Learn from Samba-Man Jeremy Allison

Jeremy is a leading Samba maintainer, and therefore one of the world's leading experts on Samba, which is often held up (along with Apache and the Gimp) as a sterling example of efficient and useful Open Source development. In the interest of full disclosure, we must mention that Jeremy is now employed by VA Linux, but that his primary responsibility is still Samba, just as it was when he worked for SGI. Look for Jeremy's answers to your questions within the next week.

"Point and Print"

[Anonymous Coward]

... is what they call it over in M$ land.

Samba has done this since some point in the 1.9.x line, since I have a few systems that have been doing it for that long.

Look at PRINTER_DRIVER.TXT in the docs that come with the Samba source tree. It goes into all the gory details. You have to get your hands dirty and rip into the crap that companies like HP give you, but it DOES work. They say "add this printer" and it just pulls it down and starts going. HTH.

Oh, and with regards to your ACL / "out of Unix groups" dilemma - let me add a hearty AOLer style reply: me too! What you seek would be very useful.

What I'd need in order to trash our NT servers

[bob]

I work for a US governement agency, and we use Samba extensively in our mixed Solaris/NT (soon to be Solaris, NT & Linux) network. In fact, partly because we are able to provide better support for our Solaris servers and partly because a lot of analytical processing is done under Solaris and Solaris can't straightforwardly mount NT filesystems, most of our users store most of their data -- even their NT-native data -- on the Samba servers, not the NT servers. We don't see a liklihood of this preferance going away anytime soon, and we would seriously like to do away with our NT servers if at all possible, and replace them with servers running either Solaris and/or Linux.

We are now in the process of redesigning our authtentication and name services schemes, and at least in my division -- what with the extensive use of Unix -- Active Directory is not a leading contender to provide any of these services. What we need is good support for NT desktop workstations (MS Word being a business requirement and all) and Unix file, print and computational servers. Preferably Unix and NT systems would obtain authentication from the same source, e.g. a Kerberos or LDAP server. Note that, as contrasted to some "appliance-like" implementations of Samba servers, we need to support login authentication to the Unix machines (both through telnet and xdm -- most users use eXceed on their NT workstations) as well as mapping SMB shares, so having Sabma be able to use an authentication service is not sufficient; xdm, telnetd and login must also be able to use the service. (We currently use Samba in security=server mode -- both the NIS master and the NT PDC are controled by the same adminstrative team and a single person will add userids to both -- so most authentication is handled by the PDC, except for Unix login and xdm which are handled by NIS.)

In addition to login authentication, we do of course need file services for the NT workstations. But full control of file ACLs from the NT client side is an absolute long-term requriement. Today, our users control file security by creating files first in Unix and setting the permissions, or by logging into a Unix server and doing a chmod/chgrp on the file after it gets created by Samba on behalf of the NT workstation. By setting restrictive default permissions in the Samba configuration, this is relatively safe, but it is a huge pain. Thus, in some cases where file sharing among several NT users must be supported and complex security requirements exist, users will typically create the files on the NT servers. On the Unix side, we have maybe 100 groups for a few hundred users, and have had problems with users being in more groups than are supported by the OS. Also, many groups completely change membership from month to month depending on project staffing. Thus, whatever our solution is must support very fine-grained and dynamic control over access control lists, and it must be straightforwardly controllable from the NT client side, preferably though Windows Explorer.

One other thing we make use of in NT is NT Server's ability to transparantly download printer drivers to NT workstations. Since our users don't have administrative access to their workstations, they are not able to install their own printer drivers. NT deals with this configuration by storing the appropriate driver as part of the printer share on the NT side. When a user maps an NT server-based printer to their workstation, the driver is automagically installed on the workstation. If Samba can't do something like this, it could cause a pretty big headache for us. (Samba may do this today, I'm not sure).

Finally, one major issue is how one goes about distributing software and patches to NT workstations, and also how they may be remotely controlled by help desk and/or administrative staff. Currently we us Microsoft's System Management Server for this, which kind of sucks in a lot of ways. Still, it would be utterly fabulous if it worked the way it seems to have been designed to, and it really does provide some essential services today. This is kind of pie-in-the-sky, but a solution that didn't address some of the function lost if SMS were shut down could easily result in whole lot of lost shoe leather.

There's probably some other things, but I've listed what I think are the big ones. If authentication and name services can be integrated for NT, Samba and Unix, if users can have fine-grained control over file ACLs, if printers can be transparently mapped without having to install drivers by hand, and if an alternative solution can be found for software distribution, remote control and other services provided by SMS, then I think we stand a chance of shutting our NT servers down completely. Partial solutions, such as addressing only the file ACLs and integrated authentication, are likely to help to get rid of a large number of the NT servers, but are not likely to eliminate our dependance on NT Server altogether.

Jeremy, any light you can shed on these issues would be greatly appreciated.

Thanks,

Samba Performance

[Russ Steffen]

Any insights into why the otherwise stellar performance of Samba is so miserable when using the MS-DOS Windows-networking client?

