Samba Traffic #4 For 22 Dec 1999

By Peter Samuelson

Table Of Contents


The full-scale invasion of the samba and samba-ntdom mailing lists by bug reports and configuration questions is now complete. Many if not most of these reports are relatively unexciting, something along the lines of "I'm using Red Hat 6.0, and Windows machines aren't seeing my Samba server. Here is my smb.conf file..." followed by said file.

Although not so interesting in themselves, these articles do make manifest what open source advocates have known for a long time: among its other benefits, free software tends to foster a culture of free advice. A Usenet newsfeed or a mailing list can be a very valuable resource; better, in some cases, than a support contract. While we can't really have any idea how many Samba-related questions Microsoft tech support answers every day, we can see how many Microsoft-related questions ordinary Samba users answer every day, and it is most impressive.

But it has been noted that this model does not always scale. As more people out there discover free software such as Samba, many of them enter these support fora with the attitude that there is such a thing as a free lunch. They pop in, ask a question, get an answer, and are never heard from again. Answering support questions get less and less fun the higher the ratio gets of supplicant/oracle. This may have happened (depending on whom you ask) to the newsgroup comp.lang.perl.misc about a year ago, resulting in the creation of comp.lang.perl.moderated. The aim of that move was to curb some of the more obvious abuses, such as posting the truly frequently-asked questions. How effective this has been depends, again, on whom you ask.

As more and more people upgrade from Windows NT to Samba for their file and print services, and soon for their domain services, the Samba world may be heading for a similar Tragedy of the Commons. So far there are no direct signs of this on the mailing lists, but the subject of people who insist on free tech support just because there can be free tech support has come up a few times recently. Not a new problem, in the Samba world or elsewhere, but likely only to get worse. Stay tuned.

Mailing List Stats For This Week

We looked at 381 posts in 876K.

There were 191 different contributors. 70 posted more than once. posted last week too.

The top posters of the week were:

1. Splitting Up Samba Binaries, 'Interesting Times', and Remote Service Management

12 Dec 1999 - 14 Dec 1999 (39 posts) Archive Link: "MSRPC daemons"

People: Luke LeightonGreg LeblancJames WillardAndy BakunSander StrikerKevin ColbyJean François MicouleauJim TroutmanAndrew Tridgell

Luke Leighton, as covered in Issue 3, Section 5 (sm19991215_3.html#5) , has been wanting to split Samba up into more semi-independent daemons for some time now. Well, it has begun:

the first pass now has the following MSRPC services as separate daemons:

samr - samrd
lsarpc - lsarpcd
srvsvc - srvsvcd
wkssvc - wkssvcd
spoolss - spoolssd
NETLOGON - netlogond
browser - browserd
svcctl - svcctld
winreg - winregd

and guess what? if you don't want to run any of these services... YOU DON'T HAVE TO!

He continued with some details about which daemons to run to get what functionality. He concluded with "we live in interesting times!" Sander Striker, like any true Pratchett fan, immediately thought of and generally recommended Pratchett's book Interesting Times.

(ed. [] We might present an link to the book, but for the uncertainty ( over just how many times you would have to click....)

Goeffrey Lee liked the idea of not having to restart all of Samba just to change a config parameter. Martin Welk elaborated that it would be nice for a daemon not to die if you had just made a typo in the config file. One obvious solution is to validate your config file before deploying, as Greg Leblanc noted: "I think it's called 'testparm'. :) It's been there for as long as I've used samba, and I run it before I restart smbd to change config." Others floated ideas about extending testparm to not only validate the file but to regurgitate the contents, filling in default values so the administrator can see exactly what Samba will see. Steve Litt apparently has written such a beast, but not yet in polished, release-quality form.

James Willard wondered: "how difficult would it be to get "Services..." under Server Manager to be able to start and stop these?" Luke replied that he had already hacked up something to this effect.

And so he had. Not long after, Luke posted again under the thread CVS update: samba/source/include (fwd) ( , continuing a discussion from samba-cvs where Andrew Tridgell had taken issue with this code. Luke's side of the story: "andrew does not want me to add the ability for unix admins to decide whether to start and stop unix services. i definitely want to add the ability to start and stop msrpc services, as i find it a bit of a pain to do a killall srvsvcd; make; bin/svcctld about once every ten minutes throughout the day." He continued, "if you don't speak up in favour, start/stop services as remote administrator certainly won't ever get added."

