Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Software

Samba 3.0.0RC1 Released 261

dook43 writes "Samba 3.0.0 RC1 has been released as of 8/16. Probably the most important new feature is its Active Directory support, but the rest of the new features can be found at the website."
This discussion has been archived. No new comments can be posted.

Samba 3.0.0RC1 Released

Comments Filter:
  • Active Directory (Score:5, Insightful)

    by isam_b ( 635273 ) on Sunday August 17, 2003 @06:39PM (#6719342) Homepage
    Having the Active Directory support is really a bug feature, as I had real big problems with authenticating a Linux Client in an AD server .. I hope that this issue will be solved in Samba 3 ..
    Way to Go Samba!
  • by notque ( 636838 ) on Sunday August 17, 2003 @06:41PM (#6719345) Homepage Journal
    3) New authentication system. The internal authentication system has
    been almost completely rewritten. Most of the changes are internal,
    but the new auth system is also very configurable.


    Does this mean I won't have to authenticate for every directory I access?

    (Or are we misconfigured from the get go, and I should know and fixed such an issue :)
    • by aled ( 228417 ) on Sunday August 17, 2003 @07:11PM (#6719453)
      My brain doesn't have the neural paths to understand some unix documentation, including samba, many man pages, etc. They seem to be produced from the old IBM school that says that the documentation should be for people that already is expert on the topic.
      And don't forget all those switchs that are platform dependent, remember the source code is the documentation.
      • by Anonymous Coward
        My brain doesn't have the neural paths to understand some unix documentation, including samba, many man pages, etc. They seem to be produced from the old IBM school that says that the documentation should be for people that already is expert on the topic.

        Yes. The term for these people is "Professionals". That's why we make money doing it.
        • Linux is still where it is. It's part instructions and part attitude. Attitudes like "leave it to the pros" is extremely condescending. I'm not saying that a newbie will be able to get Samba 3 up and running in 2 minutes, but when a Windows server can be had that can do it out of the box with very little administration, people will think twice.
          • Re:Which is why... (Score:4, Interesting)

            by pantherace ( 165052 ) on Sunday August 17, 2003 @09:21PM (#6719980)
            I'm working on it :) (and need testers...)

            I just got back from a weekend retreat, but I have written a script/gui for doing this, and it works fine in production (where the people know what they are doing) but the setup is pretty automatic, and the gui (based on kommander (part of quanta atm)) allows a simple gui interface to the setup, which should all work, but as I said I need people to play with it and break things!

            It should work for gentoo and redhat, atm.

            sloppyadm.sourceforge.net if you are interested in helping.

          • Re:Which is why... (Score:2, Insightful)

            by jonadab ( 583620 )
            > when a Windows server can be had that can do it out of the
            > box with very little administration

            That would represent a very radical change in Microsoft policy.

            Don't get me wrong, NT has some things going for it, but "doing
            it all out of the box" isn't one of them. All that stuff is
            *available*, of course, and once you install it you have a
            pretty decent system, but it's not included OOTB. The reason
            for this goes directly back to Microsoft policy: the OOTB system
            is a base platform with basic functio
      • by aled ( 228417 )
        To be fair I just checked the samba site and the new documentation seems to be much better and more detailed.
      • by silas_moeckel ( 234313 ) <silas AT dsminc-corp DOT com> on Sunday August 17, 2003 @07:59PM (#6719642) Homepage
        Yes documentation should be the expert on the topic written for somebody with a background in real engineering (your average MSCE dosent count) let the howto's and the for dummys books deal with spoon feeding cookbooks to end users if your having the authoritive person on the subject write documentation aka the programming team write the most technical documentation you should ever need without having to do redo code yourself.

        I say this because there are to many porly documented applications out there. Documentation to often is looked at by the marketing department and dumbed down so nobody might get scared of it. If you have ever looked at the home service manual for a Saturn (the $500 one thats an option) that nearly would allow you to machine replacment parts thats documentation. Want something easy to read with pretty pictures get a for dummy's book aka the dumbed down book from somebody that read and understood most of the documentation.
        • You intellectual snob.

          How dare you discriminate against those poor people that can earn obscene amounts of money by learning how to pass MCSE exams without the slightest bit of computer expertise?

          You, sir, are a cad, and a Unix elitist bastard. Anyone knows that true enterprise solutions only require a few mouse clicks to configure, and that manuals are for those who have overstayed their contracts.