I use Norton Ghost to do a lot of system cloning, and when using the DOS client to save a hard drive image to a server, throughput to Samba maxes out at about 3MB/min (for reference, a null parallel cable does about 4MB/min). Throughput to an NT box on much lower end hardware goes about 80MB/min. It's usually faster to make the image on a real NT box (or even a VMWare fake NT box) and then FTP it to the Samba server.

I understand that the peculiarties of the client can have a large impact in the performance of SMB, but what does the MS-DOS client do so different that would account for a nearly 2 order of magnitude decrease in performance?

How about a role reversal?

[Pauly]

First off, thanks for the amazing feat that is Samba. I love it.

I'm curious if you ever contemplated reversing Samba's role in connecting Windows clients to server-based print, file and authentication services.

Imagine, instead of building software that makes a *nix server behave as a Windows server, create software that enables clients to understand the behavior of a *nix server.

It occurs to me Linux could continue it's best of other-breed approach to functionality by presenting a combination of the best of Windows/SMB, UNIX/NFS and Netware services to a open-source windows client custom built to understand them.

What do you think?

Windows 2000 Publicity

[rusty]

How do you feel about the claims Microsoft are making with regards to Windows 2000?

Rusty.

Re:Samba Performance (with DOS)

[Jacco de Leeuw]

Hi Russ,

Have you tried other DOS clients? (See my webpage).

Just for testing, have you tried downgrading Samba to a lower protocol, such as LANMAN2 or even CORE?

I wished I had more time to check out these kinds of things since clearly the Samba guys leave these things for other people to fix. And rightly so since they have no need theirselves. I guess we have to scratch our own itch, eh? :-)

And yes, some people still have a need for DOS. Perhaps not in the US, but World != US.

Re:Replacing NT

[davecb]

(I actualy disagree with Pheros_7f4 about Microsoft changing things intentionally, but that's a side issue...)

The usual sense of "replacing my NT PDC" is to provide all PDC functionality in Samba in the much the same way that MS pioneered it, (a bit of a long-term task).

What's your opinion of providing the unix equivalent of an SMB server, with things like DFS supported on top of automounter tables, much like "homedir map" already does?

--dave

The Future of Samba

[jjr]

With W2k out and mircosft tring to push it as the next best how has this change your plans with Samba.


http://theotherside.com/dvd/ [theotherside.com]

Brain drain.

[Rodos]

So are you still living in Australia? If so how come you have not moved to the USA like so many others? Whats your view on the Australian brain drain of elite technology people? Pevious Young Australian of the Year, astronomer, Bryan Gaensler, in an article in the Age Newspaper [theage.com.au] said

A more subtle form of haemorrhaging is the dreaded brain drain that sees Australian scientists, frustrated by lack of opportunity at home, take their knowledge and ideas overseas.

Other standards

[Kismet]

Do you see any future shifts toward other standards, such as reggae, mambo, or salsa?

Re:Did you get any VA Linux stock?

[Zico]

I'd consider them both to be hardware development companies. NetAttach [netattach.com], which VA Linux paid about $40 million in stock and cash for, "has developed Linux-based technology for creating a high-availability storage appliance," according to the press releases. (They're part of the Network-Attached Storage [NAS] market.)

TruSolutions [trusolutions.com] got about $200 million in cash in stock, and the main thing they bring to the show is their engineering abilities in designing "Linux-based high-density rackmount servers." This is the purchase that sounds a bit questionable to me -- I don't wanna knock 'em, 'cause I'm all for taking the money and running, but can you really take a look at their website and picture that as a company worth $200 million?

Cheers,
ZicoKnows@hotmail.com

SGI's feelings toward Linux

[Zico]

Hi, do you keep in touch with your former colleagues at SGI? I was just wondering if they harbored any bitterness because Linux basically destroyed their company. Does their morale suffer from their PR department making a much larger effort to associate the company with Linux than the effort they put into promoting SGI's own IRIX?

Cheers,
ZicoKnows@hotmail.com

SMB And routers

[toofast]

The SMB protocol itself is a subset of TCP/IP, and therefore it will work even thru the Internet. The complication is when you wish to browse resources in the Network Neighborhood. As the browser uses B-Node broadcasts to fill the Browse List (list of servers in a workgroup), these broadcasts are not going through the routers. Samba enables you to "broadcast on another subnet", hence you may "see" Samba servers in the same workgroup on different subnets.

Windows remedies this situation by using a WINS server, which is a replacement for the broadcast nature of name resolution. Using a WINS server, each client (regardless of their subnet) can query the WINS server to resolve names and browser requests. These requests can (and will) be routed if several subnets exist.

Another way to deal with cross-subnet browsing is using NT's LMHOSTS file, and including both Domain Controllers in the file, but that's another story!

SAMBA

[SONET]

I just wanted to give my thanks for your involvement (and everyone elses) in the Samba project. I now have four servers at an elementary school running Samba, one of which actually just went up today. The one that went up today was replacing a Win32 machine that had nothing but problems from day one.

