M$ Contributes to Samba

In case anyone doesn’t know about Samba, it is a FLOSS project to produce code that enables GNU/Linux to work with M$’s clients and servers for file/print/authentication. GNU/Linux is now so pervasive that M$ needs Samba to work to make M$ look good. The last time I worked with Samba, XP clients were OK but “7” was stubborn. I just could not tweak Samba to work with “7” in a reasonable length of time.

The issue was NTLM, M$’s moving target of an authentication scheme. That’s the contribution M$ has made to make Samba work better with authenticating M$’s clients. M$ does not even recommend using it but many LANs still do.

Where I worked last year, we migrated most of the clients to Debian GNU/Linux. We did not even use SMB for the clients except for sharing report cards in the high school. One teacher insisted on keeping XP so we kept SMB. Unfortunately, we put her on “7” so she had to go back to XP for report cards. It was a royal pain. M$ wants to reduce the pain of using their clients.

Chuckle. You know you’re winning when the enemy has to keep you alive… M$’s “partners” using FLOSS prevents M$ from using all its anti-competitive tactics.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

32 Responses to M$ Contributes to Samba

  1. Kozmcrae says:

    “Weird, why all foss-supporters are politically left-oriented, and pro-communists? ”

    Get up off your butt plug and look around. FLOSS and proprietary supporters are the same kind of people. To say otherwise would indicate that you are not serious about carrying on a discussion but are here to crank out the same garbage day in and day out.

    You say the same things in all your comments. You just change the wording slightly. You should be shut off after about a dozen or so of the same type of comment. You add nothing to the discussion.

  2. Phenom says:

    Weird, why all foss-supporters are politically left-oriented, and pro-communists?

    Calling Putin a capable leader is like calling Stalin a humanist. Putin failed big time as a leader. Despite the huge income from expensive gas and old, Russia still doesn’t have even one single interstate freeway. Not a single one. The country, except for Moscow and Petersburg, is one miserable and underdeveloped regiod. Smaller towns and villages have no paved streets. The average life expectancy is comparable to Nigeria, and so is their death rate, which puts them in the “top” five.
    Hospitals in Russia often lack even hot water, and patients are expected to bring their own sheets and blankets. And don’t get me started on corruption in police and state administration.

    And all the misery is just because most of the money from oil and gas get stolen. Putin himself is known to have more than $40 billions in private bank accounts.

    Btw, Windows is currently being the most pirated piece of software in Russia.

  3. It’s raining here, but I will manage.

    When whole governments are moving to GNU/Linux, M$’s hold on the desktop is tenuous. That’s why M$ developed EDGI to prevent such change but it’s not working. You can fool all the people some of the time and some of the people all the time but you cannot fool all of the people all the time. (Lincoln)

    I know the Russian migration is not complete. It started a few years ago in education and a formal pronouncement was made last year and it will happen. You know it’s not complete. Everyone knows it’s not complete. Why spout the lie that I pretend it is already complete? My point was that it is extremely unlikely that a major organization would attempt such a migration to an untried OS. This plan of migration shows that GNU/Linux has mindshare/respect/etc, Put it this way. Putin is a very determined and capable leader. If he says something will happen, what makes you think it won’t? This guy’s got style, groupies and he shoots, flies and does judo. He makes Mark Shuttleworth look like an amateur leader.

  4. Stavros says:

    TFA clearly states the migration is scheduled to be completed in 2015.

    You pretend like it is already complete.

    You initial assertion is clearly wrong. Have a nice day.

  5. pogson says:

    Stavros wrote, “So you’re conjecturing,”

    Nope.

    “Up until 2004 the Gendarmerie acquired 12.000 to 15.000 licences annually. In 2005 it bought just 27. “Since July 2007 we have bought two hundred Microsoft licences. If one of us wants a new PC, it comes with Ubuntu. This encourages our users to migrate.” Guimard estimates Gendarmerie since 2004 has saved 50 million euro on licences for standard office applications, hardware and maintenance.”

    That’s not conjecture.

    • * TFA clearly states they’ve stopped buying licences from M$ routinely as they used to do.
    • * TFA clearly states that old PCs when replaced are replaced by GNU/Linux PCs by default.
    • * TFA clearly states that this policy encourages migration to GNU/Linux, that is, rewarding the user with a new PC for making the adjustment.
  6. Stavros says:

    Enterprises do not “need” that other OS. M$ needs them.

    If you’re deploying a huge network, even just workstations, you’re going to need diretory services, if that huge network happens to be a ton of Windows workstations, you’re going to want ADS.

    Like I’ve said, I’m a Unix admin. My choice of platform does not blind me from the realities of the corporate world, where a heterogenous network is a fact of life: If there’s existing Windows infrastructure, you’re going to want ADS to manage it.

    If you’re building a deployment from scratch, and you’re doing it without Windows, you neither need, nor want a Windows Domain Controller, which in no way changes that if you have a Windows deployment, and the vast majority of corporate deployments do, you’re going to have a Windows PDC somewhere in that network.

    They are migrating by attrition. That always works. 50 million translates to a lot of units migrated/replaced.