          Have to say I agree with you 100% though ; /.

          • Oh dont worry I make plenty of money working with windows as once people figure out the paper MSCE's cant do what is required they hire a compotent consultant. :)

            BTW I like the right tool for the problem beleive it or not clusters of Linux boxes dont work for any problem yet.
        • Hey! I've got a MS in CE. I wonder if I'd get more doe with an MSCE these days. Companies are strange...
    • Misconfigured up the yang ;)
  • Damn it! (Score:5, Funny)

    by Anonymous Coward on Sunday August 17, 2003 @06:42PM (#6719355)
    Just when I perfected the old samba, they release a new version. Now I have to learn all those dance steps again.

    Shit.
    • Isn't that the truth. Don't get me wrong I love the software but (to play off that delightful "crash different" video) I feel as thought I'm not operating Samba, rather just sharing in the Samba experience. Should I happen to get XP to actually open one of my remote directories while the system is willing, all the better. This is based off an experience I've had two time where after configuring Samba I got errors from XP when connecting to that server. I play around for about 2 hours to no avail, then
  • by Rosco P. Coltrane ( 209368 ) on Sunday August 17, 2003 @06:43PM (#6719361)
    always the first to get the nice stuff. I can't wait till the Windows port comes out ...
    • by sonicattack ( 554038 ) on Sunday August 17, 2003 @07:18PM (#6719479) Homepage
      Since some versions of Windows acting as an SMB server actually limit the number of allowed connections (that's Microsoft's Licensing for you), a Windows port of Samba actually wouldn't be that crazy of an idea for certain configurations.
    • Re:Lucky Linux users (Score:5, Interesting)

      by AstroDrabb ( 534369 ) on Sunday August 17, 2003 @07:23PM (#6719502)
      Are you suggesting that AD is a good LDAP server? If so you are very wrong. AD really blows is and is very slow. I remember a statement from MS about them getting 2.x million entries into their AD server, at about the same time Novell announced 1 billion! The only reason any effort is made within the Linux community to work with AD is because it is needed to work in many MS networks. Also, AD is an LDAP server with proprietary crap tacked on that MS does not share. I think the Samba team have made some great gains with SMB and now AD all from reverse engineering.
      • Right, I'm no coder actually: some php and odd C walkthrough thingie to check out exploits. Anyway, excusatio non petita but here it goes: why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? M$ does kerberos proprietay? M$ AD is a vbasic LDAP server and some undoc binary protocol? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some .dll
        • by cleverhandle ( 698917 ) on Sunday August 17, 2003 @08:03PM (#6719652)
          pGina [xpasystems.com] does essentially what you describe. It replace GINA and allows MS boxes to authenticate directly against an LDAPv3 server. But people who understand this stuff much better than myself tell me that this is not really a great solution. GINA is a fairly superficial authentication component, and replacing it doesn't make some of the more subtle bits fit together. Modifying the LSA (Local Security Authority) would be necessary to do the job properly. But, not surprisingly, documentation for it is not forthcoming.
        • Re:Lucky Linux users (Score:5, Informative)

          by styrotech ( 136124 ) on Sunday August 17, 2003 @08:07PM (#6719680)
          why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some .dll to log a M$ box into an ldap ssha or cert , standards kerberos environment?

          There is an open source GINA implementation to auth against other services.

          [xpasystems.com]
          http://pgina.xpasystems.com/

          I think it comes in two parts, one a general backend and there are a bunch of different auth systems.
        • by marko123 ( 131635 ) on Sunday August 17, 2003 @09:43PM (#6720073) Homepage
          In the spirit of GNU/Linux, I think GINA should be prefixed with the initials of the state where the lead developer originated... Virginia.
          (For non-US, that would be VA)
        • by ThePeeWeeMan ( 77957 ) on Monday August 18, 2003 @12:39AM (#6720664) Journal
          Score: -1, Not enough M$-references.

          But seriously. If you think AD is written in VB, I've got a GNU/Bridge to sell you.
        • Re:Lucky Linux users (Score:3, Informative)

          by Alioth ( 221270 )
          I wrote a replacement GINA for $BIG_PROJECT that I was on. What a nightmare.