It's difficult to get teachers to depend on something other than a chalkboard... the flaky Windows server certainly wasn't helping their confidence in the file server idea. It took a major dive last week so I finally made the somewhat time-intensive transition to Linux/Samba.

I've never had a single problem with any of the servers I have running Samba on Linux (a couple have 250-300 day uptimes!). My only wish would be for Samba to be faster / more intuitive to configure without having to use a GUI or web interface. :) Anyhow, it's nice to have one less Windows machine to worry about... without your efforts I would have had more ruined weekend plans to look forward to.

Thanks again for your efforts,
--SONET
http://www.hbcsd.k12.ca.us/peterson/technology

Re:Samba File Locking

[Tony-A]

dBASE, at least dBASE for DOS through 5.0 uses logical rather than physical locks for locking resources. The dBASE locks are negative numbers. To lock record n, dBASE locks the file at something like position -n-2, IIRC. The offset is due to using -1 and -2 as locks for (sorry, I don't remember). If you are interested, I can probably rework out the specifics of the locking.
(Tony@ServaCorp.com) Intrspy/Cmdspy don't work under NT.

smbfs for other operating systems?

[HHaygood]

In a heterogeneous Unix environment, smbclient is relegated to a role somewhat like that of an FTP client. Linux supports smbfs; are there any plans to create the necessary kernel modules to allow other operating systems (Solaris, for example) to mount CIFS shares into their virtual filesystems?

sharing files

[_Tal]

What method do you advocate for sharing files FROM a windows NT box to a Linux filesystem? smbmount is supposedly NOT part of Samba, so what is the Samba or other solution?

Samba File Locking

[MattTC]

I have noticed in my work with Samba that there seem to be issues with File- and Record-locking using older database sytems (Specifically Dbase), that can only be solved by turning off Samba file locking (which causes its own problems, of course).

Do you know what the cause of this incompatibility is, and is this something that will be fixed in the future?

Re:Samba File Locking

[MattTC]

Well, I am interested, if it is possible I can get my specific dbase app to run on a samba server.

The app in question is using the Clipper/Codebase command set. (Don't ask why).

Feel free to email me (remove the ANTISPAM).

SP7

[kaze]

Any suggestions on training paths for MCSE's to take to get to be sub-guru level *nix profesionals. Is there anyway to tell in OpenSourcer's code has been used by Microsoft? If W2K does turn out to be a failure, do you see SP7 etc for NT4 coming out?

Re:Challenges for new contributors

[UseTheSource]

I don't think Samba should live long as you say (although it probably will). As a protocol, SMB was horribly designed from the outset, and the only reason for Samba therefore is interoperability with M$ systems. I think everyone, Samba team included, would probably hope that SMB would go away and that we'll no longer need to use Samba. Come on, even M$ could come up with something better than the current SMB design.

Has the Samba Project Received Static From MS?

[EXTomar]

If Samba keeps with their design and coding philosophies, it would seem that Samba is destined to be ported to many platforms. This kind of wide spread acceptance seems to be in constrast in what Microsoft had in mind(ie Microsoft would rather charge Sun to support their platform...instead Samba comes along and gives them it to them). At the risk of sounding like an alarmist or a troll, have you or your team received any static from Microsoft for exposing SMB to platforms they never intended to support?

Re:MAPI support in Samba?

[ckaminski]

Exchange supports POP3 and IMAP, so I don't understand why Linux users can't access email.

The thing with MAPI is that it isn't a protocol per say, its MSRPC running over Netbios. You would need to decode the RPC calls. Not an insurmountable task, mind you, but not necessarily one that is necessary considering Exchange's web support and IMAP/POP3 support.

Share permissions? *shudder*

[DebtAngel]

I was going to flame you, and tell you that share persmissions are, always have, and always will be, a bad idea.

But then I realized that is just my personal opinion. I've always thought that as long as you have your permissions set properly in the first place, you don't need to restrict them again.

Never mind the fact that you aren't really talking about NT share permissions - you just want to implement them, and pretend you are implementing real ACLs.

It's still a bad idea.

Re:Share permissions? *shudder*

[DebtAngel]

I agree that ACLs are better than Unix permissions. But I still *hate* share permissions. It adds a layer of complexity that is truly...dumb. I know several admins (okay, MCSEs) that set share permissions, leave the NTFS permissions as Everyone/Full Control, and keep the server room unlocked. Can you say Stupid? I knew you could.

This is why, IMHO, Samba should not set up ACL emulation; let the OS/FS do that.

Pizza

[Col. Panic]

So, what international pizza chain is closest to where you live?

Front Ends

[MicroBerto]

In order to make some of the Samba basics easier, are you working on a front-end, or with another group of programmers who work on that? I think it'll become important once smaller businesses begin to grasp Linux.

