Samba 4 Enters Beta

rayk_sland writes "Progress is being made on the long awaited Samba 4 release. On Tuesday the Samba 4 team announced their first beta. Those of us who refuse to have a closed-source server at the core of our networks will be encouraged to see this milestone. Here are a few of the new features: 'Samba 4.0 beta supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. ... Samba 4.0 beta ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous alpha releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. ... Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python.'"

Big shoutout to Tridge and the whole Samba team

[Tough+Love]

Way to school Microsoft on their own technology!

Re:Big shoutout to Tridge and the whole Samba team

[buchner.johannes]

Way to school Microsoft on their own technology!

Perhaps those are the fruits of the Novell/Microsoft collaboration dedicated to enhanced interoperability ...

Re:Big shoutout to Tridge and the whole Samba team

It is much more likely that these are the fruits of long years of dedicated and hard work. In my books, the collaboration you mentioned is just the icing of the cake that is samba. When you have a look at, for instance, .Net/Mono you can easilly see how one-sided that collaboration is.

Re:Big shoutout to Tridge and the whole Samba team

Meh. Sun had CIFS in the Solaris kernel 5 years ago.

Re:Big shoutout to Tridge and the whole Samba team

[Tough+Love]

Way to school Microsoft on their own technology!

What, some Microsoft astromod resents being schooled? Get used to it.

Re:Big shoutout to Tridge and the whole Samba team

[Tough+Love]

Microsoft fought interoperability in every way they could using fair means or foul, legal or illegal. And still it did not stop the Samba team. The fact that Microsoft managed to slow them down for years is a testament to... something. Not anything nice.

Domain controllers are really the last bastion of Microsoft's illegal barriers to interoperability. This is a big deal.

Re:Big shoutout to Tridge and the whole Samba team

Uhh nope. More like the fruits of the Samba team sticking to their guns in the EU and microsoft being forced to open up their protocols.

Re:Big shoutout to Tridge and the whole Samba team

[Tough+Love]

Meh. Sun flushed itself down the toilet and Solaris is on life support. Do we care about Sun's substandard Samba clone?

Re:Big shoutout to Tridge and the whole Samba team

[isorox]

Meh. Sun had CIFS in the Solaris kernel 5 years ago.

Err, cifs has been around for years in the linux kernel (as a module), and smbfs before that has been around since at least June 96

Re:Big shoutout to Tridge and the whole Samba team

Yes but that's hardly "schooling" Microsoft which is the claim being made.

Re:Big shoutout to Tridge and the whole Samba team

[geekopus]

This is about much more than just the filesystem. You can run a full-on AD controller now, complete with group policies, etc. It really is a drop-in replacement for most of Active Directory does.

Re:Big shoutout to Tridge and the whole Samba team

[Bengie]

MS didn't just open up their protocol, they invited the SAMBA team, had 2 SMB/Network lead engineers to answer their questions, and gave them a full Linux+Windows environment to play around and test different things.

Re:Big shoutout to Tridge and the whole Samba team

[drinkypoo]

Do we care about Sun's substandard Samba clone?

Not since it became Oracle's substandandard Samba clone. I wouldn't fuck them with a stolen dick.

Re:Big shoutout to Tridge and the whole Samba team

[LordLimecat]

Does it fully replicate how halfbaked the printer GPOs are? That part is really important.

Re:Big shoutout to Tridge and the whole Samba team

[Ed+Avis]

Since a European Union antitrust ruling, Microsoft has been co-operating with the Samba team by providing them documentation. This is a news article from 2008: http://lwn.net/Articles/262891/ Sure, it's only because they have been forced to, so Microsoft may not get any points for being nice; but my understanding is that the Samba guys have been pleasantly surprised by the working relationship they now have with their opposite numbers at MS.

Re:Big shoutout to Tridge and the whole Samba team

[Anpheus]

Hopefully they have a properly implemented Quirks Mode that lets me simulate the unending horror that is deploying printers with user/computer policy GPOs.

Re:Big shoutout to Tridge and the whole Samba team

[Medievalist]

MS didn't just open up their protocol, they invited the SAMBA team, had 2 SMB/Network lead engineers to answer their questions, and gave them a full Linux+Windows environment to play around and test different things.

Absolutely true. It's a poorly kept secret - for several weeks there I couldn't get hold of anyone on the Samba team because they were all busy over at Microsoft.

I think Microsoft has finally realized, at some point, that linux is just not a real threat to their business model. By encouraging Open Source Software they can avoid monopoly prosecution while still dominating the markets they really want the most.

Re:Big shoutout to Tridge and the whole Samba team

[cjjjer]

Or maybe it had more to do with MS actually inviting the core Samba team to Redmond so they could work on better integration points to AD; they did this around the time Win2k8 was released. They have done this numerous times.

Microsoft Contributes Code to Samba
Samba Team Visits Microsoft For SMB2.2 Interop Event

Re:Big shoutout to Tridge and the whole Samba team

[TheLink]

It had more to do with the EU forcing Microsoft to do it.
http://www.reuters.com/article/2007/12/20/us-microsoft-samba-eu-idUSBRU00620820071220

The Commission ruled in 2004 that Microsoft (MSFT.O) must provide interconnection information letting rival server companies operate as smoothly with Microsoft Windows desktop machines as Microsoft's own server software.

The deal signed in the United States by the non-profit Protocol Freedom Information Foundation was focused on helping Samba, a non-profit maker of free, open source server software.

"The agreement allows us to keep Samba up to date with recent changes in Microsoft Windows, and also helps other Free Software projects that need to interoperate with Windows", said Andrew Tridgell, creator of Samba.

Re:Big shoutout to Tridge and the whole Samba team

[ckaminski]

But when will Linux implement something remotely like Group Policy?

Re:Big shoutout to Tridge and the whole Samba team

[Tough+Love]

Since a European Union antitrust ruling, Microsoft has been co-operating with the Samba team by providing them documentation.

Not everybody at Microsoft is evil. Spineless maybe, for sticking with an unethical employer even when possessing easily transportable skills and probably not even earning at top potential. Or maybe we even have some moles in there, little intrusions of morality only staying with Microsoft because of the good they can do in the face of rampant immorality. But I doubt it, that's just me trying to be nice. I'm not very good at it. I prefer to dwell on the truth.

Oh and I doubt that cooperating enthusiastically with the Samba team is the very best way to accelerate ones career trajectory at Microsoft. On the other hand, management is so far gone there they probably don't know who said what to who or why if it's not on a powerpoint, which we can rest assured it isn't, so maybe people are just doing what they think is right and not getting caught.

Re:Big shoutout to Tridge and the whole Samba team

Substandard how, exactly?
That it implements the functionality so well that Windows clients see it as a Windows server, or that Windows functionality (like 'previous versions' or VSS-related functionality, NTFS access controls, etc) and cross protocol interop (nbmand, simultaneously sharing over SMB and NTFS, etc) works with no configuration suggests to me that it's the opposite of substandard.

Maybe we have different definitions.

Re:Big shoutout to Tridge and the whole Samba team

Big deal yes.
"Schooling Microsoft on their own technology" by taking 12 years to release a beta of something which implements parts of Microsoft's tech without any of the refinement (don't forget, the MS implementation has 12 years of development, after being in a production-ready state, on this). No. not quite.

Schooling is what Active Directory did to Netware.
Again, excuses aside, how is this "Schooling Microsoft on their own technology"?

Re:Big shoutout to Tridge and the whole Samba team

[shutdown+-p+now]

Such co-operation would have to be decided pretty high up, and certainly no random employee would leak the specs and say so publicly.

Nah, GP is right. EU anti-trust stick really helps there. Microsoft racked up somewhere around $3B in fines in EU overall (though most of that is in IE case... but once you get fined for one thing, there's more scrutiny elsewhere as well; and if you get caught again, fines are bigger, too).

This isn't to say that there aren't people who are very willing to share docs and explain things once upper management gives green light to the effort, though.

Re:Big shoutout to Tridge and the whole Samba team

[LordLimecat]

Use a batch script with "rundll32 printui.dll,PrintUIEntry". Youll save a ton of headache. Yes its klunky. Yes, it really is the best way to deploy printers programatically.

http://forums.ocsinventory-ng.org/viewtopic.php?id=10929

Youre welcome.

(and I know that those GPOs look like they should work much better but... just dont)

Re:Big shoutout to Tridge and the whole Samba team

[rev0lt]

I may be wrong, but as far as I recall, SUN's Samba clone is the best non-MS in the market, and kicks Samba ass so far it may be in Australia now :). And yes, it helps that Samba is a big pile of sh**t.

Re:Big shoutout to Tridge and the whole Samba team

And yet neither provides anywhere near the functionality of Solaris' CIFS. All smbfs ever did as mount SMB shares. Think of that for a second. Article about Samba having some PDC functionality. Comment about how Solaris has had its CIFS server for five years.

Your retort: yeah well, Linux has been able to mount SMB shares for a a decade lol! As if it's in any way a relevant comparison.

Re:Big shoutout to Tridge and the whole Samba team

[sr180]

Solaris will join a domain - and allow decent user mapping. Samba's user mapping honestly just sucks - even when it is joined to a domain. There are options - but they are all 'patented' and expensive. (See Centrify or similar) (How do you patent user/userid mapping?)

Re:Big shoutout to Tridge and the whole Samba team

...or you could use vbscript instead so you don't have a "Windows can't find the printer but will try searching anyway" dialog box for invalid printer paths and can instead implement your own error logging for it:

Set objNetwork = CreateObject("WScript.Network")
objNetwork.AddWindowsPrinterConnection "\\server\printer"

VBScript is a pain in my ass, but it's still generally the cleaner way for user logon scripts.

yeah, but...

[Blymie]

Yeah.. but does printing work yet? :P It's been broken for what?

A decade?

Re:yeah, but...

He's a Mac user. Samba/Cups keeps falling over on OSX.

Re:yeah, but...

so yes, he is stupid

Re:yeah, but...

[cobbaut]

Are you stupid?

What's broken?

There has been no support for printing in Samba4 ever...
Same goes for a forest trust. These two are stoppers for many companies to switch to Samba4, everything else works fine.

Re:yeah, but...

Exactly. It's not "broken", it's simply not there.