    So you’re conjecturing, well that’s just lovely. Like I said, we’ll wait until 2015 when they’re set to finish up the migration and judge it then, like reasonable people, shall we?

    I have done a lot of migrations. They do not fail on technical merit.

    When was the last time you tried to migrate 85,000 workstations? Apples and toasters. Also, see Munchen.

    There is always a way to get it done because computers are digital and logic prevails.

    This isn’t about feasibility. I’ve even said more than once in this thread that it is possible to set up, ore or less, a limited PDC on a *nix setup, it’s just A LOT more complex and a huge pain in the ass to maintain. You simplify it to LDAP and SSH, the fact of the matter is that, again ,since we’re talking ADS, we’re talking enterprise deployments, you’re going to need named, you’re going to need NFS, cups, LDAP, NFS, NIS and NIS+ for legacy systems, Kerberos, and all kinds of other things.

    It’s purely about ease of use and maintenence.

    NFS/AFS anyone?, seems a lot easier than AD

    That’s the most idiotic statement I’ve seen all day, and that’s something seeing as Ohio Ham and twitter found their way here.

    ADS is more along the lines of NFS/AFS/Bind/LDAP/CUPS plus NIS/NIS+ if you’re supporting legacy stuff, plus stuff like GPO goodness.

    You’re comparing a single component to an all encompassing solution. Once you understand what ADS is, what it does, and what purpose it serves, you’ll see why so many swear by it, I do wish we had something that provided the same ease of maintenence and administration on the Unix side. The fact is that we don’t, but we _can_ integrate into Windows Domains.

  7. twitter says:

    Enterprises do not “need” that other OS. M$ needs them.

    I think this is the point that the Microsoft boosters don’t want to believe, that no one needs Windows. Things work better without Microsoft around.

    Microsoft’s code donations to Samba should be looked on with great skepticism. People who do what Microsoft likes always end up worse off.

  8. oldman says:

    “Samba 4 also has ntvfs what nicely provides a map between you posix and nsfv4 permissions and ntfs nuts behaviours so that share can say to Windows yes I am NTFS and act perfectly correct for the mangled mess ntfs is.”

    Who cares.

    Mr. Ohio Ham, talking about samba 4 at this point is bushwah. Samba 4 is non production alpha code.

    But if you insist on talking about alpha code, I shall start talking about windows 8 Server’s capabilities at they stand now.
    .

  9. oldman says:

    “NFS/AFS anyone?, seems a lot easier than AD…..”

    Nope. Our AD environment with 11000 active desktops and 132000 user accounts and counting runs quite well thank you. It is maintained by a team of 4 sysadmins.

    IN comparison the central LDAP instance can barely keep up with its job of being a central authentication service.

    YMMV.

  10. oe says:

    “Who cares, its 2011 now and we are dealing with Windows 2008 R2!”

    True, Win2K has morphed and advanced (?) to Win7, over the past decade but Linux from RH6 and the has REALLY moved along since 2001 and it out-Mac’s the Mac today, while retaining superior server side utility, scalability, stability and security. NFS/AFS anyone?, seems a lot easier than AD…..

  11. Stavros wrote, “enterprise deployments where the need of a Windows Domain exists”

    Enterprises do not “need” that other OS. M$ needs them.

    “The Gendarmerie began its transition to open source software in 2005 when it replaced Microsoft Office with OpenOffice.org across the entire organization. It gradually adopted other open source software applications, including Firefox and Thunderbird. After the launch of Windows Vista in 2006, it decided to phase out Windows and incrementally migrate to Ubuntu.”

    From a link in TFA:“Most of these savings are on proprietary software licences. Up until 2004 the Gendarmerie acquired 12,000 to 15,000 licences annually. In 2005 it bought just 27. “Since July 2007 we have bought two hundred Microsoft licences. If one of us wants a new PC, it comes with Ubuntu. This encourages our users to migrate.” Guimard estimates Gendarmerie since 2004 has saved 50 million euro on licences for standard office applications, hardware and maintenance.”

    They are migrating by attrition. That always works. 50 million translates to a lot of units migrated/replaced.

    I have done a lot of migrations. They do not fail on technical merit. There is always a way to get it done because computers are digital and logic prevails.

    LDAP is very useful for even a small business. One database can hold all the IPs, MACs, UIDs, GIDs, names, phones, e-mails, hosts, printers… I have worked in small schools (~500 students) that needed LDAP because students roamed and could log in on any PC securely to access files and servers. Probably any place with multiple servers or terminal servers could use LDAP. Many small schools will have a few servers for various applications although they can cut down on servers these days by using GNU/Linux and/or virtualization.

  12. Stavros says:

    I don’t have a Windows side. Why would I run Samba?

    Again, I’m talking enterprise deployments where the need of a Windows Domain exists. You’re talking about your classroom and home network.

    This started off as stating that samba being an adequate replacement for ADS, and you’ve predictably backpeddled to something completely different. Icwutudidthar and so did everyone else.

    You don’t need to care about ADS, nor samba, nor even NIS/NIS+ since you don;t have an existing Unix infrastructure to support either.

    So, is AD going to update Gimp?