Mike Roberto
- roberto@soul.apk.net
-- AOL IM: MicroBerto

Active Directory & SOAP

[XiRho]

I don't know much about the specifics of how SOAP/Active Directory work in Win2k, but, I do understand it does concern the kind of work Samba does. For example, how will Samba handle the "Application Sharing" aspects of Active Directory, or, what will Samba implement to replicate 2000's "remote files" in 2000's version of NTFS?

Finally, out of curiosity, since 2000 implements a few more "web-oriented" features in NTFS, will Samba be collaborating with (or stealing from) Apache to implement this level of functionality?

Re:ACLs - Here's what we use!

[Howard Beale]

Check out this site - http://www.braysystems.com/linux/trustees.html We've been using this patch for several months with Samba and Netatalk and have had no problems.
Works simply, with no need to mess around patching fsck and other fs programs.

Corp Backing

[Nerf97A4]

It was interesting to see HP "corporatizing" samba into CIFS/9000 [hp.com].

What are your thoughts on HP making money on samba?

How do you see development changing with a corporation having a vested interest?

Mod this up

[dragonfly_blue]

cuz it made me giggle. +6, funny

Re:What do you think of my work?

[mindstorm]

Can someone mod this WAY down? You immature fuckfaces who wrote this need to get a life and grow up!

BDC functionality?

[mindstorm]

When are we going to see Samba act as a Backup Domain Controller. There are situations where a domain controller needs a measure of redundantcy to keep an operation running.

Re:How about YOU get a life

[mindstorm]

Yes, but it was insensitive to post what the original poser did. My head hurts and I'm grouchy due to the side effects of the medication I take for depression. Which was caused by enduring the level of harassment that I recieved in high school. I just went non-linear when I read that.

Columbine is still a tragedy many are still recovering from. People got killed and a nation went into a pandemonium over it. Jon Katz should not of been dragged into the troll even though he tends to be over the top at times.

Re:SGI's feelings toward Linux

[Krellan]

I don't think it was Linux that destroyed SGI.

A while ago, SGI's 3D abilities on their workstations were far superior than anything available for any other platform, and worth the price.

I believe that they failed to keep ahead of the advancing PC industry. Games like Quake provided the critical mass to make 3D accelerator cards a commodity, thus lowering the price of them, while SGI's prices remained high.

SGI did little to keep their 3D abilities state-of-the-art, so their high prices no longer seemed worthwhile and people began buying generic PC's to do their renderings instead of SGI.

(This is all IMHO... If anyone cares to fill me in with more information on the downfall of SGI, please do so.)

Re:NetBEUI

[Krellan]

I would love to see NetBEUI support in Samba! Especially with the Procom NetBEUI stack for Linux [procom.com], announced recently.

It would be a great idea to support NetBEUI. That protocol may be dying, but it has two advantages for small networks that aren't present in TCP/IP:

• It requires no central administration (machines dynamically discover each other and don't need addressing, workgroups, subnets, etc.).
• It is non-routeable (and thus can be used securely on a local LAN, without the possibility of packets leaking in/out to the Internet)

Question though: Assuming the Linux NetBEUI patch is integrated into the kernel, would it be best to have the Linux kernel handle the NetBEUI setup (node discovery, defending conflicting names, etc.), or do it internally within Samba?

As NetBEUI is a low-level protocol like TCP/IP, there's an argument for doing it in the kernel (thus letting other programs use NetBEUI as well). But, much of the existing code is already in Samba, and there's also an argument for doing it in Samba (it would be fairly straightforward, just remove the TCP/IP wrapper the SMB packets get encapsulated in, and put them directly on the wire via NetBEUI).

(Just FYI for newcomers to this protocol: there's a difference between NetBIOS and NetBEUI. NetBEUI is a network protocol, like TCP/IP. NetBIOS is a programming interface, like sockets, that was designed and optimized for NetBEUI (much the same as the socket API was designed for TCP/IP).

Re:Samba Performance

[nanode]

Good question regarding the DOS vs. win performance variation, but who really cares? I understand ghost is a powerful tool, but a critique of the DOS performance seems almost silly.

Disclosure

[Scrymarch]

In the interest of full disclosure, we must mention that Jeremy is now employed by VA Linux.

Good work /. ... it may be full of chaos, rumour and reposts, but it's critical for independence that disclosure is maintained. It also protects your back from accusations of impropriety.

End of Days

[Docrates]

Believe me, I don't mean to be as stupid as I sound when I ask you:

Will Samba ever die?, if so, how?

question

[Hot Grits]

what does VA stand for?

Full PDC support and the Samba TNG Merge

[jmeff]

How long do you think it will be until the Samba team starts really hammering on the 3.0 release and merging in all the PDC support from the TNG branch? I understand the 2.0X branch has had priority because many people use and depend on it, but I think there's a definite need for the rest of the NT Server services to be engineered into Samba to fully replace an NT network. How do you feel regarding Luke Leighton's goals for TNG (formerly samba 2.1) and in fully merging and working to complete this work for Samba 3.0?