That's like saying SQL support is broken in Samba4.

Printing can be implemented pretty well with Samba3.

Re:yeah, but...

[laffer1]

Apple doesn't ship Samba in Lion. Things worked better with Samba, but they wanted to avoid the GPLv3.

Re:yeah, but...

[drinkypoo]

Oddly enough, I have never had trouble making windows print to a Unix print queue. Of all the interoperability issues between Windows and Linux, printing has been the least of my problems.

Re:yeah, but...

[wolrahnaes]

Same. I ran a Windows client/Linux server environment for years with Samba 3 acting as a NT4 DC and the only real pain of managing printers was figuring out what parts I needed to strip out from HP's shitty installer to get driver auto-install working when a user first connected.

The two things I really missed from a native Windows server environment were WSUS and the ability to push software without resorting to silly hacks running in the login script. I can't wait for Samba 4 to get stable enough for packages to exist so I can play with it on my home network.

Stability problems I can deal with, compiling every time there's an update I can't stand.

Off Topic

At present, Slashdot is serving me an advertisment for "Dioralyte".

I'm just wondering why Slashdots customers think that an advertisment for a post-diarrhoea rehydration remedy is appropriate in this environment? Perhaps they think that the rollout of Samba 4 Beta will give Microsoft the shits?

Re:Off Topic

You mean the ads that are served based on you? So, basically /. is saying you were full of shit before.

internals? in python?

[epyT-R]

really? god help us all.. I really hope this doesn't affect performance or memory footprint.

Re:internals? in python?

[Martz]

Why not? It's a new major version which provides new functionality, and is written in python to make it easier for people to contribute.

Memory and CPU have never been cheaper, if you're still running your samba box on a PIII 450MHz then you'll probably want to stay on Samba 3.

Otherwise upgrade your hardware and move to Samba 4 when it becomes stable.

It *WILL* be slower and it *WILL* use more memory, since it's not stable and it's a major new version with new features.

Sheesh.

Re:internals? in python?

Why not? It's a new major version which provides new functionality, and is written in python to make it easier for people to contribute.

Memory and CPU have never been cheaper, if you're still running your samba box on a PIII 450MHz then you'll probably want to stay on Samba 3.

Otherwise upgrade your hardware and move to Samba 4 when it becomes stable.

It *WILL* be slower and it *WILL* use more memory, since it's not stable and it's a major new version with new features.

Sheesh.

Isn't this the same critic that people made of Windows and compulsory hardware upgrades for a good decade ?
So now Linux is as bad as Windows. Way to go guys !!!!
Instead of leveraging C and C++ for performance reasons we're going backwards at an alarming rate.
What's next ? Porting the linux kernel to python ? Great Scott.

Re:internals? in python?

[TheRaven64]

While I'm certainly not a fan of Python, it's clear that they are leaving the high performance parts in C, and just using Python for scripting. Samba comes with a lot of tools that are not performance critical. For example, the smbtree utility needs to print a pretty tree of the current network from the results of a scan. If the scan is done by the core C code, there's no reason why you can't write the part that parses command-line options, prompts for passwords, and displays the output in an interpreted scripting language: even if it runs at 1% of the speed of C code, users won't notice the difference because almost all of the time will be spent in the code doing the I/O.

Re:internals? in python?

[adolf]

What about the other users on the same computer who are also using software which is running 100x slower than it could, just because Python (or whatever) is the new hotness?

On a machine that's actually, you know, doing work, cycles count. Hell, even on a single-user netbook or tablet, cycles count, since it negatively influences both heat generation and battery life -- even if it's "fast enough" for a human's interaction.

Intentional (or even incidental) inefficiency is never a positive thing when it comes to computing.

Re:internals? in python?

[Tough+Love]

Give me a break. Samba 4 is not implemented in Python. You're not serious are you? Please tell me you're not serious.

Re:internals? in python?

[TheRaven64]

Programming is about picking the right tool for the job (which is never Python, but I digress). There are not going to be 100 users running an admin tool at once. Even that tool is not going to be loading the CPU, because it is going to be spending almost all of its time calling into C libraries. If the choice is writing it in a language that makes it easy to get bug-free and which does not impose any user-visible cost, or writing it in a language that makes what you want to do (e.g. string processing) error prone, likely to be buggy, and does not run detectably faster, then you are an idiot if you pick option 2.

Re:internals? in python?

Intentional (or even incidental) inefficiency is never a positive thing when it comes to computing.

You seem to be under the impression that the most valuable resource in computing is clock cycles.

It's not, not even close.

The most valuable resource in computing is developer time. If writing in Python makes it quicker to develop code (it does, by orders of magnitude), then that is "efficient". I've been writing C programs since the late 80's and even I can see that Python is a productivity win.

I get sick of people that rant about "inefficiency" in clock cycles when here, in the real world, the inefficiencies with the greatest business impact are the ones that cost dev time. Devs are freaking expensive. A dev spending 2 weeks squeezing an extra 0.1% of performance out of a non-critical part of an app is a complete waste of time and money.

By all means, don't make a slow heap of crap (I don't think Samba is). And by all means, for code which is profiling very poorly, impacting the users and hurting the business, look for lower level optimisations.

But please, for everybody's sake, get some perspective on this issue. Just because parts of it are not written in C doesn't mean it's not efficient, because "efficient" covers a heck of a lot more than clock cycles, at least to people who actually have to run a business.

Re:internals? in python?

[adolf]

You're right: There won't be 100 users running an admin tool (though I view smbtree, in particular, as more of a user tool...at least on the networks I've been paid to use). But there could easily be 100 users running 100 different Python apps which could be more-efficiently coded in...almost anything else.

The problem I see (and I see it more and more, and not just with Python) is that things are becoming more runtime-interpreted and less efficient. Going back some decades, it is often explained that it doesn't matter "these days", but I submit that it does matter -- and always has.

Instead of battling execution time (the CPU in my cell phone is ridiculously faster than my first half-dozen computers even if they're all combined and quadrupled), we're now battling energy efficiency. But other than terminology it's exactly the same game: Interpreted languages may be fast to develop, but cost more for people to use.

Case in point: I, a single user, notice when I'm running inefficient programs on my phone. Things generally happen very fast, but they also cause the hardware to get (sometimes uncomfortably) hot and the battery voltage starts to dive.

smbtree in particular is such a light-duty single-shot thing that it really won't ever matter to me, by itself, but the confluence of that and every other inefficient program makes a real dent in my ability to use my pocket computer and stay away from a charger, which has a real and tabulable cost in terms human time.

And not to be too pessimistic, but to extrapolate: It ought to be possible for a sufficiently-motivated person to ascertain the cost of such inefficient programming techniques in terms of human lives lost.

(Ugh.)

Re:internals? in python?

[DarkOx]

To determine if something is efficient or not you first need to decide what you are optimizing for. If electricity usage is your target no the move toward run time interpreters might not be great.

The thing is the more of the platform that is implemented as a collection of single use high performance machine code modules glued together with script code the more adaptable it is to my work flow. I don't have time to deal with all my information sources and various protocols I have to work with in C. Could I implement all that glue in C, yes, with enough wall time I could do that. Then again when Python/Perl/Ruby/Dialect abstractions exist I toss together a script that updates AD, our internal asset database, the HR system, and training/certification system to reflect the status change of 30 interns all in about 15min error free.

Might not work so well on my cell phone but it sure is nice on my laptop. Wall time is more valuable to me than added electricity cost per day.

Re:internals? in python?

[epyT-R]

umm.. no. This attitude is why it takes a 2ghz cpu and 12GB of ram to push the same data a server with 1/20th the resources was doing a decade ago. We need to re-learn that it's not wise to kill performance at low levels of the stack just to get more people involved. more people need to step up to the challenge, learn C and get it done right (or develop a new, better native language! and code in that). Python is slow as hell no matter how good the programmer is. It's fine for writing administration scripts and such, but it's terrible for low latency, high bandwidth applications like a file/authentication/authorization/allocation server. There's a reason why it's a general rule that system level daemons are written in C. sure I could see python being used to process its log files, or to automate directory creation, but the article uses the word 'internals' which makes me quite nervous about performance.. See, I like the idea that running smbd on a modern machine will actually GAIN me performance that wasn't available 10 years ago. That means more files being served at once, faster, which means users log on more quickly, and get better network performance. Happy users make for a happy sysadmin. I did not buy more cycles so that software developers can replace a few excellent C programmers with many mediocre ones who can't be bothered to learn proper systems programming. As an admin, I'd resent this because what's really happening is that these people are offloading their laziness onto my hardware. Yes, I could stick with existing software, but that's not really tenable in the long term.

now I could be wrong, as this summary is thin on details about 'internals', and I did not dig deeper, but if this is true, samba 4 is about to become the latest victim to the bloat craze of the 21st century. There is a BIG difference between a program being slower because of properly coded new features that justify the impact and emotionally driven development tool changes that blatantly waste cycles for politics.

Re:internals? in python?

[adolf]

Perhaps you misunderstand: I don't care about energy cost in terms of dollars: Energy, on the scale that I deal with, is damn-near monetarily free.

I care about two things: How efficiently a multi-user (or otherwise-loaded) machine can use the program, and how long I (as a single user) can operate between charges, or without the device overheating and slowing down or becoming unusable in other ways (dual 1.2GHz ARM cores and no meaningful heatsink == thermal dissipation issues, often to the extent that the device will refuse to charge the battery because the battery is too damned hot to be charged).

Things I don't care about: How long it takes a programmer to figure it out, how convoluted the programmer's learning curve is, and how much he/she hates the process of coding efficiently. With far more honesty than snideness, I really don't care about your problems.

I'm a user and sometimes an administrator, but never a programmer. (Fault me for this if you like.)

It's cool that you can combine all of those things ("error free") in 15 minutes, but: What does it cost? (And, again, I don't mean dollars. Human time is more valuable than money.)

Re:internals? in python?

[Dog-Cow]

In other words, you don't have a reasonable response that is anything other than a personal preference that you wish you could force on everyone else.

Re:internals? in python?

[Dog-Cow]

You are basically completely wrong about what the Samba team has done. All the daemons and such are still written in C (and/or C++). Did you really think that they would rewrite Samba from the ground up in an interpreted language?