    It can.

    I don’t need the glorp in AD. It is of no use. I have complete and convenient control of my systems.

    You don;t have the need for a Windows Domain at all, since you have no Windows infrastructure, at this point we have what’s called a non-sequitur.

    Hey, I didn’t say AD was heavy but by the EULA you only get it on M$’s server and you have to pay an additional licence for stuff you don’t need with GNU/Linux.

    There’s no additional license fee for ADS, it’s bundled with windows server. But to say you don;t need ADS for a Linux deployment is just silly and intentionally deceptive, of course you don’t. But you do need LDAP + NFS + BIND + DCHP and depending on deployment, NIS and NIS+ which is a whole extra load of complexity.

    But once again, you don;t need to care about ADS unless you have existing Windows infrastructure.

    It’s all about making money for M$ not serving users.

    Clearly you’ve never run a business. You can make money unless you keep your customers happy. And again, since we’re talking about Windows Server and ADS, we’re talking corporate, not Joe desktop.

    Who the Hell cares about “Enterprise” deployments?

    We’re talking ADS, it’s targeted at the enterprise. The home user, and most home or small businesses can contend with operating in Workgroup mode and often don’t need domain services, nor LDAP for that matter.

    The big guys use a minority of IT in the world and the world does not need to resemble enterprise at all.

    The Enterprise tier is also where most of the cash money is. Low volume high margin, it’s what every business wants. But you’re just distracting from the point, so I’ll repeat again and again, if you’re talking about domain services and GPO, and LDAP and NIS/NIS+ and all that fun stuff, you’re talking business and enterprise. Though the fact of the matter remains that most IT related jobs at at the enterprise tier, so the argument comes full circle.

    Most businesses are small and don’t need AD.

    I’ll give you that small businesses don;t need ADS, nor any kind of directory services for that matter, but businesses grow into larger businesses and eventually the need for such services arises.

    They can use GNU/Linux and manage very well.

    Of course they can, but the same can be said about Windows, or anything else for that matter. And the fact remains that most such companies would prefer to use a Windows infrastructure to leverage their existing Windows skills. Do keep in mind that this is coming from someone who maintains Unix infrastructure for a living.

    The French National Police use GNU/Linux everywhere and they have 85000 PCs.

    Good for the French Police, but they’re the exception not the norm, and I’m glad you’ve found something other than the failure on Munchen to champion.

    though you left out the part that the migration won;t be completed until 2015, IF they, unlike the Munchen fiasco run according to schedule. I haven;t found any followups since the original story broke in 2009, which can either be a good or bad thing.

    the migration is neither anywhere near complete, and as far as I can find there have been no updates on the status of the migration so it ultimately means nothing. We’ll see how it turns up in 2015.

  13. FLOSS has no excuse. Printing is easy with FLOSS. I have a networked printer here and all clients print to it. It takes seconds to set it up. Browse to http://localhost:631 and carrry on. Even a newbie can do that.

  14. Ivan says:

    “There are still issues but nothing like what it was. In fact even the 2004 interface was usable if you followed the manual.”

    You are misrepresenting the ease of your preferred software Mr. Ham. You still have to add an undocumented section to a text file to allow remote printing and remember to add access to the ipp port of your running firewall. None of the available guis accomplish that automatically, Mr. Ham.

    Microsoft makes printer sharing simple. Apple makes it simple and they are using CUPS. What’s the open source excuse?

  15. oldman says:

    “So, is AD going to update Gimp?”

    Actually Group policy will If you set it up to do so, yes. You will just have to do some work.

  16. I don’t have a Windows side. Why would I run Samba?

    So, is AD going to update Gimp?

    I don’t need the glorp in AD. It is of no use. I have complete and convenient control of my systems.

    Hey, I didn’t say AD was heavy but by the EULA you only get it on M$’s server and you have to pay an additional licence for stuff you don’t need with GNU/Linux. It’s all about making money for M$ not serving users.

    Who the Hell cares about “Enterprise” deployments? The big guys use a minority of IT in the world and the world does not need to resemble enterprise at all. Most businesses are small and don’t need AD. They can use GNU/Linux and manage very well. The French National Police use GNU/Linux everywhere and they have 85000 PCs.

  17. Stavros says:

    Yep. That’s why I recommend Debian GNU/Linux so there’s no need for Samba. LDAP and Bind9 and DHCP3 are a piece of cake

    If you want a full replacement, you’re going to need samba as well (for interop on the windows side), NFS (for interop on the Unix side) and depending on deployment NIS/NIS+ for supporting legacy deployments on the Unix side.

    compared to the complexity of that other OS. Complexity kills.

    It’s all already there, and ready out of the box, Windows clients join a domain trivially simply by telling it which domain to join, and the clients all already are designed to function in either workgroup or domain mode.

    It is quite possible to run IT without M$. We don’t owe them a living.

    Of course it is, but that’s not the point. The point is that a deployment who’d employ the use of a domain controller likely already has that infrastructure in place. If you’re building your infrastructure from the ground up, you can surely use an alternative, so long as you accept and are aware than you won;t integrate with the Windows side quite as well.