Samba configuration

[ba22a]

Jeremy - The story on TNG seems to be that it is cleaning up and normalizing samba's networking code. I was wondering if any thought had gone into a fresh start on the config files? Over time they seem to have accumulated cruft, and it seems to be heading for more with IPv6 address parsing and per-domain options.

Cheers - Baz

PS thankyou for making my life so much easier (as a sysadmin for 300+ machines).

Re:Share permissions? *shudder*

[Guy Harris]

So, like it or not, some people really do need the NT ACL stuff.

...or some flavor of ACL stuff, e.g. the stuff that was being worked on as a POSIX draft [www.guug.de], or various implementations based on various POSIX drafts (Solaris and Digital UNIX both have POSIX-draft-like ACLs, and other UNIXes might as well - there's a project to implement them for Linux as well [bestbits.at]), or non-POSIX-style ACLs such as appear on HP-UX.

Re:Share permissions? *shudder*

[Guy Harris]

But I still *hate* share permissions.

But that's not necessarily what the poster to whom you're replying was asking for. He/she said:

What are the plans for ACL support? I mean the stuff that comes up when you do (in NT) Properties, that second tab, then the Permissions button and get the list of users and groups. Right now we can mess with the existing user and group, but adding people fails.

Said tab is the tab for the file's ACL.

He/she then said:

Will this tie in with the Linux patch to add POSIX ACLs, or will it happen above that layer in a file Samba maintains?

If it ties in with the Linux patch in question, that'd obviously be per-file ACLs (it'd also be difficult, given that NT ACL semantics, which is what clients will be expecting, aren't the same as POSIX ACL semantics), and if it's done "in a file Samba maintains", it could, in theory, be done with per-file ACLs (I think some commercial SMB-server-for-UNIX does that), although the problem then is that said ACLs don't apply to UNIX users, just to SMB clients, so if somebody grants or denies Joe Blow access by adding an ACL entry, that doesn't necessarily mean that if Joe Blow logs into the box running Samba, or a UNIX box that's NFS-mounted stuff from the Samba box, he will necessarily be granted or denied access.

Re:Windows 2000 lack of support

[Guy Harris]

Do files served under SMB have to be text based?

No. SMB's file model is similar to NFS's file model - "please give me N bytes from the file starting at an offset of X" or "please write the following N bytes to the file starting at an offset of X". Typically, the server doesn't care what the bytes are, it just reads them or writes them.

Some SMB and NFS servers might offer an option to translate between different text file formats if the file is a text file, but I don't know whether any do.

Can the Samba serve music/video files?

I've read music and video files from our (Network Appliance's) SMB servers; I would expect it to work reading from a Samba server as well (there's no reason why it shouldn't work).

Re:SGI's feelings toward Linux

[drix]

I disagree. It's the fact that I can buy a GeForce 3D accelerator that literally destroys SGI's top of the line from a few years ago that killed SGI. The bottom simply fell out of the 3D market, in the early 90s, enabling a kid with a $2000 PC to have as much power and rendering capability, for the most part, as an entry level Indy. Silicon Graphics, as the name implies, had always had the graphics segment of the market cornered and hands down was better than anything Wintel could muster up. This is not true anymore; the graphics hardware available for PC beats all but the extreme top of the line stuff available for Irix/SGI/Unix. Luckily for Sun no major revolution came along in hard drives or processors, or else you might see them in the same position SGI is in now. Instead, they continue to fill their coffers because the server market is still quite lucrative. This is not true for the workstation graphics market, which basically endured a paradigm shift recently. If you had to pick one creation that killed SGI, I guess you could say 3dfx.

--

smbclient and OS/2 compatibility

[brennanw]

What are the plans of Samba client on Linux with regards to OS/2? Can we expect the ability to actually allow Linux (as a client OS) to access shares on an OS/2 file/print server on small networks/home networks?

Samba on Windows?

[Ed Avis]

Will we see a Samba port to Windows, as a more flexible / less licence-encumbered alternative to the built-in file and print sharing?

What about buffer overflows?

[tilly]

I have heard that the Samba folks have found buffer overflows in every major TCP/IP stack but make a policy of trying to notify the vendors rather than publicizing them. (OK, you fix the Linux bugs. :-)

Given this, how do you respond to the argument that vendors only fix their problems when threatened with disclosure, and therefore when you find problems you should not merely notify, but also threaten to disclose the problem if it is not fixed?

Thanks,
Ben

Re:Samba as a security measure?

[Col. Klink (retired)]

> Higher levels of security (read encryption) between Samba only servers?

The SAMBA group has always maintained that their duty is only to replicate MicroSoft's protocols, not expand them.

> using the SMB protocol... instead of normal Unix file transfer protocols... that are better known

Ugh. Tell your PHBs that "Security through obscurity is no security". If they want security, use ssh and encrypt.

Samba TNG - What is it?

[IntlHarvester]

Could you provide an explanation of the TNG project?