All they have done is provide a scripting interface with bindings for Python. I don't know if the interface is generic enough to be used by other scripting languages, but that's irrelevant. The point is that you can script Samba, not that Samba is a script.

Re:internals? in python?

[epyT-R]

The most valuable resource in computing is developer time

that's great for them. what about MY time? and my users' time? I agree that time is money, and senseless nth degree optimizations are pointless, but offloading developer time by dumping bloated turds onto user hardware is a big no no. Every time this comes up, people want me to assume that the time magically disappears! it doesn't. it's offloaded onto the customer! This attitude is probably THE reason why so much software today is bloated beyond reason for a task.. The problem is compounded when the user must run multiple programs written with this attitude. Most developers assume the user's only going to run THEIR program and nothing else when they run their idiotic 'cost analyses.'

properly coded new features worth a small hit in performance are very different from killing it by multiple factors so that a couple of hacks can throw it together in 1/5 the time in a 'managed' runtime. The developers time is only one chunk.. one time+any patching. The time the users waste in slugging through a slow ass program is multiplied by the number of times they have to use it to complete tasks! Then there's the energy footprint and the cost of needless upgrades, not just the cost of the hardware itself, but the downtime associated with its setup and initial hiccups..and for what? so they get the same performance they had before with the old software? what a deal!

clock cycles are 'the' measurement of efficiency if you assume an average percentage of real business level work done per cycle. this includes the user. if the program runs faster than he can, all is good. if he's waiting around for guis to redraw, garbage collection to flush every time he clicks something, or his harddrive to swap out 900MB worth of bulk from all the other bloated software he has to run on his (often already underspec'd) machine, then it costs HIS company time, and him his sanity.

Re:internals? in python?

[epyT-R]

It still increases dependency hell, and it eliminates efficient scripting of those now 1% as fast operations. then there's embedded systems...

Re:internals? in python?

[epyT-R]

the cool part about properly coded native programming is that it's suited for a variety of environments.. from big iron servers, to pocket computers with tiny amounts of ram.. the script you talk about is something you run once a day, probably mostly IO bound.. the functions in a system daemon can be called hundreds to thousands of times/second...even more for real low latency and/or high bandwidth stuff. switching to a high level language severely limits the footprint the program can run in usefully.

Re:internals? in python?

[epyT-R]

I am glad to hear that, and honestly I doubted it, but the summary made me wonder with its choice of vocabulary, and trends these days would make me unsurprised if it was true. there is talk that the admin tools are now python based.. that does have implications if already existing scripts depend on rapid calling/scraping of admin utils.

Re:internals? in python?

[TheRaven64]

Oh, I'd agree about that. Scripting in something like Lua, which is a 200KB binary that can be embedded in the tool without much overhead would make sense. Trying to distribute Python programs is usually a disaster in my experience, but that doesn't make the original poster's complaint valid.

Re:internals? in python?

[VON-MAN]

Yet you did address him, if only to say that you will not talk with him.

Re:internals? in python?

You're right, human time is usually more valuable than money. That includes developer time.

Perhaps you are content to wait another 5-10 years so everything can be rewritten and debugged in C?

Re:internals? in python?

You should really upgrade your multi-user file-serving tablet to one of the current quad core models; same goes for your mission critical Domain Controller/Render/Database/Application Server.

Seriously, with hardware being a lot cheaper than software and maintainance most businesses aim to buy machines that get the job done under a typical workload. With all the machines of various sizes I have built, none were ever at their peak performance due to file transactions or calculating group policies. Also with the poor I/O of netbooks and tablets, alongside the over 1 GHz CPUs (note: 1 billion steps per second) working in them, neither you, nor the battery will notice a few thousand CPU cycles of overhead dedicated to samba4.

You, Sir, sound like the, dare I say, Gestapo of CPU cylces...

Re:internals? in python?

[drinkypoo]

Perhaps you are content to wait another 5-10 years so everything can be rewritten and debugged in C?

If the tools which have been rewritten in python are so complex that they would take 5-10 years to rewrite and debug in C, then they damned sure should have been written in C in the first place, because clearly they contain enough complexity to where the performance will suffer in python.

Re:internals? in python?

So, because you're a lazy hack that entitles you to waste everyone else's time?

Re:internals? in python?

if you want to talk to me, you know where to find me.

Re:internals? in python?

[ratboy666]

Huh... so a lot of people are wrong.

How many? Hard to count how many people, but we can certainly look at applications.

Let's examine my Fedora 17 laptop. In /usr/bin, 139 programs are written in Python, including my music player (quodlibet), repo management, some of abrt (defect reporting), time tracking, and desktop wiki.

Another 194 are written in Perl, including parts of fvwm, foomatic and callgrind.

388 more are POSIX shell script and 45 bash scripts.

There are 381 symbolic links, 31 hard links (which I now disclude), and 2346 binary executables.

There are 3522 total programs in /usr/bin.

67% binaries, 22% scripts, and 11% links.

[Java applications, and LibreOffice are not counted, but I'd imagine you would probably classify Java apps as scripts too]. This is a freshly upgraded netbook, and (since this is /usr/bin) we have only examined "system" or "distribution" applications.

I guess that 22% must be wrong. If we can extrapolate from applications to developers (hey, I know that is just wrong, but it's better than NO data at all), 1 in 5 developers is shipping scripts.

And that (proudly) includes me.

As to the "900MB"? The python interpreter has a 10kb front-end, and 1.7mb library. Yes, there is some additional overhead.

Let's examine QuodLibet (music player application): 67mb resident, compared to 11mb for Terminal (collecting this data), and 267mb for firefox (as I'm typing this comment).

QuodLibet offers albums, playlists, sophisticated queries, and runs just fine on a NETBOOK.

In Python.

Re:internals? in python?

[Hatta]

Developer time is spent once. User time is spent as often as the program is used. The difference is that businesses can externalize wasted user time.

Re:internals? in python?

[e70838]

The opposition between clock cycles and developer time is wrong. In C, developers are so involved in fighting against bugs that they can not search for smart algorithms. Many programs written in C get faster when rewritten in python.

Re:internals? in python?

that's great for them. what about MY time? and my users' time?

Original AC here. It's a trade-off. How much is your time or your user's time worth? How much are you willing to pay for it - financially and otherwise?

Lets try a contrived example. If I gave you the choice between an application written in a month and an application written in 3 months, with the following stipulations:
* The 3 month app is slightly, but perceptively, faster
* The 1 month app costs $20,000; the 3 month app costs $60,000
* Both apps are coded to an equally high standard - performance issues due to asymptotic complexity do not exist or exist similarly in both cases

Which would you choose? (if you're unhappy with the numbers, feel free to play with them as a thought experiment.)

It depends on a lot of different factors - how long you expect the software to be in use, how critical the software is, when you need it delivered, what your budget / resourcing / scheduling looks like, and performance requirements. The answer to the question will change with the problem at hand, but performance is only one of many factors to consider.

Now, if you really try to imagine that this money is YOUR money, that YOU are going to spend, what tangible payoff are you expecting for the extra $40,000? Could you convince a finance manager or venture capitalist to fund it, e.g. with a net present value analysis between the two options? Because fuzzy-wuzzies about user's time, energy footprint, upgrades, and the 'managed' vs 'non-managed' debate will not win the day. You need to show the numbers and you need to justify them. Good businesses do not invest in activities without a very clear picture of the expected benefits and return on investment - even if the outcome is frequently different to what was planned for, at least there is a solid plan.

Now factor in opportunity cost. Could you put that $40,000 to some better use instead? You could drop that into a term deposit and get a decent return after 3 months. How and why is the 3 month project option better? How about the developer(s), could they be doing something else of greater value?

How about project risk? Longer projects are inherently more risky. How does factoring that into the decision affect the outlook?

If you can make it through all of that and still have a solid case for spending the extra to get the performance, go for it. I'm not saying there are no circumstances where performance is absolutely paramount - HFT systems and rendering farms come to mind. However, to reach this point, you have to jump through a heck of a lot of hoops - certainly a more rigorous analysis than a shallow prejudice against scripting languages.

And certainly, Samba4 does not meet this level of rigor.

It all comes down to the point I originally made: devs are freaking expensive, and their time is the most valuable resource. Clock cycles are a dime a dozen unless proven otherwise.

Re:internals? in python?

Python is a stack as .net and java are: installing the python stack (interpreter + standard libraries) is fairly easy.

Distributing a standalone app (python stack + application) is still doable but that would be impossible in .net or java: it is just not the correct deployment given different python version can live together side-by-side.

Lua is embeddable because its designed in that way but again python competes in the java/.net field more than the lua one.

Re:internals? in python?

[AvitarX]

Admin can be greatly helped with basic programming, as can using.

I have a small collection of scripts (written in bash, using cygwin) for converting PDFs to single page tiffs with ghost-script (example of programming as a computer user).

Python access to things can also greatly improve the ability to admin. MS invested in a new shell for that very reason.

Re:internals? in python?

[someSnarkyBastard]

Maybe I am missing something here but if you compile all that python script into native code (and yes, you can do that) then doesn't the whole "unacceptable runtime interpretor overhead" argument go out the window?

Re:internals? in python?

[ckaminski]

Prove it. Give me *ONE* example.

Re:internals? in python?

[shutdown+-p+now]

Distributing a standalone app (python stack + application) is still doable but that would be impossible in .net or java

It's perfectly doable with Java - indeed, many Java apps come with their own private JVM so that they don't have to test all versions out there.

It is indeed impossible with .NET, because it is a system component on Windows (installs under %SystemRoot%). But it's quite possible with Mono, which can also be packaged privately.

Re:internals? in python?

[icebraining]

Hmm, no, you can't, there's no AOT compiler for python.

Re:internals? in python?

Huh... so a lot of people are wrong.

How many? Hard to count how many people, but we can certainly look at applications.

Sorry... did you have a point?

What is that? I want to say "Appeal to Authority" or, perhaps, "Appeal to Consequences" would be more accurate. Is there an "Appeal to Status Quo"? It's definitely a fallacy since you completely dodged the point in favor of a tangent.

Re:internals? in python?

[Hognoxious]

Can't speak for other OSes, but on Linux the blablabla/bin/java is just a symlink, and there's nothing to stop you invoking a specific JVM directly by using its full name.