          Unfortunately, GINA doesn't do everything, and it is (or at least was when I had the misfortune to write a replacement GINA) very badly documented. We had a $40K support contract with MS to provide us development support for this, but it was a complete waste of money - they couldn't answer our questions. We ended up essentially reverse engineering msgina.dll to find out exactly what needed to be set for everything to work correctly
      • Re:Lucky Linux users (Score:4, Interesting)

        by cheezit ( 133765 ) on Sunday August 17, 2003 @08:02PM (#6719651) Homepage
        Proprietary crap? Please elaborate.

        The standard stuff is fairly standard. inetOrgPerson is available as an add-on (which I think is lame, but you can get there from here). Many of the other "compliant" directories have their own blind spots too.

        The nonstandard stuff is sometimes doc'd, sometimes not; for instance, if you are expecting full docs on how GPOs are represented in the database, you will be disappointed. Then again, why would you code to their goofy extension?

        One thing I think is *lame* is the 5k size limit on number of users in static groups. We are using dynamic groups/roles for some stuff, but static groups are a useful adjunct to that. 5k is just pathetic.
        • I had problems moving a Java app and a php app that was using OpenLDAP in my dev environment to AD. I just wished they stuck to the LDAP standard 100% without any proprietary stuff added to it. Plus we have 110,000 employees in it as well as other junk. It can get a little slow at times with only 110,000 employees.
      • by SuperBanana ( 662181 ) on Sunday August 17, 2003 @08:16PM (#6719700)
        --Ben Franklin
        Programmer Analyst
        Davenport, FL

        Man, couldn't he find a better place to live?

  • Another bonus (Score:5, Interesting)

    by cleverhandle ( 698917 ) on Sunday August 17, 2003 @06:49PM (#6719380)
    ...besides the features is some absolutely outstanding documentation. The old 2.x docs were basically a really long HOWTO. The new docs are broken into self-contained chapters that start by laying out how a certain task or protocol work in general, and then how to configure Samba to take part in it. Considering that Samba can perform so many different roles, the mix-and-match method is a lot more sensible. Even if you don't use Samba, consider their docs as a reference for troubleshooting Windows problems - I've found they offer a far more complete and focussed discussion of Windows technologies for the sysadmin than any MS book or webpage.

    Great job, Samba team!
  • Under debian (Score:5, Insightful)

    by MC68040 ( 462186 ) <henricNO@SPAMdigital-bless.com> on Sunday August 17, 2003 @07:04PM (#6719434) Homepage
    I've installed the "unstable" samba 3.0RC1 packages under my Debian 2.4.20 system and I have to say, it works pretty well.

    I've only experienced a few cases of "lock outs" of all clients, the first time because the init script didden't sucessfully kill all smbd's before starting new ones and the second time... Who knows, a restart of it helped fine anyway.

    Other than that it seems pretty good for me with W98/W2K/XP Pro clients using different laguages, except for some random slowdowns in access to it but nothing major.

    Also, that build is compiled with GCC-3.3 if anyone's interested in that.

  • by Anonymous Coward on Sunday August 17, 2003 @07:08PM (#6719446)
    Just as an FYI,

    From the 3.0 FAQ

    The following functionalities are NOT provided by Samba-3:

    *

    SAM replication with Windows NT4 Domain Controllers (i.e. a Samba PDC and a Windows NT BDC or vice versa)
    *

    Acting as a Windows 2000 Domain Controller (i.e. Kerberos and Active Directory) - In point of fact, Samba-3 DOES have some Active Directory Domain Control ability that is at this time purely experimental AND that is certain to change as it becomes a fully supported feature some time during the Samba-3 (or later) life cycle.


    The samba team is doing a great job moving forward. What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients. It would be nice to be able to create an LDAP directory trust relationship to your friends/family/etc.. network to allow logins between them...
    • by cleverhandle ( 698917 ) on Sunday August 17, 2003 @07:39PM (#6719567)
      "What I would hope to also see in the near future is support for creating a (Linux) directory heirachy based network using samba that will allow both MS and non MS clients."