My understanding is that it intends to provide a fairly complete emulation of the RPC mechanisms in WinNT and 2000, so that Samba can properly emulate domain controllers. Of course, I could be all wrong here.

Would such a project assist in decoding and emulating the 'wire' protocols of MS applications such as MS Exchange or DCOM? Does it provide any services to native unix applications that don't already exist, or is the goal only to co-exist with Windows networks?
--

Samba's future

[Lumpy]

I was wondering what the future of Samba might be. The momentum behind it and the Open Source movement has given alot of us IT/IS guys here on the front lines a huge amount of ammunition. Do you see a point where samba will be able to start dictating changes to Microsoft? Instead of microsoft constantly trying to "break" samba by adding "features" in order to dictate changes to samba.

Extending SMB

[Blue Lang]

Heya!

Thanks so much for all your work. I'm sure you know how nice it is to be able to get rid of NT on as many boxes as possible.

My question is:

With linux slowly creeping in as a more ubiquitous platform, have you ever thought about adding open extenstions to SMB to enable new features?

Thanks,
Blue

Taking blame for broken-ness

[Blue Lang]

I have another one, too :P

How do you deal with stability issues on the NT side of samba? For instance, I have the smb client running on a lot of machines here, because I don't control the NT servers for some departments, and need access to their shares. I have to re-mount those boxes every hew hours, and I'm sure it's because the NT boxes are dropping/resetting my connections, but it looks like instability in the client end. Do you have to deal with that sort of issue a lot, and, if so, have you guys ever considered rewriting the SMB server subsystem.. for NT? :P

--
blue

Did you get any VA Linux stock?

[Zico]

And if so, have you been able to dump it yet, or are you forced to hold onto it for a certain matter of time? What's the feeling around the company about the stock having lost about 72% of its value (from 320 down to 90) in a little over three months, with no sign of bottoming out yet, all while as of last week, VA Linux was still shelling out dough to gobble up other companies like TruSolutions and NetAttach? Any panic in their eyes yet? How low do they think it'll go?

Cheers,
ZicoKnows@hotmail.com

haphazard development

[Medievalist]

I don't think anyone underestimates the tremendous value of the work the Samba team has done, particularly Tridge & Jeremy. I personally am very grateful for the Email help you guys have given me with implementation.

However, as Samba (and the Samba team) has grown, the software has become more difficult to obtain and install. As a specific example; if I want/need TNG, I can't download a package from my linux distributor of choice and .rpm it in; I have to do a CVS load, which is not just more difficult, I think it would be quite intimidating for system managers who haven't ever coded in a CVS environment.
Furthermore, HPUX users (who are essentially already burning in hell, because they have to use HPUX) often don't have a "real" C compiler, or CVS capabilities, so they can only get what somebody else ports - and there is no HPUX 11.00 precompile of TNG available from any reputable source that I know of.
So, the question is, will this trend continue, or will the Samba team make a real release on a more definite schedule than "real soon now"? The current code split makes planning difficult.

Also, does the ongoing rancor directed toward Win95/98 support found on Samba team mailing lists indicate that there will never be adequate support for these very popular desktops?

And finally, how do you feel about HP's shameful lack of attribution in their release of Samba for HPUX? I noticed that when Blackdown got dissed by Sun everyone was up in arms, but I never saw any beefs from the Slashreaders when HP announced CIFS support without crediting you guys.

Roblimo, I hope you won't filter any of these questions out... JA can hand hardball questions, I've seen him do it.

MS-Windows SMB defined?

[SEWilco]

Has Microsoft ever documented their "Windows Networking" implementation of the SMB protocol? (Yes, I know this is their name for SMB, I'm wondering about their documentation policy/results)

Re:Replacing NT

[Vlad_the_Inhaler]

You obviously do not have the remotest idea who Dave is. In his way, he is as much a part of the Samba team as Jeremy; in my book anything he says about Samba is automatically 'Insightful'.

Re:Samba as a security measure?

[Vlad_the_Inhaler]

Samba already offers SSL support.
NT machines only support this via a 3rd party utility (sslproxy), Win9x machines need a proxy server running sslproxy because they cannot handle it directly at all.

Re:sharing files

[Vlad_the_Inhaler]

Andrew Tridgell took over smbmount starting with version 2.0.5., the documentation has not kept pace with this change.

My question, do you need help weeding out documentation that is no longer correct? While my technical background (no NT, only basic Linux) means that a lot of stuff is over my head, some of the documentation obviously needs pruning and I would be available for that.

A related question: is John Terpstra still in the project?

Re:Windows 2000 Support

[Vlad_the_Inhaler]

Samba 2.0.7 is in pre-release, it is specifically aimed at fixing Win2k incompatabilities.

Hey Jeremy

[mochaone]

How do you feel about Microsoft doing its best to nullify the work you've done with Samba. How does it feel to be a target of Microsoft !

Dual Domains

[Uncle Humph1]

Jeremy,

I would like to keep things at a very high level, but I've posed this question to all those whom I know to be very knowledgable about Samba and have yet to get a satisfactory answer. I have 2 questions.

