Samba 4 Technology Preview Released

daria42 writes "Samba creator Andrew Tridgell has officially released a technology preview of Samba 4 at the Linux.conf.au conference in New Zealand, ending a three-year wait for users. But wait before upgrading those servers. 'It may eat your cat,' says the Samba team in a statement, 'but is far more likely to choose to munch on your password database.'" From the article: "'Samba 4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients,' the group said in a statement on its Web site, noting this feature was 'the main emphasis' for the new software."

Jeremy Allison on Samba 4

Came across this (short but interesting) interview with Jeremy Allison, one of the project's lead developers, where he talks about Samba 4:

http://www.linuxformat.co.uk/modules.php?op=modloa d&name=News&file=article&sid=217

Any software that has a 'Susan Stage' has got to be cool :-)

Re:Jeremy Allison on Samba 4

[node+3]

There's a very interesting quote at the end of that article:

"Let's be honest, we don't really care about selling it, we're just having fun doing it. So long as we're having fun and we're working on problems that interest us then other people can worry about market share and how you sell it to the government or whoever, because that's the stuff that interests them."

If you think about it for a minute, if you consider how Open Source functions, where people work on the things that interest them, the "suits" that are often derided from some quarters are just filling a non-technical need in the Open Source community. There are often calls for people to test, write manuals, and create artwork as something they can do if they aren't programmers, but perhaps "marketing, sales, build corporations" are things that also should be added to that list?

To clarify, I'm certainly not talking about the CherryOS-style GPL-theives, but honest and earnest businesspeople (even though their motives may be primarily cash, they still must abide by proper Open Source rules).

Anyway, thought it was interesting.

Re:Jeremy Allison on Samba 4

[Chemicalscum]

RMS started the Free Software Movement because he wanted to improve a printer driver for an early laser printer and they wouln't give him the source.

Just Work (TM)

[ObsessiveMathsFreak]

But can I make an anonymous read/write share without performing invasive surery on config files. And can I then easily mount that share?

Samba is great as a home network share, but it's not a single click system. Security on a home netowrk doesn't really interest me. I'd like to be able to "just share" the files without setting up users etc, etc.

Re:Just Work (TM)

[tpgp]

Security on a home netowrk doesn't really interest me.

I know - thats why I'm posting this from your home PC.

I'd like to be able to "just share" the files without setting up users etc, etc.

Just post your requirements here I'll set them up for you... after all I don't want your home net to be locked down ;-)

Seriously - just because you would like software to be shipped insecure (and easy) by default doesn't mean that it should be. Have a look at this guide - Samba-3: A Simple Anonymous Read-Write Server

Re:Just Work (TM)

[Pecisk]

What he meant there should be definetly easy way to turn it on, of course, with warning that some security problems could arise. AFAIK, KDE and GNOME has both easy ways to create shares for now, but there is no way to configure SAMBA for just several default scenarios which could be - anonymous read-only, anonymous read-write, user-based read-only, user-based read-write, custom. Default could be user-based read-only. Or something like that.

For example, OS X Tiger server uses SAMBA for Windows support. Any mangling with configuration goes trough Server Admin GUI (you can mess with configuration file too), but any changes gets written back to standard smb.conf.

It could be very good and nice present for common crowd.

it's in Debian

[CAPSLOCK2000]

Debian allready has packages.
Install them by running:
aptitude install -t experimental samba

But you'll need to add an entry for experimental to /etc/apt/sources.list first.
If you don't know how to, you shouldn't be messing with experimental software anyway.

Samba 4

[YearOfTheDragon]

There has been info about Samba 4 for some time. Andrew Bartlett wrote a year ago an interesting thesis about Samba 4 and Active Directory (PDF).

But the release of this TP is good news, I hope that the use of Microsoft's Active Directory as an authentication service for Linux systems is coming to an end. All what we need now is a nice GUI.

What is this samba you speak of?

[squoozer]

Since discovering the joys of NFS I've not looked back (yes I do know what samba is and I run a samba server). Compared to Samba, NFS is almost too simple and reliable. Give me my complixity and unreliablity back!