    HAHAHA! ROFL!!! M$’s stated goal is “A computer on every desk and in every home, running Microsoft software.“

    And we’re talking about domains and enterprise infrastructure here, and you’re citing plans for the home market. Please, try to stay on topic.

    Even at that, there’s really nothing inherently evil about providing a complete stack, many a corporate environment prefers a complete single vendor stack, and all the major players try to do it. IBM and Oracle/Sun provide the entire stack top to bottom, right down to the hardware. HP provides everything but the DBMS, likewise for Bull.

    Nowhere do they mention easier is an objective. Life is easy for users of M$’s OS but only if there are no malware, no old hardware, and no “average” users.

    Again, you’re talking about end users and malware, I’m talking about corporate deployments. Please, try to stay on topic.

    So, M$ sells him a lemon and sells him a package to turn it into a grapefruit and he’s happy. I would rather buy a tomato.

    MS sells a pre-built solution to fit with its existing infrastructure, that’s all. If you’re runnign a Windows shop, you go with Windows Server and ADS, it’s really that simple. If you have a Unix infrastructure, there’s no point in even looking at ADS. You’d be looking at LDAP/NIS+/NFS/Bind.

    It’s cheaper and ready to eat.

    We’re again talking Enterprise deployments, it actually isn’t cheaper, once the support contracts come into play, RHEL and IBM are both reknown for gouging their customers on the support contract end (and if you want your RHEL updates, you need a support contract). Again, I’m talking corporate deployments, and you’re talking home LANs. Please, try to stay on topic.

    Nothing is simpler than a GNU/Linux system using openLDAP, openSSH and the GNU utilities.

    If this were true, openLDAP, SSH and the GNU userland would have been what killed the giant that was Novell Netware, not Windows and ADS.

    OpenLDAP is the very embodiment of overly convoluted (though not quite as bad as NIS and NIS+).

    You can handle any number of machines without a server.

    All a server really is is a machine running services. ADS scales quite well on modest hardware, OpenLDAP while extensible for sure, really doesn;t scale well. But tel me, you’re a school teacher, I’m a Unix SysAdmin at a large telecom. Who’s better fit to talk first hand about scaling countless machines?

    <b.That saves a ton of money, time, energy and complexity. What trash is that other OS that it needs its hand held like that?

    Hand held like what? Setting a Windows Domain is about as trivial as it gets for that sort of thing, but yeah, easy is bad, I know.

    I recommend Debian GNU/Linux. You get all that goodness from a single source with no extra complexity and a package manager that keeps all the software up to date.

    The package manager already ads needless complexity that doesn;t exist on the other side, ADS is integrated, and updates with the rest of the OS. And there’s already a single source. But like I said, if you’re building infrastructure from the ground up, by all means, go with Linux, where you don’t need to care about handling a windows domain.

    The worst part is that your recommendation isn;t even close to being a full scale replacement for ADS, but you would, of course, not know that.

  18. AD is a Kluge of LDAP. It works with scripts on client machines to manage clients but I would rather not eat rice with a fishing pole. I have managed AD a few times on XP/2003 systems and found it tries to hide layers of complexity while preventing me from doing what I wanted. openLDAP is much simpler and does what I need to do in large systems. Here, in my home I have several machines running and I don’t need LDAP for that.

    Consider permissions. I can group my users and give them the permissions they need quite simply with GNU/Linux and openLDAP. With AD, permissions are a mess. You can explicitly give someone a permission but it can be blocked by another rule out of visibility. Who needs that?

    Compare AD with LDAP. Mixing everything into one system may superficially seem to be easier but it’s not. It’s more complex, prone to failure, and locks one in to a particular way of doing things rather than allowing users to choose their own way. M$ deliberately made their systems difficult to manage and then created a mess to simplify management. GNU/Linux skips the unnecessary stuff and is much more efficient. At Easterville, I used multiple terminal servers and openLDAP handily managed the user accounts and groups with no difficulty whatsoever. Where I used AD, the system was sluggish and always getting in the way of doing the job. In one instance AD gave random delays of up to 30s to respond to queries. That’s insane.

  19. Phenom says:

    Pogs, we know you recommend Debian, and we know you don’t know what AD is, too.

  20. oiaohm says:

    NFSv4 style ACL don’t match Windows NT ACL Stavros there is a mapping process required. Reason MS screwed up some of the permission implementation to posix and other standards in NTFS and darn applications expect that behaviour or they will break. So are screw ball. yes even worse just because you accessed X file 5 mins ago the windows server reacts differently to permission enforcement.

    So yes windows applications expecting Windows NT ACLs are in fact expecting NTFS implementation of Windows NT ACLs. That your nice opensolaris is not providing either.

    Basically you have to implement hacks to emulation MS bugs in Windows NT ACL processing so program operate correctly.

    Samba 1 2 and 3 are is a “Primary Domain Controller” Very old tech.

    “LOL no, MS was the primary developer of SMB2.”

    In fact no the sub section of SMB2 that carries non aultered NFSv4 and posix permissions is in fact Samba 100 percent. If you look closer at the OpenSolaris it is from the Samba reference not the Microsoft Reference. There are particular extensions that are samba only not found on MS systems or MS documentation.