1. My employer uses a dual-domain system where all the user accounts are in one domain and all the accounts for machines are in another. The two domains are incestuously joined with trust relationships. When setting up the Samba Client, is there any way to configure the Samba client to validate credentials to both domains just like the NT boxes on our network?

2. Will the Samba team ever come out with a User Manager or Server Manager for Linux?

Thank You.

Samba TNG, windows 2000, and the Future.

[dieman]

Hello!

I recently got a Linux server and Windows 2000 clients working with TNG .14. I am amazed at how well it works even though TNG msrpc is only really NT 4.0 support.

I figured out how to get the w2k clients into compat mode (because all authencated users no matter what from a nt4 doman become 'User'), but, is there an effort to get w2k domain groups working at all? Is there a hack to get it to work?

Also, I thank you and all of the Samba Team for releasing such a solid product. Samba itself is a great asset to opensource developent and my personal goals to avoid dealing with CALS.

Where can I send [postcards,pizza,beer,etc]?

Unique features

[Signal 11]

I've noticed Samba isn't following the windows specs to the letter. For example, you guys coded into Samba the ability to link networks between a router (forgive me if I'm not clear on this - my docs are behind a firewall right now). Windows doesn't do that.

What other unexplored potential do you see in windows filesharing besides what the official "Microsoft Spec" is?

NetBEUI

[Phexro]

Are there any plans to support the recently-released Linux NetBEUI stack? Though it has little practical use, it could be a nice option for a small to mid-size network migrating from a Microsoft solution.

--

What happens if UCITA passes?

[CodeShark]

As you know, UCITA and the DCMA have some very onerous (and probably unconstitutional) prohibitions about reverse engineering.

How does the potential use/misuse of these laws affect the future viability of the Samba project?

Samba as a security measure?

[bbk]

Where do you see Samba headed in the future, other than to be more compatible with Windows servers and clients? Higher levels of security (read encryption) between Samba only servers?

I've seen many setups using Samba as an extra level of security in the DMZ of a firewall - using the SMB protocol to keep data synchronized instead of normal Unix file transfer protocols (ie ftp or nfs) that are better known to the cracker community.

Did Win2000 break anything?

[Skratch]

Are there any changes in the Win2000 SMB protocol that breaks the current Samba implementation? If so, do you think they were deliberate?

Dynamic mounting

[CAIMLAS]

I'm sure a lot of people have experienced problems with NT servers or other win32 systems that have mounted shares on them go down one time or another. For me, this has led to a lot of irritation. There really don't seem to be too many easy ways to deal with this issue currently. Crontab doesn't quite cut it.

My question: When, if ever, do you see samba having a "dynamic mounting" of shares? Possibly a smbshares.conf that is read any each mount specified is monitored for activity. If the share dies, it is unmounted until it is available again, at which time it is remounted.

-------
CAIMLAS

Samba TNG

[JDax]

I've been following the Samba mailing lists and know about the difficulty of Samba TNG dealing with W2K. &nbsp I'm curious that when changing things to make TNG compatible with W2k, how much that will break compatibility in the mixed Windows environment (knowing that W2K itself breaks alot in the mixed Windows environment).

samba and grander networking schemes

[Matthew Weigel]

With MacOS X coming out soon, it's possible that for the first time since OS/2 was popular there will be another consumer PC operating system able to work along with or replace NT, but it's also UNIX that supports storing the information samba uses in network databases (NetInfo, NIS), and it also supports providing access to older Macs through Appletalk.

My understanding of, for instance, Mac Services for Windows NT and UNIX Services for Windows NT is that it provides services from the same databases, just with different protocols.

So if you can see where this is going, is there any work on making samba able to make use of network-wide databases for user authentication, share specification (I know it can already use the autohome map, but more than that!), etc.?

In particular, I'm interested in things like:

• Being able to authenticate netatalk, samba, and UNIX users all the same way (i.e., not having smbpasswd, NIS, and /etc/passwd all need to be updated every time a user changes his password or is added)
• Being able to specify at the same time what my file server serve up, via netatalk, samba, and NFS (so I don't edit three configuration files every time I add a share, or move a share)
• Being able to specify from one system what each and every file server serves up, without having to connect to the machine in question and edit the smb.conf by hand (or by web)

Clearly this depends on more than just the samba team, but are there plans to add NIS authentication (i.e., instead of or in addition to smbpasswd), NetInfo authentication, and/or smb.conf NetInfo or NIS databases?

Kerberos

[Claude Debussy]

Microsoft has apparently molested Kerberos in their latest W2K upgrade, can you clear up some of the confusion about how this will effect samba server->NT.

I've heard their exploitation of the protocol wont effect samba, some say it wreaks havoc, whats the scoop ?

Reverse Engineering SMB

[Anonymous Coward]

Jeremy, first, a BIG thank you for your work,
I am sure you could lay a pizza-track from Earth
to Jupiter by now with the money you saved people
who would have had to buy Windows NT-Server.