Re:What is this samba you speak of?

[Spacelord]

I'm not a sysadmin, but I never got how NFS prevented a user plugging a computer which they have root access on into the network, mounting a common NFS mount, "su"ing to somebody's UID and then deleting their files. AFAICS, SMB handles this by requiring credentials of some kind from the computer. Can anyone explain this?

"Authentication" with NFS is IP based. You grant access to NFS mounts by specifying which hosts can mount that share. This implies that the hosts you allow are trusted, and that your network is trusted as well. So yes, if a computer you have root access to has been granted read/write access to an NFS mount then you can just su to someone else's UID and delete their files on that NFS mount.

Is it a good idea to use NFS in a security sensitive environment? Probably not.

My cat lost his password

[digitaldc]

'It may eat your cat,' says the Samba team in a statement, 'but is far more likely to choose to munch on your password database.'

Wow, it only took 25 days for Samba to break its New Year's resolution to eat less and lose weight.

Re:Only 6 years

[TallMatthew]

So, in 2006, Samba is finally able to do what windows was able in 2000?

Um, no. LDAP and Kerberos weren't invented by Microsoft. They put the two together and called it Active Directory, straying away from the RFCs and throwing in all manner of tweaks that required extensive reverse engineering on the part of the Samba team to figure out. That means figuring out the protocol from the packets, which is an incredible feat, especially as Microsoft's protocol designs aren't easily discerned and contain all sorts of weird gotchas (purposefully).

There's a lot of complexity under that GUI of yours and, whether you want to believe it or not, Microsoft isn't such an innovative organization. Generally, they poach something that's already widely available and tweak it so it won't be interoperable with other systems. If you call that innovation, then I guess that speaks for itself.

But as an Active Directory replacement?

[Money+for+Nothin']

Can it do authorization of group access to a given application? How about publishing network resources (printers, workstations, etc.)? Can Samba 4 replicate its data between multiple sites? Is Samba 4's AD functionality even built off any sort of LDAP technology to begin with (probably OpenLDAP, if anything)?

For all MSFT's faults (and there are many, as /. routinely points out), AD *is* a decent NOS directory...

Re:But as an Active Directory replacement?

[gentimjs]

Yes, active directory is decent - if you only ever want windows clients. I confess that Ive got a samba3 server (Gentooooooo) as "full" member of our W2K ActiveDirectory - and even got the permissions synced up enough so that users can right-click files and play with permissions through the gui on the doze client. HOWEVER this setup took weeks of tweakage, involved a dozen or so actual software packages, and required violating some published microsoft specs on how AD (supposedly...) works. If samba4 gives me this without the BS, I'm happy. If samba4 lets me replace my domain controller and have the existing doze infrastructure not notice, I'm even more happy.

Which version of Active Directory?

[j-cloth]

This all sounds great, but will it work when(if) Vista comes out? Previously, I had samba setups running beautifully on Win2K networks. Then 2003 came out and it messed it all up. Eventually Samba (and supporting docs) caught up and 2003 now works reasonably well. So will Samba 4 come out with great support for 2003 then break as soon as Vista is released?

Re:What Kind of Passwords Does It Prefer?

[DeadRoman]

I was going to say that it likes them hashed.

Easy Transition? Excellent.

[foo+fighter]

This is going to be fantastic for consultants when Win2K Server support ends.

Many companies are not going to want something that isn't supported and will be looking where they should transition. Savvy consultants can propose a migration to Samba which could provide higher margins than reselling Microsoft solutions -- especially if they aren't a close partner of Microsoft -- and they will be able to fix problems and customize the solution themselves without having to point fingers (they still can, they just don't have to).

This quote from the article gets me all warm and tingly inside:
"Tridge demonstrated sucking the life out a Windows 2003 PDC [primary domain controller] in one click, importing all its user and machine information using SWAT."
"He then restarted [domain server] BIND on his Samba 4 server, changed the server role to PDC ... shut down the Windows PDC and then logged into the domain with an XP client using the new Samba 4 server as the PDC."