There were a few ayes, but mostly nays. Everyone was concerned about the security implications, and more than a few about the implications of turning the average NT admin loose on a Unix box. A few highlights:

2. More Unofficial Samba Documentation

12 Dec 1999 (1 post) Archive Link: ""One users experience" for Samba!"

People: Alexej Kupin

This was just one post, a pointer to a web page. Alexej Kupin is a satisfied Samba user completing a major project involving Samba. In his own words:

After I put some tips and trix on the Samba-Mailing list many people sent me a thank you letter... At the end of my work I decided to put all of my experience on the Web. I hope that it will help and will save you time...

This document contains a description of my experience with Samba and will show you step by step how to install, setup and use Samba and Samba as PDC. You will find here many solutions (e.g. NIS-password synchronisation, server-profiles,etc...)

Additionally this report gives you an overview of existing solution for integration of Windows & Unix-systems in one LAN.

3. Help With Refuting FUD

13 Dec 1999 - 14 Dec 1999 (4 posts) Archive Link: "Comments request to refute arguments about Samba..."

People: Marc FournierPeter PolkinghorneDave Collier-BrownLuke Leighton

Marc Fournier, busy deploying Samba to replace legacy systems, was feeling a bit of pressure from his boss. It seems the local Netware department was making it clear how horrible and outdated Samba is. Marc posted to samba: "Any comments/refutations/etc most definitely accepted..."

Peter Polkinghorne went at the FUD point-by-point. First he gave an idea of how Samba can scale: "Well we have 20,000 users, 40+ active Samba servers and 1 workgroup (and of course no browsing). NBT alluded to below means workgroups can span subnets." Then he responded to the accusation that you need bridging: "Samba does not work with vanilla unroutable NetBEUI, but with NBT (ie NetBIOS encapsulated over TCP - thus routable). Using WINS (which Samba can provide) broadcast traffic can be reduced." As to Solaris being way too insecure, he said, "Well these days Solaris is reasonably well secured - all OS makers have woken up to varying extents to security needs - even Microsoft." He made a few other points as well.

Dave Collier-Brown had his say, too. Responding to the accusation that Samba uses an obsolete protocol described in "Microsoft Lan Manager, Programmer's Reference", he was brief: "Very much obsolete... known as "CORE" protocol, and no longer used." About the insinuation that Samba could not interact with a modern network, "Interworks between PC/MT, Mac (dave) and Unix (samba). Works reasonably across subnets (TCP is routable)," though he opined that the true universal connectivity solution may be AFS. On the amount of RAM needed: "I usually recommend 1/2 MB per active child process, where active means "currently reading or writing". Inactive processes end up paging their data and stack out, so they require 0 MB (;-))" He also noted that on a large Solaris server, you want to enable the priority paging option.

Luke Leighton had the simple suggestion of stripping binaries to make them smaller.

(ed. [] (Note: on a demand-paged OS, i.e. any modern Unix system, this will not affect the memory usage of the processes, just the disk space the executables take up.))

4. Documenting Samba Code, Why Or Why Not

15 Dec 1999 - 17 Dec 1999 (19 posts) Archive Link: "source code documentation"

People: Osama Abu-AishLuke LeightonJeremy AllisonAndrew TridgellChris HertelRichard SharpeRyan Russell

Osama Abu-Aish asked what he most likely thought an innocent question: "wold it be possible to put a little bit more documentation IN the sources? I know that this is something very awful and unpopular, but think of the huge amount of time and energy that is wasted by everybody trying to figure out simply WHAT the source is actually doing and what all the #defined values mean."

Probably at least 9 of 10 programmers would much rather code than document, but that wasn't what sparked this animated discussion. It came out that Luke Leighton doesn't like to document his code for a much more complicated reason. He works in the frightening space of NT domain controller code -- which Microsoft itself has never freely documented because they consider it a trade secret. In developing Samba, he has to reverse engineer these protocols, but if a third party were to come along wanting to do the same thing, they would most likely look at the Samba code and save themselves a lot of effort. Moreover, the third party might reimplement some of this, and incorporate it into a proprietary product, which would not benefit him in the least.