IIRC there's even a tool to quickly flip the target.

Re:internals? in python?

[sydbarrett74]

the inefficiencies with the greatest business impact are the ones that cost dev time.

Yes and no. When those extra clock cycles are apportioned over a large external userbase, then you're absolutely correct. However, data centres change the entire equation. When you're talking about code that runs on thousands or even millions of server instances that you own or lease (think Amazon or Google), then 0.1% performance increases can translate into millions of dollars in savings, as well as the commensurate reductions in energy use.

Interesting, to say the least

[ameen.ross]

I've first tested Samba 4 around alpha 11. It was certainly an interesting learning experience and it was also surprisingly stable for an alpha product. I'd love to play around with it again after 2 years of development.

Re:Interesting, to say the least

I have an active Samba4 testbed intergrated to a huge AD structure and until alpha17 I've had all sorts of issues. However I now have alpha19 and things have changed considerably - it's working to the point where I have put a Samba4 test controller into production and have seen this Just Work once installed correctly.

However the official Samba4 install docs are shit. I had to work out a HOWTO that with the help of a few searches to fine tune it, that after a lot of work Just Works as well. You have to install and configure BIND, krf5, ntp etc one by one in the right order and get it right or you are screwed. I spent a few hours today knocking up a internal HOWTO based on all of that and it's now the install process I'm happy with and can execute in 15 minutes

The issues I see with Samba is not wether is nearing production ready or not - its a prick to install correctly if you don't do a lot of testing and research (which is why I despair at the wiki install process, frankly it's not worth spit) - which is why I think a lot of admins run into real deep trouble at first and often just give up. You also do need good working AD knowledge, an area a lot of Linux admins just do not have. You also need good Linux knowledge, something most Windows Admin just do not have. In other words, it doesnt allow clicktards to use it. You need to know what the fuck you are doing.

But when I have an Exchange 2010 platform referencing the Samba4 controller as it's DC, that's a really good test to see that it all really does work and works so well that even a AD sensitive application like Exchange has no idea it's not talking to a W2K8 controller.

So, summary - since Alpha18, Samba4 has become good enough to Just Work, no MS server knows the difference and someone with experience of NT back to 3.1/3.5 days is happy with how it works. However Samba really need to get the install documentation in much better shape or even simply point to HOWTO's that do work, so that they get more people to actually be able to USE the damn thing so you dont have to go through what I did to get to the point where I am. Take my advice, find a good HOWTO from somewhere that ISNT the Samba4 wiki and you will have a much better experience. Still not clicktard level easy and I suspect never will be..... but frankly clicktards should be staying the fuck away from SysAdmin anyway.

Re:Interesting, to say the least

Any pointers to this "good howto"?

I've seen a lot of howto's on Google, but the one on samba4 wiki seems most complete. I'm a bit worried to try it now, though.

Re:Interesting, to say the least

Exchange *installed* to it? Or was it a DC switch-a-roo?
Either way that's execellent work...we can only hope that unlike other parts of Linux, they don't optimize it for the clicktards too much.
Windows Server is already a foregone conclusion in that regard, of course...

Get-Unnecessary-Hypen-Command | Delete-Registry Hive | All-of The-Hive | Play-a-jig

Re:Interesting, to say the least

[AdmV0rl0n]

I'll be blunt.

You're an ass.
And secondly, yes, a W2K/W2K3/W2010 'DROP' in replacement should be clicktard ready. And no, I don't care if you happen to think thats a bad idea.
And you really need to comprehend what drop in actually means. Being totally unfit for purpose, and requiring a Panatir and a bucket load of black magic does not mean bonus points.

Its 2012, not 1998.

Obsolete Bleah

Tridge is so super talented. Wish he had focused on rsync....

Re:Obsolete Bleah

[Tough+Love]

Tridge is so super talented. Wish he had focused on rsync....

Why? It's perfectly well maintained by others, his talent is needed in other places. By the way, if you think rsync is cool, check out rzip.

Re:Obsolete Bleah

Your wish has come true, he did focus on rsync. That's what he did his PhD on!

And he implemented it and essentially finished it (or developed most of the fundamentals for it). That was good of him.

Licence

[psergiu]

Under what licence is Samba 4 published ? Still the restrictive GPLv3 or they adopted a more permissive licence that won't scare the legal teams everywhere ?

Re:Licence

[nzac]

If you wanted to sell ad ons, you should sell them to Windows server users.
I can't see how GPL would get in the way of internal use, you never distribute anything.

Re:Licence

[psergiu]

I see that i have been modded down - but that's the truth.

In the "real world" GPL3 is restrictive. At many corporations, the legal teams have forbade usage of any GPL3 software. I am also impacted by this at my work place - we have to do with older versions or commercial software as according to the "suits" a Microsoft Server licence & support contract are way cheaper than a lawsuit.

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management. So the lawyers say, and management will listen to the lawyers and not the engineers.

For home use - GPL3 is peachy - but noone has the need at home for AD & other advanced stuff that Samba 4 brings. The large networks - who could have benefited from Samba - will will keep making Microsoft rich because of the above reasons - and that's a friggin' shame.

Re:Licence

[psergiu]

How do you define "internal use" ? One subnet ? One building ? One department ? One company ? Multiple subsidiaries registered in different counties ? And what if someone not considered "internal" in one of the above ways sccesses (by mistake or unlawfuly) your software ?

How do you persuade a company legal team that GPLv3 is not poison and let the techies use GPLv3-licenced software ?

Re:Licence

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management. So the lawyers say, and management will listen to the lawyers and not the engineers.

This is complete fantasy.

Re:Licence

Hah. You're a fucking nincompoop. You're living in your own little fantasy land.

Re:Licence

[Bengie]

Using the software isn't the issue, it's changing the software.

Re:Licence

[nzac]

the legal they use in the is "convey":
To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
http://www.gnu.org/copyleft/gpl.html

A company carrying out work on the code and keeping it for them selves (same party), does not convey the code and does not run into any GPL clauses. If they they are legally two parties then as long as the second party can be trusted (you cant legally enforce it, as per the license) to not further convey the source, i think your fine as well.

How do you persuade a company legal team that GPLv3 is not poison and let the techies use GPLv3-licenced software ?

Get them to read the license. It only covers conveying of the source code as far as i can see. If you want to use it in a product you want to sell then they have every reason to get worried about it.

Re:Licence

[LordLimecat]

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management.

Im no lawyer, but that sounds like absolute nonsense. DMCA for example means that even if it is technically feasible to crack DRM, it is (or can be? not a lawyer) illegal to do so.

And if the files being served are company property, for another entity to gain access to them in an unauthorized fashion would certainly run afoul of several anti-hacking laws, at the very least.

Further, GPL says NOTHING about what you can or cannot do with compiled binary IIRC-- all of the scary restrictive stuff has to do with redistribution and modification.

Your legal team is incompetent if they think the GPL has any implications for anyone who isnt a developer specifically working on (or deriving from) the GPL'd source code.

Re:Licence

[psergiu]

> Your legal team is incompetent

Could be. And it seems it is contagious - i know a lot of other companies who have the same policies regarding GPL3 software :-(

Re:Licence

[psergiu]

It's called "corporate empoyment" and you can find in there magcal pieces of paper called "paychecks". Feel free to join the madness when you grow up.

Re:Licence

[Rysc]

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management. So the lawyers say, and management will listen to the lawyers and not the engineers.

This is complete nonsense and any sane reading of the GPLv3 will make that clear. Even if encrypted authentication were DRM, which I doubt to the extent that I believe no lawsuit attempting to prove it could succeed, it just doesn't matter because (1) the files are not themselves protected by this encryption, (2) even if the files are protected by this encryption the users of the fileserver do not have rights under the GPLv3 (AGPLv3, maybe, but not GPLv3) because they do not at any time receive a copy, (3) even if your users received a copy of the software used on your server they would not have the right to demand *YOUR* keys, or whatever, because the server admin's keys are not necessary to modify, build or install that software on their own hardware, (4) users of your server are in all probability legally the same entity as you (working for the same company one way or another) and thus even if you gave them copies of the binaries it does not count as conveyance under the GPLv3.

Unless you believe that copies of the samba4 software are being distributed to any user with authenticates to a samba4 server AND that the user has the opportunity to replace the copy sent to him with his own custom build before it is used by him AND that said custom build could not be used in conjunction with your network without password details that you wish to keep secret AND that at least one user is legally a distinct entity AND that the user has a right under the GPLv3 to demand access to your network AND that "domain authentication" is the same thing as DRM *AND* that DRM of this type protects not only the connection but individual files. In that case of course it's all quite reasonable.

IANAL.

Re:Licence

[Ash-Fox]

In the "real world" GPL3 is restrictive. At many corporations, the legal teams have forbade usage of any GPL3 software. I am also impacted by this at my work place - we have to do with older versions or commercial software as according to the "suits" a Microsoft Server licence & support contract are way cheaper than a lawsuit.

Cool story.

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management. So the lawyers say, and management will listen to the lawyers and not the engineers.

Yet another cool story. The GPLv3 only applies if you're distributing the software - NOT using it. So, even if there was such a clause (there isn't), it wouldn't apply.

Re:Licence

[LordLimecat]

Ive never heard of such a thing. I HAVE heard of companies which restrict the use of GPL TOOLS in a development process, because that (feasibly) could be seen to be "derivative". But if your business is selling widgets and you use linux, your internal memos arent somehow going to become public domain because you used GPL software. And if you use Samba to serve up files used in a development process, I dont think theres a judge in the world who would rule that your dev project is somehow derivative just because you used samba incidentally.

Re:Licence

[csirac]

And this goes especially true for Samba - as GPL3 is worded, you are not allowed to use-it to serve protected files, or, if you do, it's fair game to anyone to steal your data as this whole "domain authentication" stuff is Digital Rights Management. So the lawyers say, and management will listen to the lawyers and not the engineers.

This is utter FUD, no competent legal team can come to that conlcusion, unless they're so computer illeterate they are unable to tell the difference between source code versus data or signals/transactions which might be handled by a running instance of that source code.

For example, please point to me where in the GPLv3 I do not have the freedom to write my own DRM implementation (the next iTunes? eBook reader?) and then release the source under GPLv3.