    OpenSolaris version of SMB2 did not come with a full test suite and has had to be altered as well as the testsuite has been developed in samba has become more complete.

    “Have you ever tried setting up Samba + LDAP + Bind9 as a domain controller?”
    Yes I have and by the way Samba 4 does support GPO and its many times simpler to do that with since Samba 4 is directly aware of DNS binding.

    Samba 4 also has ntvfs what nicely provides a map between you posix and nsfv4 permissions and ntfs nuts behaviours so that share can say to Windows yes I am NTFS and act perfectly correct for the mangled mess ntfs is.

    The opensolaris guys have got some things badly wrong in there implementation.

    I will give that samba over guessed the work load of what they were doing in Samba 4.

    Ie the plan was to release Samba 4 with ADS and SMB2 at the same time. ADS has taken longer to get operating correctly same with NTVFS. One of the issue has been particularly interesting. Fire up Samba ADS with particular bugs and local MS ads hands everything over and goes off line.

    Opensolaris got sick of waiting for release. Yes Samba had implemented SMB2 first in the development branch. Including the extensions for posix. Before Opensolaris wrote one line of code on SMB2.

    Samba target is something bigger. They lost track of the short term picture for a bit.

    2.6.0 samba is samba remembering the importance to release working code from the development branch.

    Interesting about the Samba 4 development branch is causing the complete samba 3 code base to shrink in size as duplicate code disappears in the merging process.

    Yes shockly Samba 3.6.x has implemented more of SMB2 than opensolaris with less lines of code.

    Reason why GPL bit is important is that was one of the reasons MS gave for no longer submitting code to samba.

    NTLM will still be around in exchange and sharepoint for the next MS server release. This is why I say MS developers have not got the Memo yet. They are still developing on top of it. Even creating some new parts that depend on it existence.

    “Which is all fine and dandy as long as the specification is open, or they have a license allowing them to implement it as they please.”
    IBM never issued MS with a licence to implement as they pleased. There was a term in it that you had to attend regular meet ups and show your alterations something MS had agreed to in writing. So yes breach of contract for advantage over competition.

    Who runs the required meet up that all implementers of SMB and relegated protocols should attend and show there extensions no other than Samba under the blessing of IBM. Yes this is why Samba was required to attend the EU case to state clearly that MS had not carried out there legal requirement of license.

    Fact it was fully illegal what MS did from 1998 to about 2008. Yes MS has been attending the required meet ups to show extensions since.

    It did fact into the equation because the modified implementation was not legal. So the ruling was many times heavier. Right down to granting Samba the right to inspect all documentation handed over to the anti-trust and rule if it was valid or not.

  21. Stavros wrote, “Have you ever tried setting up Samba + LDAP + Bind9 as a domain controller?”.

    Yep. That’s why I recommend Debian GNU/Linux so there’s no need for Samba. LDAP and Bind9 and DHCP3 are a piece of cake compared to the complexity of that other OS. Complexity kills. It is quite possible to run IT without M$. We don’t owe them a living.

    Stavros wrote, “Microsoft’s priority is to make the lives of their customers easier”.
    HAHAHA! ROFL!!! M$’s stated goal is A computer on every desk and in every home, running Microsoft software. M$ has shown repeatedly that it will do anything to accomplish that legal or not. Nowhere do they mention easier is an objective. Life is easy for users of M$’s OS but only if there are no malware, no old hardware, and no “average” users.

    Stavros wrote, “The big Draw of AD is that it simplifies implementation and maintenence.”

    So, M$ sells him a lemon and sells him a package to turn it into a grapefruit and he’s happy. I would rather buy a tomato. It’s cheaper and ready to eat. Nothing is simpler than a GNU/Linux system using openLDAP, openSSH and the GNU utilities. You can handle any number of machines without a server. That saves a ton of money, time, energy and complexity. What trash is that other OS that it needs its hand held like that? I recommend Debian GNU/Linux. You get all that goodness from a single source with no extra complexity and a package manager that keeps all the software up to date.

  22. Stavros says:

    Frankly it makes more sense to use GNU/Linux all over the LAN and avoid the complexity M$ gives to everything.

    Have you ever tried setting up Samba + LDAP + Bind9 as a domain controller? That’s complexity, and you don’t even get GPO out of it. I’ve been there and done that, it makes a lot more sense to buckle down and pay for Active Directory — If, of course, you need all that. You can even use Subsystem for Unix Applications to plug into your existing NIS/NIS+ infrastructure for the retention of user permissions, ACLs and Windows Unix user mapping.

    If all you need is the file-sharing over CIFS, and don’t care about the retention of user permissions and ACLs, or mapping usernames, Samba is fine for that. But it’s really no competition to Active Directory.

    The big Draw of AD is that it simplifies implementation and maintenence.

    So, the reason Samba is complex is because M$ had way to much complexity in SMB1 just to make life difficult for Samba.