      Once they have AD controller support, that part is easy - and also not exactly Samba's job. Just create appropriate schemas for your LDAP server and have a Samba AD controller authenticate client requests via LDAP. What's not there yet is the ability to handle MS Kerberos properly - creating the Kerberos tokens in the proper format and passing them off to the client is more of a barrier than any LDAP protocol issue.
      • Dude, you're full of crap. Kerberos is the easiest part. LDAP is actually the hardest part so far. We just got support for GSS-SPNEGO (Window's preferred SASL authentication mechanism) this week (thanks to some awesome work by Volker). Then there's a bunch of AD-only controls and syntaxes that we're just begining to understand. True is, we can currently support an AD domain controller but it's buggy as all hell (mostly due to LDAP problems). That's not even getting into connectionless LDAP (see my lat [utexas.edu]
  • by Gerdts ( 125105 ) on Sunday August 17, 2003 @07:21PM (#6719491)
    As I was reading the announcement, I missed item 42 (Added win2k3 shadow copy operations to VFS interface). Taking a look at the discussion on the samba-technical list [samba.org], this seems like it is a very cool feature. It paves the way for being able to look at snapshot file systems (Veritas, UFS, LVM, etc.) and even creating a VFS interface that will allow you to browse the last 64 revisions of file a CVS repository. Very cool.

    Now, I would just love to see this in smbfs [swin.edu.au].

    • That's freaking awesome. Didn't microsoft just start advertising this?
    • by afidel ( 530433 ) on Sunday August 17, 2003 @08:39PM (#6719794)
      The problem is none of the Unix filesystems do snapshots the right way for a client facing system. They all do a whole filesystem at a time snapshotting, not just change vectors. MS and Netapp on the other hand do it correctly and simply store the changes. This makes snapshots of infrequently changing data take up significantly less room. Veritas style snapshots are really aimed at datacenters that want to be able to backup their database to a certain point in time while not effecting the live system. The one thing MS does wrong is place the revisions in a FIFO buffer where the 64th oldest backup is always the one that gets pushed off, I would like to be able to do things like you can on the netapp and make hourly, daily, weekly, and monthly backups, with the MS solution you can only keep a couple days back if you want to do hourly backup points.
      • AFAIK, lvm snapshotting on Linux only stores the differences.

      • that's not true .. (Score:5, Informative)

        by Macka ( 9388 ) on Monday August 18, 2003 @07:34AM (#6721613)

        The problem is none of the Unix filesystems do snapshots the right way for a client facing system. They all do a whole filesystem at a time snapshotting, not just change vectors

        AdvFS, currently on HP's Tru64 Unix and also (already) ported to the up and coming combined Tru64 + HP-UX offering, called Enterprise Unix, has a snapshot feature called 'cloning'. A cloned filesystem is mountable, and only contains pointers to the blocks of data on the original. Further write operations on the original first copy the data block to be changed to the clone before allowing the block to be replaced. It takes seconds to create a clone of a terrabyte filesytem and then you're back in business. This feature has been around for years!

        You shouldn't make statements like that without doing your homework.
  • by PrimeWaveZ ( 513534 ) on Sunday August 17, 2003 @08:06PM (#6719670)
    I know that GimpPrint will make it into Panther, but I think it would be great if some version of Samba 3.0 could make its way into Mac OS X 10.3. The best reason being that Samba 3.0 is supposed to support the signed transmission security that Windows Server 2003 implements. Rock on!
  • Wins support (Score:3, Interesting)

    by archen ( 447353 ) on Sunday August 17, 2003 @08:20PM (#6719712)
    Anyone know how the wins support is? It looks like samba 3 will finally be able to replicate. Currently Samba can't replicate with NT servers, or as far as I know, even with other Samba servers. That sort of limits Samba in terms of redundancy. Is adding static entries to WINS new as well? I don't recall ever seeing that in the samba 2 documentation - that's been an unfortunate hang up where I work.
    • by An Onerous Coward ( 222037 ) on Sunday August 17, 2003 @10:52PM (#6720270) Homepage
      What the hell are you talking about? Do you really want your Windows computers and your Unix computers replicating with each other? Right in the server room? When your boss walks in and sees two Intel boxes replicating right there on the server room floor, just what are you going to tell him?

      And just what will the offspring of this Windows/Unix replication be like? Will its NT kernel be able to handle Unix-style system calls? Or will the offspring be a penguin with Bill Gates' face?

      No matter how I look at this, I just cannot see that this "replication" can be a good thing. You're going to create an abomination that will bring only misery to the world. Keep your computers on opposite sides of the room, with very short power cables, or you will doom us all.

      /me goes off to look up "replication."