My last (indirect) experience with our legal team and funding open source development was long and arduous, taking many months but not being able protect data (the entire point of the majority of our work) was never in question.

I mean, GNU would be breaking their own GPG, for crying out loud.

2002

[lkcl]

luke howard implemented Active Directory, in XAD, and released a product in 2002 (bought recently by novell). he used samba, freedce, heimdal and openldap, providing patches for each that hooked in the services that he implemented.

what he *did not* do was implement an entire LDAP server from scratch, implement an entire DCE/RPC runtime from scratch, implement an entire kerberos server from scratch.

i spoke to someone who used to be a big supporter of samba and was a prominent and active member of the samba team, last year. when i was working on samba-tng, he had 20 customers. ten years later that number is down to THREE - all others have gone back to NT Domains on Windows. one of those three is honest enough to tell him that they HATE samba, with a vengeance. they are bitterly disappointed, and the only reason that they are still using samba is because they are forced to.

the work i did on samba-tng *would* have proceeded to Active Directory interoperability *if* the samba team had not been so hostile towards it. in essence the samba team leaders felt threatened by my abilities, and did not wish me to become the technical lead [by default]. they simply did not understand the scope or scale of the task, were unable to fully grasp it, and to some extent they still don't. twelve YEARS later we see the results of their decisions and actions. what can i say?

Re:2002

Maybe because it was a steaming pile of spaghetti code..

Re:2002

[ledow]

I'm sorry, but if you could have done it ten years ago, maybe you should have. And released the product, and get bought out, and made lots of money, and proved everyone wrong. Hell, you still have a lot of time because Samba still has a LONG way to do yet.

Samba's AD implementation has been a long time coming but personally EVERY prior attempt I've seen, including quite a lot of samba-tng, was horrendously hacky. Having to install and configure perfectly 5-6 entirely independent dependencies is not a good recipe to test or debug code on (one tweak to one config file and samba would stop working for a user and it could take hours to spot that difference and massive amounts of reinstalling, reconfiguring and sending logs and configs back and forth). I took several looks at solutions over the intervening years but nothing was even close to risking the time to install them, let alone test the results. And believe me, I looked at anything and everything that came up.

From what I saw, most of the patching to get things like samba-tng etc. working code-wise was horrendously hacky and basically the equivalent of rewriting the spec - while Kerberos might be paid lip-service by MS, their variants are quite different and not the kind of thing you want polluting an otherwise independent codebase.

Trying to get patches to 5+ different projects in order to fix your non-standards-compliant implementation of a protocol sounds like a political nightmare from the start, let alone doing it for the sake of purely Windows hangers-on. At no point did anybody just fork those projects and create their own versions, either, except to rewrite independent implementations. Not reinventing the wheel does not take a genius, and I have no doubt that EVERY step possible to avoid that was taken.

Without even looking into the details, I would consider it Plan B to have to push massive amounts of patches to five other HUGE projects just to get something close to beginning working so you can start testing, in terms of actually getting something out to others for them to use in stable systems (for testing, debugging, sure, use whatever hacky solutions you like) .

Fact is that over the last ten years NOBODY else has actually stepped forward and done this work, except for proprietary, closed-source solutions (all of which have problems - hell, even Apple's implementation is basically borked) and Samba.

Projects forks are ten-a-penny on large OS projects but yet nobody stood up and said "Damn, he's right, let's fork samba-tng to get this stuff going and worry about the politics later!". And at any point, you could suck in the Samba4 work for yourself to help you diagnose, test against, etc.

I hear a lot of "I could have", but never much "I did". I'm not saying I could do the work at all, but the vast majority of the people who actually stepped up to the plate were in the Samba team. And nobody else, on any other open-source project, "beat" them to it - even with the help of the EU courts and Microsoft itself. That suggests that maybe the task was slightly more tricky than just slapping things together.

AD implementations are also not the kind of thing you take chances with. If one machine dies because of a dodgy kernel, who cares, you can do something about it. If your AD structure trashes itself mid-day because of a bad failover to a Samba DC, or a long, slow, push of faulty and subtlely-broken packets makes things irrecoverable, you have a lot more to answer for. That means that even the post-Samba-3 solutions to AD's that I tried would have required YEARS of personal testing before I actually trusted them (and would most probably only see deployment on their own isolated network and AD and then slowly, over years, creep to the point where I was confident on just replacing everything with them).

If alternatives existed, and the work was possible, it takes literally MINUTES to set up a code mirror and post your patches and then you can spam it to hell and let people choose their own prefer

Re:2002

You're sadly misinformed about how this all works. Samba code is licensed under free and open licenses. Nobody can prevent you from forking it, from taking it or parts of it and using it in your own projects. Not the maintainers, not the team leaders, not the developers.

Re:2002

People can basically stop reading at

in essence the samba team leaders felt threatened by my abilities, and did not wish me to become the technical lead [by default].

...thats when it's obvious this is nothing more than some bitter rant. Looking at your website, your 'genius' is quite obvious. Nobody wants you and your abilities, get over it.

Re:2002

[lkcl]

I'm sorry, but if you could have done it ten years ago, maybe you should have. And released the product, and get bought out, and made lots of money, and proved everyone wrong. Hell, you still have a lot of time because Samba still has a LONG way to do yet.

Samba's AD implementation has been a long time coming but personally EVERY prior attempt I've seen, including quite a lot of samba-tng, was horrendously hacky.

welcome to reverse-engineering. samba tng was "version 1" of the "three versions required to make a successful project". from not knowing anything, and not having access to the IDL files in any way shape or form it actually provided pretty stable functionality, and broke the ice for the entire CIFS industry. network appliances, sco/tarantella, luke howard's XAD project - all of them could not have been possible without having that code to look at and understand.

luke howard *did* do it [the equivalent of a version 2.0]. he *did* release the product [in 2002]... and he had to hold out for 8 years for a decent offer of a buy-out. everyone kept offering him stupid-money ($100k or less).

so it's not as clear-cut as you think.

i'm not entirely sure if you're aware just quite how many services and protocols are actually involved in "a samba". it's something like... eight separate and distinct networking protocols and something like over thirty separate and in some cases recursively-linked networked services. what i did in samba-tng was to "cut to the chase" and studied it day-in, day-out, often for twelve hours. the return on investment of three years of continuous work? absolutely fuck-all, because i'm not a self-salesman, i'm a software engineer [that's my look-out, nobody else's]. but, other people stepped up to the plate (in some cases by greedily pushing me aside and then privately regretting having done so).

anyway - all i'm saying is: they could have done a much better job, much quicker (a decade quicker), if they'd actually listened to my advice, and worked together instead of working to push me out and try to "take over".

Re:2002

[Sycraft-fu]

"You're a fool if you're telling the truth"

I'm sure he's not. He probably isn't outright lying, as in just making something up from scratch, but rather just suffering from Smartest Motherfucker in the Universe Syndrome, as many programmers do.

I see it all too often, programmers who seem to think they are god's gift to programming. They think they are WAY better than all the stupid "normal" programmers. They can't see why people have so many bugs, can't understand why development takes so long, can't understand why programmers don't "just make this happen," and so on.

Hence he probably did look at this and say "That'll be easy," not understanding the full complexity of implementing a really good AD server. The Samba team perhaps does understand and wasn't interested in playing around with someone who doesn't.

Re:2002

[lkcl]

- while Kerberos might be paid lip-service by MS, their variants are quite different and not the kind of thing you want polluting an otherwise independent codebase.

you're not getting it. luke howard's patches to heimdal, samba and openldap were the order of like 100 to 200 lines of code, each. they "outsourced" the required network traffic to XAD's daemons or plugins. for example, to create the PAC, luke howard implemented a well-known DCE RFC which provides a service called "PAULAD" - plugin authentication something something you get the idea - and then plugged that in to both heimdal and openldap.

the differences are *not* big enough to go spending years writing an entire new kerberos server and an entire new ldap server. plus, who the hell's going to configure these "new" services?? who the bloody hell's going to integrate them with existing kerberos and openldap deployments? who's going to convert their entire kerberos and openldap infrastructure of two or more decades over to something untried and untested - exactly as you've pointed out!

each of the services (of which there are about 30) required for an NT Domains system is something like 5-10 man-years of development to properly and fully implement. to start throwing in an entire new kerberos implementation and an entire new ldap implementation _and_ an entire new DCE/RPC runtime (which is itself a multi-man-year development effort) is complete madness.

that's why luke howard's work was successful, so quickly, because he leveraged the best available work in the most efficient and least disruptive way possible.

Re:2002

Why is this drivel modded up? For starters, why would anyone implement an ldap, dce/rpc, etc from scratch? Stable and mature projects exist for these, why reinvent the wheel, it's time spent poorly. That very notion is why nobody should give you technical lead on anything worthwhile, you would make poor decisions. Secondly, you clearly don't get open source development. It isn't about ascending some figment-of-your-imagination job title or dick waving. Just help, commit, fork, repeat. If you felt strongly about AD support in 2002, you could have submitted patches, or forked your own samba-blah and implemented it. Anything else is just unwarranted self importance and arrogance. In short:

Dear Sir,

You are an untalented nobody and a nutter.

Signed,
AC

Re:2002

why is it that everything you say makes you come off as batshit, even the way you name drop luke howard in every one of your posts smacks of mental instability

are you angry some dude nobody here knows about or cares about made it rich while you're still a nobody living alone?

Re:2002

Been there. Done that. Not with SAMBA, but with lots of other technologies. The ability for people to be selfish, closed minded, egotistical, and extremely near sighted should never be under estimated. And pointing this out, even politely, usually brings out arrogant pricks about how "I'm wrong", or "not possible", am foolish to "not have created a business around it and/or made a couple million....", so on and so on. In otherwords, the very small minded generally take offense and or become enranged with jellousy and somehow find means to justify an attack; no matter how politely worded.

Several things I've learned very clearly from life is that:
  o common sense does not exist - citing it is a fallback for the weak minded
  o life is not fair
  o by far, the majority of people are NOT inherently good at heart - they are selfish, selfish, selfish, and extremely self serving
  o excessive political correctness has become a shield of those who refuse to learn to cope and deal with people - which is not to say politeness has no place. On the contrary, politeness is generally lacking, but that's different from political correctness. Its sad they are frequently conflated; which is another sign of the weak minded.