    Causality, Pogs. That makes so sense, CIFS/SMB predates Samba. Samba is an attempt to make an open implementation of CIFS/SMB filesharing, SMB/CIFS had to exist before Samba did. To suggest that the original protocols were complex simply to mess with Samba is revisionist at best, and completely asinine at worst.

    The main purpose of SMB was to make CIFS feasible over the WAN, which wasn’t really necessary in the time of the original implementation, it was designed for s mall to midsize LANs. Again to say SMB2 was reworked to mess with Samba is completely asinine. That Linux and Unix are employing Samba to use Windows file sharing, and join Windows domains is a good thing for MS, it means the world is consolidating around their technology.

    M$ has worked for years on SMB2 and you expect Samba to get it right instantly?

    a) The samba team had the specifications and relevent documentation readily available, yes I expect them to get it right.

    b) Sun supported SMB2 right out of the gate,

    The world would be better off using the original CIFS and leaving M$ complexify its own stuff. For example, why mix file sharing with printing?

    Because it makes sense to have everything in one place, it reduces the complexity of deployments. Believe it or not, Microsoft’s priority is to make the lives of their customers easier, and nopt to make it easier for the Samba team to reverse engineer and re-implement their tech.

    It makes a lot more sense when you look at the AD infrastructure for what it’s supposed to me. It’s not just file sharing, it’s not just printing and it’s not just DNS. Once you get what a Windows Domain is for, and what it does, it actually makes a lot of sense.

    ———

    Stavros “ZFS’ NSFv4 ACLs are fully compatible with Windows NT ACLS” Lier they are not. The compatibly is done the same way as Samba 4.

    Yes, they are, in domain mode, it will even map UID to GIDs and retain permissions and ACLs. ZFS ACLs were modeled after fine-grained NFSv4 style ACLs expressly for the sake of being fully compatible with, and easily translatable to and from NT ACLs.

    The whole point of the implementation (and it’s more than just on the ZFS end) is interoperability, which is why there’s seamless NBMAND and NFS integration as well, compatible ACLs and cross-protocol locking is a beautiful thing.

    Stavros solarias does not have a project to replace the ADS server samba does.

    Of course not. that would be pointless. What it does have is a means is a means to integrate into a Windows Domain (the Solaris CIFS facility in domain-mode) which will automatically map UID to GIDs and vice versa, if domain mode is enabled (it sensibly defaults to working in Workgroup-mode)

    Keep in mind that Solaris is purely an enterprise solution. An enterprise likely already has a Windows infrastructure in plain, and it makes more sense to integrate into the existing AD Domain, and seemlessly use it as a bridge between the Windows and Unix side of your infrastructure, and integrate the two together.

    However, you CAN use Sun’s OpenDS and OpenSSO (now called OpenAM, I think) to build a Primary Domain Controller on Solaris if you want to, but the operating word here is CAN. It’s possible, and even plausible, but not really what it’s for. It’s more for integrating into your existing infrastructure and making these facilities available and the application layer, hence being JEE WAR deployable.

    Replicate your AD PDC to OpenDS, and deploy it as a JEE library, integrated into OpenSSO/AM and now your JEE infrastructure plugs right into your existing domain infrastructure, cheaply and easily.

    on the filesharing end, it doesn;t really need to replace ADS, it’s authenticate against and integrate into either just as easily. Solaris even has the possibility to integrate into an existing AD infrastructure out of the box (there’s an install time option to use Kerberos) for the same reason.

    They COULD develop their stack into a replacement for ADS, but there really isn’t much point in it. It’s not what people want. Integration and interop is more important these days, heterogenous infrastructure is a fact of life on the Unix end, these days. It’s quicker, easier, simpler and both more time and cost effective to go with ADS, especially when chances are that it is already in place.

    And SMB2 is support by Samba 3.6.x but samba personal like have a full test suite before signing off as operational for all users.

    Keep in mind that conversely, the Soalris implementation that debuted in OpenSolaris has been production-ready out of the gate, and that Solaris 10 had Samba bundled before then. It wasn’t good enough for what they were targeting, so they rolled their own, and even made it open source (CDDL), and made it so CIFS and the windows domain infrastructure is treated as first class citizen in Solaris alongside NFS and integrated the two together, rather than as a tacked on addition.

    So yes when was Smb2 released and MS

    LOL no, MS was the primary developer of SMB2.

    Also Stavros about NTLM being dead about time you send Microsoft the Memo. Reason why does Exchange and Share-point use as login tracking by default.

    Legacy compatability. Your old infrastructure that is already in place needs to be able to work, it really isn’t complicated. Reading comprehension, Ohio Ham. It’s around for legacy compatibility, they advise against using it on new deployments.

    NTLM. This is one of these cases you have to go out of way to remove.

    Of course it is. There’s all kinds of legacy deployments which use NTLM, this is how life works at the enterprise, you gradually phase out the legacy stuff, but it still needs to work until it’s time to move on.

    because NTLM alterations from Microsoft was not about legacy.

    NTLM itself is about legacy. Try harder. as for it being under GPL3, sure, why not? It’s not like they had a choice, the Samba project is GPL3, it doesn;t accept proprietary contributions, wouldn;t make much sense, would it?