  • by codepunk ( 167897 ) on Sunday August 17, 2003 @09:49PM (#6720092)
    Samba makes it very easy to get a linux box on a customers network. It also allows me to undercut the hell out of competitive bids in our area. All we are competing against it a bunch of vendors in the area and all they know how to do is windows and MS products. This allows us to completely smear any and all bids we run against them. We are doing it as much as we can right now because as linux spreads it is going to get a whole lot harder to do this and still make the profits we are making.
  • Has samba ever been such a good implementation of M$ that it's fallen victim to viruses that are targeted at one of the M$ variants?
    • of a specification or protocol does not mean it has to be full of buffer overflows just because the "real" version is.
    • If you're talking about the viruses that simply "infect all Word files it can find, even on network shares," for example, then running Samba instead of Windows makes no difference. The infected client simply sees a share like any other -- that being the whole point, after all. The Samba server simply sees a write request like any other.

      So yes, files shared via Samba can be infected, if it's that kind of virus.

      Exploits that try to break into a Windows file server directly (as opposed to writing to exp

  • Where would one look for some good solid infomation on what all these buzzwords such as "shadow copy" and "active directy" accually mean? Ive seen those horrid 2003 server ads, but what do these features accually do?
    • by ctr2sprt ( 574731 ) on Monday August 18, 2003 @01:38AM (#6720807)
      Active Directory is basically an LDAP directory server with Kerberos 5 authentication. In case you don't know what those are either...

      LDAP servers are pretty much quasi-object-oriented databases (LDAP is the protocol used to talk to the server). On a Unix-like system, you could store all the user information (/etc/passwd, /etc/shadow, /etc/group, everything) in an LDAP directory. But you can really store anything in an LDAP directory, such as the complete DNS database for a server. This can be handy because LDAP has replication and such built right in, so you no longer need to worry about DNS replication. These are the two big things stored in the Active Directory in Windows (user information and DNS records).

      As for Kerberos, it's a secure authentication mechanism. The whole process is kind of complicated, but here are the basics. When you log in to a Kerberos domain (this is just a normal domain login for Windows) what you are doing is requesting a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC). The TGT is returned, encrypted. If your password decrypts the TGT properly, you're logged in. Note that your password never goes over the network! Now you want to access a service on another machine in the same domain. You give your TGT to the KDC, asking it for a ticket to the specified machine. You get the ticket back, then provide it to the server. The server verifies the ticket similar to how the TGT is verified at login, and if it passes, then you've identified yourself securely. This means you don't need your password at all once you get your TGT, unless for some reason you need to get a new TGT. So Kerberos is both a secure authentication mechanism and a single sign-on mechanism.

      Believe me, all this is a huge leap forward for Microsoft. Even though they keep adding proprietary bits to both LDAP and Kerberos, they are at least getting on the open standards bandwagon. And technologically, this is all far superior to the way Windows NT did things.

  • Features galour. (Score:4, Insightful)

    by Zaffle ( 13798 ) * on Monday August 18, 2003 @03:00AM (#6721008) Homepage Journal

    Samba 3.0 is the first real samba (excluding samba-tng), imho, that can replace a WinNT4 PDC (Primary Domain Controller) *fully*.

    (eg: with samba3, the windows usrmgr.exe works for adding/deleting users & groups. (usrmgr.exe communicates over RPC, so I consider it something that should work for a windows primary domain controller). I have just recently setup for a company:

    A samba PDC, with usrmgr.exe working.

    With an LDAP backend for authenciation.

    With posix ACLs on the file system (to allow *real* permission settings. The perms are still a bit wierd, and I feel better setting them in Linux rather than through the windows gui, but they do work).

    With cups printer backend, so printing works great.

    Basically, this machine fully replaces their windows NT4 server, and does it pretty damn well.

    The move from NT4 to PDC was pretty good. Once everything is setup on the samba side, you can "net vampire" all of the user and group accounts over to the samba server, and the users can login with no problems.

    The only missing feature was I needed some way to copy the file system on the NT box to the linux box and keep the ACLs.

    Anyway, the samba team does a great job

  • by 1stflight ( 48795 ) on Monday August 18, 2003 @05:42AM (#6721323)
    Have to say Linux is coming right along!! With AD support, and soon to be ACL's in the filesystem (some already have it), all I'm wanting is a pretty GUI admin tool...

    Okay, sorry I'm spoiled :)

    Good job Samba Team!!!!

You are always doing something marginal when the boss drops by your desk.

Working...