The issue of reverse-engineering has become a
very *hot* issue recently with the advent of
CSS source-code to authenticate DVD-ROMs and
also descramble the content. My questions:

- How much reverse engineering went into the SMB
and WINS protocols, in contrast to real coding,
say up to the first usable share exported from
a Unix machine?
- Did you peek under Microsoft's hood and examine
some VXDs or NT kernel drivers to get to those
last and hardest 10% of insight?
- How important do you think is the roll-out of
working PDC-code?
- Finally, on the law side of things, there is a
German law that explicitly allows reverse
engineering for the purpose of interworkability.
What has been YOUR legal situation (being "down
under"), has Microsoft ever asked you to stop
your work (BEFORE they needed it in their DOJ
case), or even threaten you with legal action
or a life-time supply of pizza?

Thanks so much,
Stephan Eisvogel
eisvogel(at)hawo.stw.uni-erlangen.de

Don't be fooled by the hype.

[Anonymous Coward]

Samba? Samba? That word says one thing to me, and one thing only: Some slinky disreputable Latin American gigolo character, skulking around the suburbs and worming his way into the hearts of virtuous women, destroying their lives and moving on. The word "samba" says nothing to me of quality or reliability. Nothing.

So Jeremy, I ask you: Why do you choose to be associated with such a grossly disreputable and frankly immoral product? Why do you choose to spend your days lazing around the Beverly Wilshire, oiling your pencil-thin mustache, langorously sipping mai-tai's and attempting to seduce other men's wives? Aren't you disgusted with yourself and the low state to which you've fallen?

Have you no shame?

ACLs

[Anonymous Coward]

What are the plans for ACL support? I mean the stuff that comes up when you do (in NT) Properties, that second tab, then the Permissions button and get the list of users and groups. Right now we can mess with the existing user and group, but adding people fails.

Will this tie in with the Linux patch to add POSIX ACLs, or will it happen above that layer in a file Samba maintains?

The possibility exists for me to subvert W2K at my place of business if Samba can do this for my users. I hope this happens soon.

VFS

[Quicker]

At one time (when I actually had free time) I was getting into the VFS system that is in SAMBA. For those that don't know, a gentleman named Tim Potter had started the VFS code because he wanted to use SAMBA to mount his tape drive. I was interested in extending SAMBA with VFS to mount relational databases as a file system so I could just copy objects into the tables of a database using normal file manipulation tools like cp and mv.

I have been out of the loop for a very long time, but was wondering how things a going with the VFS stuff and if anybody else has picked up on it. The possibilities are endless. One could "share" FTP sites, databases, tape drives, archives (tar, gz, zip) to the masses who use Windows clients while keeping them in the familiar surroundings of the Windows Explorer filemanager.

What are the plans for VFS in SAMBA?

Keep up the good work.

For the Challenge or Outcome

[Col. Klink (retired)]

Do you work on SAMBA for the thrill of the challenge of reverse engineering SMB or just for the practical uses? If MicroSoft were to open their protocols (perhaps as part of a DoJ settlement), would you still find it as much fun?

Active Directory vs. LDAP

[wilkinsm]

Now that Windows 2000 can use a basterized version of LDAP vs. the undecriptable SAM, does it become any more feasible to have Access Control Lists (ACL) work from Unix? What are your feelings on the "extenstions" that Microsoft made to the LDAP spec - are they insurmountable to decode?

Samba and Active Directory

[dee^lOts]

With the release of Windows2000 we saw the introduction of a new computer, user, group managment system. Microsoft included some ability to be backwards compatible with WindowsNT Servers, Microsoft also included the ability to run Windows2000 in "native mode." which effectivly disallows any NT client/server from participating in it's user management. How will this affect Samba? Will Samba include Windows2000 "native mode" support, also will the AD tools used to administer a Windows2000 Server be able to administer a Samba server?

Report Comments

[brunes69]

I am currently in the process of writing a university-level report for a course I am taking. The topic of the report will be SMB vs. NFS. I am not trying to identify a clearly "surperiour" protocol, I am seeking rather to simply present as much detailed facts/benefits of each and have the reader decide for themselves.

Obviously you would be an ideal person to ask about this topic. What are your feelings as to the advantages SMB has over NFS, if any, and how could the benefits of NFS, if any, be carried over into SMB?

Replacing NT

[Pheros_7f4]

I am continually amazed each time a major release of Samba comes out how well it works. My question is, I know that the Samba group has been working towards make Samba a suitable replacement for NT. How far do you expect that to go. I know you're in a continual battle with MS changing things with every minor release, but do you expect to someday get to the point where I can completely replace my NT PDC machine with a Unix/Linux box that has the same functionality?
Perhaps the same question stated differently is what are the long term goals for the project in relation to NT PDC Server compatibility?
Any estimates on how long such compatibility will take?

Thanks again for all the hard work!!