    It’s not the first time, they release something open source either.

    MS took another companies protocol extended it and did not document what they had done.

    Which is all fine and dandy as long as the specification is open, or they have a license allowing them to implement it as they please.

    What made them lose the antitrust case, was that they had a dominant position in the market and were using their modified implementation to cripple competition. where the protocols actually came from never factored into the equation.

  23. oiaohm says:

    Ivan mind stopping being repeating the Cups 1.2.0 in 2007 had the web interface complete rebuilt to prevent those errors. Yes a 2004 message about cups web interface being defective is out of date and incorrect to the current day interface. There are still issues but nothing like what it was. In fact even the 2004 interface was usable if you followed the manual. Did not tolerate any creativity as esr found out. Really no different to MS exchange that way.

    In fact I regularly use cups with windows. Cases where the driver for windows don’t work due to throwing a dep error and other issues. Cups uses the MS standard postscript driver at a min. With advance functionality if you add on Cups own extension drive to MS postscript driver. So it will work perfectly with every version of Windows. Only variation will be level of function. But even so like 4 pages to a page on printers that don’t have that in there default windows printer driver as well.

    Yes running a print on a Linux box in cups then providing to windows clients can save paper due to making the printer more functional. Yes functionality at times of a printer worth twice the printers price tag.

    Stavros one of the shocking things out of the EU case was that microsoft did not have a test suite for their protocols and the documentation they were using was defective. Explaining all those cross windows version abnormalities that would turn up all the time. Every windows users should be thanking the EU for that case. It has made windows networking many times more stable since it forced Microsoft to get there documentation in order. Yes some of the others in the EU case were government in the EU complaining about network issues between different versions of windows..

    Stavros “ZFS’ NSFv4 ACLs are fully compatible with Windows NT ACLS” Lier they are not. The compatibly is done the same way as Samba 4.

    Stavros solarias does not have a project to replace the ADS server samba does.

    And SMB2 is support by Samba 3.6.x but samba personal like have a full test suite before signing off as operational for all users. Please be aware that the samba test is the item that Microsoft, Oracle, Hp and basically everyone else uses to see if they have the protocol right.

    So yes when was Smb2 released and MS has not got around to producing a test suite yet. So leaving it to samba todo.

    Also Stavros about NTLM being dead about time you send Microsoft the Memo. Reason why does Exchange and Share-point use as login tracking by default. NTLM. This is one of these cases you have to go out of way to remove.

    “Windows Admin tools snap-ins to administrate the Solaris CIFS service.” This is true with samba 4 as well even that it not ready for production.

    Solaris CIFS is not that special really. Samba 4 prime target is to replace the ADS server. Along the way a lot of other functionality has been developed. Lot of this has not made it back to the stable branch yet.

    Stavros you really don’t know what you are talking about because NTLM alterations from Microsoft was not about legacy. Also note the code as released under GPLv3. This is highly abnormal for Microsoft.

    If more keeps on coming we could call this a restart of relations between samba and Microsoft. Upto 1996 MS and Samba were on good terms. Over the 1997-1999 the relationship broken down. Year 2000 it become a complete cold war that the EU was called in to break up.

    Be aware SMB NTLM…. All these protocols are based on protocols IBM designed. Not Microsoft. This is why MS so badly lost the EU case. MS took another companies protocol extended it and did not document what they had done.

  24. oldman says:

    “The MS networking stack with all the hidden check-boxes and disjointed snap-ins was a royal pain to administer c. 2000-2001. ”

    Who cares, its 2011 now and we are dealing with Windows 2008 R2!

  25. oe says:

    The MS networking stack with all the hidden check-boxes and disjointed snap-ins was a royal pain to administer c. 2000-2001. What I wasted doing for three solid days with a (the screaming) new Pentium 600Mhz and failed to set up with Win2K (an outward facing web and inward facing file/print server) took 90 minutes on a P-90Mhz, installing RedHat6, reading the HOWTO’s on samba.conf, apache.conf and the final product was faster in file, web, and print serving than the attempt with IIS (what a load crap that web server is/was…). It’s nice having all the config’s in one human-readable file, complete often with copious examples and comments. Dare I state the additional power that bash shell scripting also afforded….

  26. Ivan says:

    “GNU/Linux uses NFS or SSH for file sharing and CUPS for printing.”

    Last time I set up print sharing in CUPS (not that long ago) Aunt Tilly* was still SoL. If you want to whine about complexity, Bob, fix that.

    * http://catb.org/~esr/writings/cups-horror.html

  27. If that were true, M$ could just let Samba die but they did not because it offends M$’s customers that M$’s OS does not play well with GNU/Linux. It has nothing to do with the EU thing. M$ gave the specs. That was all the EU required them to do. M$ at one point offered to release code and the EU said they didn’t want it.

    Frankly it makes more sense to use GNU/Linux all over the LAN and avoid the complexity M$ gives to everything. Think: what is SMB2? “SMB2 reduces the ‘chattiness’ of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[7] It has mechanisms for pipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number of round-trips the client needs to make to the server, improving performance as a result”

    So, the reason Samba is complex is because M$ had way to much complexity in SMB1 just to make life difficult for Samba. SMB2 is a more sane implementation but they changed everything again. M$ has worked for years on SMB2 and you expect Samba to get it right instantly? Nope. Coding is not like that. Because of the diversity of the ecosystem, Samba has to have all of the complexity of SMB1 plus the newer stuff.