Re:2002

[Ginger+Unicorn]

Bitterness is a sheild against ones own shortcomings.

Re:2002

[segedunum]

I've got to admit that the length of time Samba 4 has taken has left a bit of a bad taste in my mouth. Re-implementing all the required services in one package at a cost of many man-years never struck me as the greatest of brainwaves. Yes, there are a huge number of corner cases regarding exact compatibility but Samba 4 could have happened much faster and the drudgery of hard compatibility testing could have happened much, much sooner by reusing existing software.

As it is, Microsoft got Samba doing exactly what they wanted for the last ten plus years - pointless fire and motion, duck and covering - and the project has now become all but completely irrelevant. Samba 4 really needed to come out not long after the release of Windows XP. Those needing a Windows 2000 DC system gave up on waiting for Samba a long time ago. It might be moderately useful for those who have to use Linux systems in some fashion with Windows, although they will have found ways around that long ago, but the window of opportunity for Linux to replace Windows Server in a lot of places continuing the momentum of Samba 3 has been completely lost.

Re:2002

yeah nah, I wouldn't count your eggs yet on that assumption.

Lots of new startups happening with new sysadmins. if you get what i mean.

Re:2002

[bill_mcgonigle]

luke howard *did* do it [the equivalent of a version 2.0]. he *did* release the product [in 2002]... and he had to hold out for 8 years for a decent offer of a buy-out. everyone kept offering him stupid-money ($100k or less).

Serious question - why did I never hear of this? Either it didn't really work, it was the worst marketing job of all time, or it wasn't really open source.

that's why luke howard's work was successful, so quickly, because he leveraged the best available work in the most efficient and least disruptive way possible.

And every Unix nerd would have recognized this as the right approach and deployed it, if it spec'ed as per above. Something you're not telling us?

Re:2002

i read your comment up to... "I'm sorry, but if you could have done it ten years ago, maybe you should have. And released the product, and get bought out"

At that point, I stopped. that is fantasy-land, and an absurd statement--telling someone to spend a decade on a massive project-solo that is open-source no less. all so they MAYBE can be bough--that logic is asinine. One needs means to get by in this world, and you don't know each persons situation. what you proposed is incredibly high risk, with questionable reward. unless i were already fairly financially established, if i were in that situation i wouldn't gamble it.

I am merely an end user who also had high hopes for samba years back, and also moved along years back due to stagnation.

Re:2002

You completely miss the point. The GP is Luke Leighton who did the reverse engineering on which samba 4 is based. It is the samba team who is trying to reimplement everything from scratch. As you and Luke both say, this is retarded. Luke did fork samba creating samba tng, which was samba done right - a non-monolithic design reusing existing code (like FreeDCE). But as he says, the samba team were wedded to their own retarded vision, and there's only so much one man can do.

Re:2002

He did not say "spend ten years on it". He said "if you could have done it ten years _/AGO/_" (is that emphasized enough for you?), then he should have, rather than whining/bragging ten years later that he already did it but was too high and mighty to actually release it. This might also suggest that he's just an egotistical liar, and never actually implemented anything.

Current Samba3-as-domain-controller user here

So, I guess our organisation is one of those strange ones that persists with Samba as a domain controller.

To date, we have around 400 machines (desktops and laptops) running mainly XP (but some with Windows 7 and with a full migration in progress to Windows 7). We run two separate Samba 3 DCs to service out two domains. This setup has served us well for almost 10 years now.

The main challenge presented to someone trying to run Windows Vista or above on computers attached to a Samba3 domain controller is the lack of group policy options. With XP and below, you can use the 'ntconfig.pol' method to deploy policies to workstations on the domain. With Vista (and Windows 7) this method is no longer supported (and I don't just mean 'not officially supported, but works with some hacks'- it actually does.not.work.at.all). There are ways around this, and I have managed to find a workable solution that will allow us to run Windows 7 exclusively on a Samba3 domain and still have basically the same policy options available to us (this is achieved by working on the local computer policy for non-administrator users on the master image of our standard operating environment, combined with manually mapping samba groups to certain local groups on the workstation). This obviously isn't perfect, but it works for us and saves us a heck of a lot of money compared to the alternative, but I appreciate that what works for us won't work for everyone.

So for me, the major feature that Samba4 brings to the table is the group policy side of things (I know there's obviously a lot more to it than that, but at present that is the major thing that feels 'missing' from Samba3). Given that I see no reason why we won't end up sticking with Windows 7 until it ends extended support (in 8 years time) I see no reason why we won't be using Samba for quite some time.

Oh, and other than congratulate the Samba4 team in general, I have to give a personal congrats to Andrew Bartlett- a fellow Aussie and someone I have met personally. Thanks for all your hard work guys!

Re:Current Samba3-as-domain-controller user here

[denis-The-menace]

re: manually mapping samba groups to certain local groups on the workstation

In our large MS 2003/2008r2 network, we are recommending/enforcing mapping Domain Groups to Computer Local Groups on the (XP/W7) workstations.

Who cares.

I mean seriously ... who cares. If you are deploying an enterprise class infrastructure get yourself a couple Win2K8R2 VMs and move on. I loved Samba a decade ago ... it allowed me to avoid M$ products. These days Samba is just one big bug. I don't have the time nor energy to battle it.

Re:Who cares.

There's no less reason to avoid MS products now as there has ever been. You think it's suddenly become open or free?

Samba works great for many, and samba4 is actually being used in production in places, despite the beta tag. If you have to "battle it", then you do not understand how to use it, and you need to improve your skills or hire a competent administrator.

Re:Who cares.

No, but they have become a lot less shit in that time period. The pragmatists among us will appreciate that.

Re:Who cares.

So has free software. The real pragmatists among us appreciate that too.

Also, MS has got more shit in some areas. Licensing, is the big one.

Harsh

[AdmV0rl0n]

SAMBA-nice, has its uses.
But if you want to do AD, do it with MS. Don't pretend that it can be done with SAMBA (at least not without pain). At the very least, SAMBA trades its own mad ranting about being interoperable while setting everything internally so its not.

And bottom line, the squeeling, crying and whining about MS interoperability never struck a cord at all with me. SAMBA came about because open source and its structures offered nothing that came close. If Novell and MS can offer a client and a back end server, it seems to me that Linux and open source could have providided a best of breed method of its own.

Instead, all I ever saw was that MS was evil and Linux and open source had to be given access to it. To my mind this was nothing much more than legally enforced theft of technology and I never thought it was right.

Several years later - and having had access to all they wanted, this is where we are?
Given the fuss kicked up, and the legal demands, I think MS should turn round and issue a counter case and state 'where is the interoperable product people put us through a legal case for?' You said we were the case of the failure of this in the market place, we complied and where is the product?

And no, don't get me wrong, I really like open source, and I like Samba and so on, but I never liked or thought that legal case had any merit, and I never thought open source really got its shit together in providing anything, it just seemed to want to steal someone else's work in this particular area.

Re:Harsh

[ratboy666]

"it (open source) just seemed to want to steal someone else's work in this particular area."

What a baddass comment. Completely wrong, of course, but badass.

SAMBA predates Windows SMB server.

It would be just as accurate to say Microsoft "just seemed to want to steal someone else's work in this particular area."

Re:Harsh

Awful lot of misinformed Microsoft shills out spreading FUD.

Too bad you're so hilariously wrong that it's easy to spot you. Try educating yourself even just a tiny little bit before you troll, next time.

Re:Harsh

[drinkypoo]

SAMBA predates Windows SMB server.

Uh what? Lan Manager was a SMB server.

Re:Harsh

[LordLimecat]

Instead, all I ever saw was that MS was evil and Linux and open source had to be given access to it. To my mind this was nothing much more than legally enforced theft of technology and I never thought it was right.

Would mod you up if I hadnt already posted-- This never settled well with me. Earlier in the thread someone was ranting about how closed and inoperable AD / MS was-- but it seems like it at the very least got its leg up on its own merits, because if there had been a superior offering from "Open Source" at the time it seems to me that businesses pursuing profit would have found it, used it, and had an advantage.

Insisting that MS help everyone else compete with them just seems lame. If their product is so bad and inferior, out-compete them. Make a better product. Worst case, an MS rep will drop by with a buyout offer.

Re:Harsh

I believe that the validity of the claims about interop are rightfully based on the monopoly Microsoft has on the market. Their controlling monopoly allows them to KEEP other vendors out of the marketplace. One method of this control is to make sure other vendors products are not compatible. There are no other vendors because their can't be. It is nearly impossible to buy a new computer from a vendor that doesn't have windows unless you buy a Mac which is a premium priced unit.

Re:Harsh

[jrumney]

And bottom line, the squeeling, crying and whining about MS interoperability never struck a cord at all with me. SAMBA came about because open source and its structures offered nothing that came close.

When SAMBA came about, smb was a poor copy of NFS. SAMBA came about because pointy-haired bosses started bypassing the Unix wizards and building Windows for Workgroups based networks in the office and insisting that all the important stuff be stored there because getting a decent TCP/IP stack running on their PCs was too much expense and hassle. Active Directory came much later, when Microsoft decided to patch up the deficiencies in smb in Windows 2000 so it could move beyond the small-medium size offices and into the enterprise. Up until that point, SAMBA was a good, up to date implementation.

Re:Harsh

[ratboy666]

Um..

Lan Manager 2.0 for Windows couldn't have been released before Windows NT 3.1 (https://en.wikipedia.org/wiki/Windows_NT_3.1) which was released in 1993.

SAMBA was first released in 1992 (http://www.rxn.com/services/faq/smb/samba.history.txt).

Lan Manager for OS/2 was available, but I did say Windows. Also, OS/2 was seriously impeded by the x86 platform. Servers were Unix boxes (Linux was released in 1991, and wasn't yet ready for prime-time).

Windows was "peer to peer" networking, or OS/2 server to Windows clients back in '92. SAMBA was the first product that allowed "real" servers to serve files to Windows clients.

Re:Harsh

[ratboy666]

Bollocks

The reason for SAMBA was simply that Windows (Windows 3.1 for Workgroups) came with SMB file sharing.

SAMBA helped integrate these workstations with larger networks and servers.

Re:Harsh

[tlhIngan]

The reason for SAMBA was simply that Windows (Windows 3.1 for Workgroups) came with SMB file sharing.

