication service for Linux systems is coming to an end. All what we need now is a nice GUI.

    --
    -= If you fight Dragons long enough, you will become a Dragon =-
  4. Re:Only 6 years by TallMatthew · · Score: 4, Informative
    So, in 2006, Samba is finally able to do what windows was able in 2000?

    Um, no. LDAP and Kerberos weren't invented by Microsoft. They put the two together and called it Active Directory, straying away from the RFCs and throwing in all manner of tweaks that required extensive reverse engineering on the part of the Samba team to figure out. That means figuring out the protocol from the packets, which is an incredible feat, especially as Microsoft's protocol designs aren't easily discerned and contain all sorts of weird gotchas (purposefully).

    There's a lot of complexity under that GUI of yours and, whether you want to believe it or not, Microsoft isn't such an innovative organization. Generally, they poach something that's already widely available and tweak it so it won't be interoperable with other systems. If you call that innovation, then I guess that speaks for itself.

  5. Re:What is this samba you speak of? by Spacelord · · Score: 5, Informative

    I'm not a sysadmin, but I never got how NFS prevented a user plugging a computer which they have root access on into the network, mounting a common NFS mount, "su"ing to somebody's UID and then deleting their files. AFAICS, SMB handles this by requiring credentials of some kind from the computer. Can anyone explain this?

    "Authentication" with NFS is IP based. You grant access to NFS mounts by specifying which hosts can mount that share. This implies that the hosts you allow are trusted, and that your network is trusted as well. So yes, if a computer you have root access to has been granted read/write access to an NFS mount then you can just su to someone else's UID and delete their files on that NFS mount.

    Is it a good idea to use NFS in a security sensitive environment? Probably not.