    The world would be better off using the original CIFS and leaving M$ complexify its own stuff. For example, why mix file sharing with printing? That’s totally unnecessary complexity. GNU/Linux uses NFS or SSH for file sharing and CUPS for printing. That works. M$’s stuff has been all about lock-in and creating complexity to prevent interoperation all along. Now that they are required to interoperate does not make all that legacy complexity go away. M$ does have to help Samba or they will lose customers.

  28. Stavros says:

    GNU/Linux is now so pervasive that M$ needs Samba to work to make M$ look good.

    Actually, the antitrust case in the EU forced Microsoft to help the Samba team.

    The last time I worked with Samba, XP clients were OK but “7″ was stubborn. I just could not tweak Samba to work with “7″ in a reasonable length of time.

    That’s because Samba doesn’t yet fully support the SMB2 spec and protocol, which windows (and Solaris’ built-in CIFS server) use, but is stuck on SMB1.

    The issue was NTLM, M$’s moving target of an authentication scheme. That’s the contribution M$ has made to make Samba work better with authenticating M$’s clients. M$ does not even recommend using it but many LANs still do.

    Case in point. NTLM only still exists for legacy support, it should not be used in new deployments, and everyone who doesn’t need to keep using it, should move to the “new” auth scheme ASAP. If Samba supported SMB2 none of this would be an issue.

    This is the same reason Windows WebDAV implementation had to continue to support basic (plain text) authentication so long, because mod_dav just doesn;t work well with digest auth (and now it’s a problem because Vista and later don;t support basic at all anymore)

    Chuckle. You know you’re winning when the enemy has to keep you alive…

    I wouldn’t call it winning. Samba doesn’t support the new stuff, it barely supports the old stuff, when they have to step in and make ity work themselves, it’s a sign that FOSS is going nowhere.

    For contrast, Samba has been going on for how long now? The Solaris CIFS service by comparison, not only supports SMB2, but supports the specification so completely that not only do Windows clients think it’s actually a Windows server, you can use the Windows Admin tools snap-ins to administrate the Solaris CIFS service, the Windows Shadow Copy for shared folders client works out of the box with it, picking up ZFS shares allowing for rollback and individual file recovery, all in the properties pane GUI, beyond that, the whole system was overhauled and ZFS’ NSFv4 ACLs are fully compatible with Windows NT ACLS, you can plug it into a domain, and it’ll even map your users for you. (and it’s all OSS, under the CDDL) for contrast, the CIFS service is not available in the latest update for Solaris 10, it was new for OpenSolaris/Solaris 11.

    And that’s all out of the box. Samba is just a piss poor implementtion.

    The ultimate irony of your conclusion is that there isn;t even a need for anti-competitive tactics. Microsoft has to step in to make Samba work, even in legacy mode, which is more of a sign that you’ve lost than anything else.

    The fact that these limitations that Microsoft has to fix themselves, only shows that Samba is a far, far cry from even thinking of replacing Active Directory for this purpose. there’s no need to be anti-competitive, samba isn’t competition. Frankly, it makes more sense to use NIS+ on Windows’ POSIX subsystem that it does to use Samba as a Windows file server.

  29. Sharing files with Apache, sshfs, or NFS is far more stable than 2003.

    Last time I used Samba, it was quite possible to use the GNU/Linux user accounts. The accounts of that other OS were a nightmare what with spaces in them and all…
    “Every Windows network user account must be translated to a UNIX/Linux user account. In actual fact, the only account information the UNIX/Linux Samba server needs is a UID. The UID is available either from a system (POSIX) account or from a pool (range) of UID numbers that is set aside for the purpose of being allocated for use by Windows user accounts. In the case of the UID pool, the UID for a particular user will be allocated by winbindd.”

  30. NT JERKFACE says:

    Sharing files with 2003 is far more stable than Samba.

    This type of stuff still happens with Samba:
    https://bbs.archlinux.org/viewtopic.php?id=126059

    Samba still has quirks after all these years and isn’t well designed. Keeping all shared settings in one giant text file doesn’t make any sense and you can’t blame M$ for that. Why does Samba not make use of the existing Nix user system? So goofy.

  31. After fooling with 2003 for years I am happy to use a GNU/Linux server without the need for Samba. I like my protocols well defined and stable.

  32. NT JERKFACE says:

    You and Nichols seem to have forgotten that Samba is also used by OSX. If there is an increase in its use it is likely in mixed home networks.

    Samba is a waste of time in a business network. Since the typical business wants Other OS services like Exchange there is little point in having a dedicated Linux server. And once you have used Server 2003/2008 the idea of dicking with Samba.conf and Linux updates isn’t very appealing.

    Since you seem to have so much free time how about doing some QA for Samba 4? The people’s coding army seems to be taking their sweet time with it.

Leave a Reply