SAMBA helped integrate these workstations with larger networks and servers.

Actually, SMB was created by DEC for their Pathworks software suite to connect VAXen to other computers.

Windows' involvment came later, partly because Microsoft hired a lot of VAX people over to do NT and a lot of Windows' heritage tends to reflect that.

http://www.samba.org/samba/docs/using_samba/ch01.html

Re:Harsh

[TemporalBeing]

SAMBA-nice, has its uses. But if you want to do AD, do it with MS. Don't pretend that it can be done with SAMBA (at least not without pain). At the very least, SAMBA trades its own mad ranting about being interoperable while setting everything internally so its not.

If you want all the latest features provided by Microsoft for the SMB/CIFS/AD implementation, then yes by all means use MS servers and pay lots of money for CAL licenses for each server so that you can host everyone, and be prepared to have keep all your workstations in sync with the version on the server because their backwards compatibility sucks.
If you want a version that works, continues to work through Windows upgrades, and provides login compatibility with Unix/Linux systems, then use SAMBA; or if you have Linux/Unix clients that you want to authenticate to a Microsoft server - use SAMBA. They continue to produce versions that remain compatible with older versions of Windows when Microsoft does not. Since Win95, every major release of the OS has had major differences in the SMB/CIFS/AD protocol that means patching older versions to keep compatible (Win95->Win98->WinME->Win2k->WinXP->Vista, or tweaking settings to make the new versions work with the old version (Win7).

And bottom line, the squeeling, crying and whining about MS interoperability never struck a cord at all with me. SAMBA came about because open source and its structures offered nothing that came close. If Novell and MS can offer a client and a back end server, it seems to me that Linux and open source could have providided a best of breed method of its own.

You run afoul of your own words. Novell did a great job with NetWare and GroupWare for a long time; that is, until Microsoft started doing things to make the login managers for Windows unstable. This pushed a lot of people over to using Microsoft DC/AD solutions as it did not crash Windows.

in other words, it's no simple job to keep compatibility with Microsoft products as Microsoft actively tries to subvert compatibility. Just look at all the various slight (and undocumented) adjustments to the MS Office Binary formats used until MS Office 2007, or all the undocumented extensions to the OOXML format they came up with after that. Or look at Microsoft's Kerberos and LDAP implementations used for AD, which have a lot of minor changes from their respective standards so that you can't just pull a standard Kerberos or LDAP implementation out and use it to do AD.

Instead, all I ever saw was that MS was evil and Linux and open source had to be given access to it. To my mind this was nothing much more than legally enforced theft of technology and I never thought it was right.

Several years later - and having had access to all they wanted, this is where we are? Given the fuss kicked up, and the legal demands, I think MS should turn round and issue a counter case and state 'where is the interoperable product people put us through a legal case for?' You said we were the case of the failure of this in the market place, we complied and where is the product?

And no, don't get me wrong, I really like open source, and I like Samba and so on, but I never liked or thought that legal case had any merit, and I never thought open source really got its shit together in providing anything, it just seemed to want to steal someone else's work in this particular area.

The SAMBA team has done a great job of keeping compatibility with Windows despite Microsoft's efforts to change the protocol and break compatibility. They even won an Anti-trust lawsuit over it in Europe and were able to get explicit technical documentation from Microsoft to build better compatibility - with free license to do it (e.g. no patent fees).

Re:Harsh

[ratboy666]

History

3Com 3+Share/MS Net/Xenix Net -> LanManager -> LanManager/X (portable) -> DEC Pathworks -> SAMBA

Re:Harsh

[drinkypoo]

SAMBA was the first product that allowed "real" servers to serve files to Windows clients.

On this we are in complete agreement.

Re:Harsh

[AdmV0rl0n]

It may well predate anything.

They still went to court and made the ludicrous demand 'give us access to your API and code' whine whine whine.
And your early SAMBA must have been before the days it made claim to mimic an NT4 Server as 'drop in'.

And on your final point, if MS stole the work, now SAMBA has had clear insight into that, code and API, when shall I expect the lawsuit?

 

Re:Harsh

[AdmV0rl0n]

LAN Manager was based on the OS/2 operating system co-developed by IBM and Microsoft. It originally used the Server Message Block protocol atop either the NetBIOS Frames protocol (NBF) or a specialized version of the Xerox Network Systems (XNS) protocol. These legacy protocols had been inherited from previous products such as MS-NET for MS-DOS, Xenix-NET for MS-Xenix, and the afore-mentioned 3+Share. A version of LAN Manager for Unix-based systems called LAN Manager/X was also available.

In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support for TCP/IP as a transport protocol. The last version LAN Manager, 2.2, which included an MS-OS/2 1.31 base operating system, remained Microsoft's strategic server system until the release of Windows NT Advanced Server in 1993.

Many vendors shipped licensed versions, including:

        3Com Corporation 3+Open
        HP LAN Manager/X
        IBM LAN Server
        Tapestry Torus

Questions?

Re:Harsh

[AdmV0rl0n]

Many vendors shipped licensed versions, including:

                3Com Corporation 3+Open
                HP LAN Manager/X
                IBM LAN Server
                Tapestry Torus

Boom.
Thats your ship being blown out of the water.

Re:Harsh

[AdmV0rl0n]

I nearly fell off my chair.
A poor copy of NFS.
You seem not to understand just how poor NFS (was) and just why so many people chose something else.

And - well, to be blunt, MS did not just make something that fixed up limits in NT. They created a de facto large scale directory service / server system that no one else really provided. And they made it relatively easy to install, maintain, and qualifiy people to use.

Note carefully the last part. Because some round here think that its clever, and a road to success to build things that people cannot use, that are arcane, and require fucking black magic, an oil tanker full of luck, and remarkable levels of patience for reading appalling man files, and add in a certain amount of abuse aimed at 'people' for failing to find or master the bullshit that only very low/small numbers of people master.

Anyone, and I fucking mean anyone who supports SAMBA, or is in fact in the SAMBA team should be dragged through the install and setup, and be forced to do so with real people until they both get it and seriously fix it. And once thats done, they need to spend a shitload on actually providing docs that are worth a shit, and examples in detail.

And then they can start to say its a 'Drop in' replacement.

Re:Harsh

[ratboy666]

Who are "they"?

SAMBA didn't bring a lawsuit against Microsoft. SAMBA purchased the protocol description from Microsoft for 10,000 Euros. There was also a round of legal discussion needed to keep SAMBA as GPL software.

The European Commission investigated Microsoft. This was triggered by a request from SUN to Microsoft asking for interoperability documentation for AD. Microsoft refused, SUN entered the complaint -- SAMBA didn't get involved until Microsoft tried to use SAMBA as an example of why protocol documentation wasn't needed.

"They" would then be SUN and the EC.

Why would SAMBA sue Microsoft? I don't think Tridge and Allison are "anti-Microsoft".

Re:Harsh

[ratboy666]

Read what I said. I claimed that it would be just as valid.

I don't think that SAMBA stole from Microsoft, and I don't think that Microsoft stole from SAMBA.

I just stated that the chronology made the original claim silly.

Re:Harsh

Your chronology was wrong;

Now that really IS silly.

And I read what you said, and we already know what you said was wrong. What next, some more bullcrap?

Re:Harsh

[rev0lt]

If you want all the latest features provided by Microsoft for the SMB/CIFS/AD implementation, then yes by all means use MS servers and pay lots of money for CAL licenses for each server so that you can host everyone, and be prepared to have keep all your workstations in sync with the version on the server because their backwards compatibility sucks.

You are kidding, right? I can probably hookup a W7 with an NT4 domain with less hassle than with samba.

If you want a version that works, continues to work through Windows upgrades, and provides login compatibility with Unix/Linux systems, then use SAMBA; or if you have Linux/Unix clients that you want to authenticate to a Microsoft server - use SAMBA.

This one is hilarious. Do you know that you _need_ to upgrade samba to work seamlessly with the latest Windows versions, right? Do you know that, at each release, you get new bugs and unexpected behaviour? Do you know that some releases are actually unusable (with show-stopper bugs in stuff like remote profiles), right? And that many many times, connectivity problems are "solved" by not using TCP/IP, but by enabling "NetBIOS" (on top of TCP/IP, but deprecated since W2K).

Since Win95, every major release of the OS has had major differences in the SMB/CIFS/AD protocol that means patching older versions to keep compatible (Win95->Win98->WinME->Win2k->WinXP->Vista, or tweaking settings to make the new versions work with the old version (Win7).

Yeah, it's called evolution. Today a W7 machine tries to negotiate an encrypted link, but if you want, with a couple of clicks on the local policy manager, you can downgrade expectations. It works. (Except printing, but that is mostly a "driver" issue)

You run afoul of your own words. Novell did a great job with NetWare and GroupWare for a long time; that is, until Microsoft started doing things to make the login managers for Windows unstable. This pushed a lot of people over to using Microsoft DC/AD solutions as it did not crash Windows.

While I share your respect for Netware, IPX was a shitty, non-routeable protocol, unsuited for modern tcp/ip based connections. Microsoft took over Novell's business not only by providing crappy IPX support, but also by reading the writing on the wall (TCP/IP was the future, and IBM/OS2 were already on board).

in other words, it's no simple job to keep compatibility with Microsoft products as Microsoft actively tries to subvert compatibility.

That is bullshit. Go try a copy of SUN's CIFS deamon (open sourced more than 5 years ago) and then tell me about it. Or check Samba's bugzilla for showstopper bugs. 10 years later, even the support of basic features is somewhat flaky.

Just look at all the various slight (and undocumented) adjustments to the MS Office Binary formats used until MS Office 2007

Show me a complex document format that spans a 20 year period that isn't complex. Go look at the DXF spec (a well known one) and then tell me about it. In contrast, the RTF specfification is clear and concise, even considering Microsoft extensions.

Or look at Microsoft's Kerberos and LDAP implementations used for AD, which have a lot of minor changes from their respective standards so that you can't just pull a standard Kerberos or LDAP implementation out and use it to do AD.

In retrospect, that happened 12 years ago. And given that their Kerberos implementation is *almost* compliant, and that their LDAP implementation is also *almost* compliant, 12 years is a lot of time.


Disclaimer: I actually use Samba as a domain controller on several clients and in our own infrastructure, and I'm deeply familiarized with the pains involved. I've been using Samba (as a server) since 2.1, mostly because it runs on the Unix operating systems I use/deploy, and when comparing to (at least) W2K Server/W2k3, it is dramatically faster serving files.The fact that OpenLDAP is a big stinkin pile of poo doesn't help either - specially considering that - for our infrastructure - using Windows Server is as good as free.

Re:Harsh

Sorry - not logged in at the moment.

If you want all the latest features provided by Microsoft for the SMB/CIFS/AD implementation, then yes by all means use MS servers and pay lots of money for CAL licenses for each server so that you can host everyone, and be prepared to have keep all your workstations in sync with the version on the server because their backwards compatibility sucks.

You are kidding, right? I can probably hookup a W7 with an NT4 domain with less hassle than with samba.

Win7 is a pain to make work with even WinXP SP3. Most of what you need to do is not documented by Microsoft; now, thanks to others you can make those changes to get Win7 to work in a non-Win7/Server2008 world. And yes, I've specifically run into these issues as Win7 was introduced in my work place.

If you want a version that works, continues to work through Windows upgrades, and provides login compatibility with Unix/Linux systems, then use SAMBA; or if you have Linux/Unix clients that you want to authenticate to a Microsoft server - use SAMBA.

This one is hilarious. Do you know that you _need_ to upgrade samba to work seamlessly with the latest Windows versions, right? Do you know that, at each release, you get new bugs and unexpected behaviour? Do you know that some releases are actually unusable (with show-stopper bugs in stuff like remote profiles), right? And that many many times, connectivity problems are "solved" by not using TCP/IP, but by enabling "NetBIOS" (on top of TCP/IP, but deprecated since W2K).

Yes, Samba will need upgrades just like Windows does to work natively with the latest versions. However, when doing so it can still maintain native support for older versions without a problem. Not so for Windows.

Since Win95, every major release of the OS has had major differences in the SMB/CIFS/AD protocol that means patching older versions to keep compatible (Win95->Win98->WinME->Win2k->WinXP->Vista, or tweaking settings to make the new versions work with the old version (Win7).

Yeah, it's called evolution. Today a W7 machine tries to negotiate an encrypted link, but if you want, with a couple of clicks on the local policy manager, you can downgrade expectations. It works. (Except printing, but that is mostly a "driver" issue)

The issue is not evolving it. It's the lack of backwards compatibility. Compatibility could be done by allowing things to degrade gracefully (as Samba does by default) instead of just cutting them out of the network (as Windows does).

You run afoul of your own words. Novell did a great job with NetWare and GroupWare for a long time; that is, until Microsoft started doing things to make the login managers for Windows unstable. This pushed a lot of people over to using Microsoft DC/AD solutions as it did not crash Windows.

While I share your respect for Netware, IPX was a shitty, non-routeable protocol, unsuited for modern tcp/ip based connections. Microsoft took over Novell's business not only by providing crappy IPX support, but also by reading the writing on the wall (TCP/IP was the future, and IBM/OS2 were already on board).

Forget about the whole IPX issue. I'm simply referring to the issue with the Login screens. There were many facets to Novell's software - networking, authentication, and more. The authentication portion replaced the login screen on Windows using the GSSAPI provided by Microsoft to do so. However, as NetWare/GroupWare was very successful, MIcrosoft did things that would specifically degrade the stability of the Novell solutions. The IPX issue was a separate issue, but IPX was around prior to TCP/IP; and later solutions enabled it to be done over TCP/IP.

in other words, it's no simple job to keep compatibility with Microsoft products as Mi

Re:Harsh

No one else really provided? You're sadly misinformed. Novell directory services (now eDirectory) did this better, earlier than MS.

Some of the largest sites in the world still use eDirectory because AD can't scale as well. Hah, nice work Microsoft.

Re:GPL *is* the most permissive license...

[Dog-Cow]

GPLv3 is very restrictive with respect to developers. It's fairly open from the perspective of a user.

What about LDAP

[ulzeraj]

I've tested alpha 16 and 18 and they are quite functional. I just wish they took the external LDAP route. Running on top of LDAP is good but being restricted to their own internal LDAP server isn't.

Right now if you check their wiki they discourage the use of an external LDAP server. So while they offer scripts to migrate your Samba 3.x LDAP based directory what should I do about the other applications using my directory server? Can I extend the schema? Their default setup doesn't even have the Posix schema attributed to nis.schema.

Re:What about LDAP

[robmv]

I am not sure about the current status of the work of the Red Hat team behind FreeIPA, that integrate Samba 4 with other FreeIPA base technologies like 389 LDAP Server (I remember Simo Sorce was working in Samba integration), there is outdated documentation about using Samba 4 alphas with 389 LDAP server backed, so there is interest in that kind of integration

Re:What about LDAP

Because MS violates rules for std. ldap, std. compliant LDAP probably doesn't work / work well.

MS OUs really aren't, they are only cosmetic in MS
MS attributes like mail, cn, etc. are single valued, these are supposed to be multi-value (rfc 4524).
MS schema (for the rfc bits are wrong too) like inetOrgPerson not inheriting the correct object class (rfc 2798)
Other attributes are defined in ways that violate the standard like unigueMember (rfc 2256)

Been a while since I was involved in MS hell (thank god).

Re:What about LDAP

[sr180]

Incidentally Ive noticed that 389 Directory server only allows single-values for attributes such as mail... They have probably done it to allow their replication to AD.

Tools

Just hope the tools that now allow slightly easier admin of Samba start looking at Samba4 now. Ok we are all CLI people at heart, but to move over the admins who just want to open AD tools and change a user, it would be useful.

This is a immense thing to appear and will help moving some offices over to not use M$ AD. Only problem is all the other tech that M$ pile on that you end up relying on. If its just AD and file, you are fine. But if you want to do Exchange, sharepoint and MS SQL, migration will definitely take longer! Not its impossible, there are some great alternatives, but just takes longer.

Re:Tools

[ulzeraj]

You can just fire the Windows Remote Administration Tools from Microsoft and connect to the SAMBA4 server just as if you would with an AD server. There is also some work done on the SWAT interface but I didn't tested it yet.

If you want to move away from Exchange you can also check Zarafa, an open source implementation of MAPI with some commercial features. Their free version is 100% functional and offers a webmail interfaces pretty much identical to OWA with most of the Exchange groupware features like shared calendars, public folders, meetings and whatnot. The only restriction is the limit of 3 users for the Outlook Connectors. Their commercial version offers some useful backup and management tools, including schema and plugin for AD.

Novell Open Workgroup Suite with Open Enterprise Server, Domain Services for Windows, Zenworks and Groupwise is also great if you have the budget and don't care for code openness.

Re:internals? in python? PLEASE!

Memory and CPU have never been cheaper, if you're still running your samba box on a PIII 450MHz then you'll probably want to stay on Samba 3.

Please save this hackneyed retort for the Python programmers user group meetings.

Perhaps you missed the current and refreshing trend towards cheaper, fanless, low powered computing devices. Think embedded and NAS. Even if hardware is cheaper than it was, that doesn't mean we want to waste our money. But, more importantly, we don't want to suffer noise, heat, size or power consumption unnecessarily.

Your stock programmers mantra is not only wasteful, it is why we need a quad core 3Ghz with oodles of RAM to do the same work, in the same slow time, that we did 15 years ago with the 450Mhz PIII you cited.

SAMBA is a file server. A very basic function that should not require orders of magnitude increases in computing power with every iteration because of lazy programmers. The ultimate work output, sharing files and directory service, remains unchanged, so why must we make the software huge and slow?

I get that Work == Hard, but that doesn't mean that it shouldn't be done.

Re:GPL *is* the most permissive license...

[LordLimecat]

You have a funny definition of permissive that seems to include "has restrictions". The "most permissive license" would be one that imposed no use restrictions whatsoever-- which GPLv3 (and v2) does not qualify for.

You might say that its the "most free" or "most open" or "most consumer friendly", and possibly some might agree with you, but certainly not most permissive.

Can Linux play too?

[Dr.Dubious+DDQ]

The decade-long focus on playing nice with Microsoft Windows seems to be getting somewhere, but I haven't seen much about letting Linux play too.

Does CIFS implement SMB2 yet (or is there an "SMB2FS" module that I missed), or is Linux still excluded outside of "smbclient"?

Can SAMBA4's LDAP server also be used for standard basic LDAP authentication as well "e.g. for web servers, minimalistic *nix boxen, etc) or does it still only permit authentication by clients implementing a full "ActiveDirectory®" stack?

Re:Can Linux play too?

[ulzeraj]

Official support for SMB2 exists since Samba 3.6. It was present in 3.5 but it was marked as experimental.

Re:Can Linux play too?

[Dr.Dubious+DDQ]

That's only within SAMBA itself - yes, Linux has been able to serve Microsoft Windows clients in SMB2, but can Linux MOUNT an SMB2 share yet (e.g. mount.cifs)?

I haven't tested, but I presume Samba's smbclient tool might be able to handle being an SMB2 client, but that's an awkward substitute for a real filesystem mount.

Developers are just disposable meatsacks to PHBs.

[Medievalist]

The most valuable resource in computing is developer time.

Whoo, you might want to have that ego inflammation lanced. I think it's starting to interfere with your vision.

Re:Developers are just disposable meatsacks to PHB

[Hognoxious]

Nothing to do with ego. Programmers are expensive.

You just don't have proper PHB attitude.

[Medievalist]

Nothing to do with ego. Programmers are expensive.

You need to shop around more, then. Try Eastern Europe or your local high school, since wages are rising in India and China. Programmers are cheap; you just burn 'em up and then kick them out the door, like Cato the Elder said. They can work in the salt mines after you use up their youth and genius.

Remember, product quality is not an issue! PHBs aren't competent to recognize quality anywhere but the golf course, and their marketing plans don't depend on providing any actual value to customers anyway. Think of your customers as prey, to be cozened and schmoozed until you've sucked all the money from their flabby corpses, then you can discard them just like programmers.

What's wrong with Python?

[INowRegretThesePosts]

Programming is about picking the right tool for the job (which is never Python, but I digress).

What faults do you find in Python? I would like to know.