In short, Luke doesn't want to document code because the more he does it, the easier it becomes for a malicious (read: competitive) third party to do the above. "when i get paid to work on samba full time, i will put useful comments in the code. until that time, i will make it difficult for people to be able to examine the samba source code and make more money out of a commercial smb project than i am (currently close to zero, and certainly not enough to consider living on)."

Jeremy Allison reminded Luke: "You should also realize that you could get a job with Cobalt/Realm/NetMax/Veritas etc. etc. in a heartbeat - you'd just need to conform to some American corporate practices. That's the real problem :-). You know it, and I know it :-). You know. Work 9-5, attend staff meetings, that sort of thing :-)." He even offered to help Luke network (no pun intended).

Andrew Tridgell put in "my 2 cents on this" . He packed a lot of meat into 351 words (much more, in your editor's opinion, than two cents' worth); it is Easier To Hyperlink Than To Summarize ( TM.

Richard Sharpe and Chris Hertel agreed that some people do seem to expect Samba developers to work, effectively, for free. Chris said, "I seconded Richard's observation that there are a lot of folks out there who are expecting (sometimes demanding) us to happily give them our time, effort, and knowledge with nothing offered (to us or the commuity) in return. This is not acceptable." Richard replied, "Indeed. I have offered consulting help to these organizations, but they all seem unwilling to part with any dollars. Stinks really."

The idea of a Samba IPO somehow turned up, and Ryan Russell offered -- only partly in jest -- "Hey, I know most of you guys are stuck in Australia. If you like, I'll pop down to San Hill Rd. and talk with the Venture Capitalist guys for you. I'd even be happy to run your Silicon Valley branch for you. All for a very reasonable small percentage." Chris reminded him, "Actually, we're all over the world. Samba started in Australia, but there are now folks in the America's (north and south), Europe, and possibly elsewhere."

5. Luke's Grandiose Rewriting Plans

15 Dec 1999 - 17 Dec 1999 (14 posts) Archive Link: "[samba-tng] msrpc status"

People: Luke LeightonAndrew TridgellMichael TokarevSteve Langasek

Luke Leighton does not know how to stop thinking of new features and new ways Samba should be doing things. His current playground is the SAMBA_TNG CVS branch, which until recently was HEAD, the default development branch. Here he gave a status report of Samba, the Next Generation, as he saw it:

tasks completed so far:

1) creation and implementation (first) of msrpc daemon architecture.

this has smbd construct msrpc PDUs which are fed through a unix socket over to msrpc daemons. each msrpc daemon listens on the unix socket for connections (which are triggered by an SMB open) and forks() to accept the incoming connection, just like smbd does and for exactly the same reasons that smbd does (security, reliability, simplicity etc).

He then listed several alternative architectures which could accomplish much the same thing. Then: "2) msrpc loop-back interface, aka "ncalrpc" in dce/rpc terminology." More implementation notes, including possible extensions. "3) rpc client smb / msrpc split (more transports, client-side)" ... then a few more details. Next was:

4) lsarpcd lookup names and sids rewrite

lsarpcd now no longer access the smb password API database. it uses samr_lookup_rids and samr_lookup_names to query the SAM database (using the new msrpc client loop-back code!) and uses lsa_lookup_sids() and lsa_lookup_names (against using msrpc client code but this time onthe SMB transport) to recursively loop up any names not in the same domain.

and if you think this is horrible, complain to microsoft about the the risks of recursion, not to me: it's exactly what NT does :-)

More entrails, then, finally: "5) msrpc redirector agent. like smb-agent, this manages smb connections. it records the credentials of incoming connections, and allows for "reuse" of connections between clients and servers. this can be used to reduce the number of connections (and therefore the number of processes) to one per set of user credentials." But then he speculated that this last bit of code may be a dead end; he wasn't sure yet.

That was the "currently-done" report, but Luke wasn't finished. He continued with his to-do list, seven items within his own code and three small parts of Samba to rewrite.

At this point OS capabilities entered into the discussion. Andrew Tridgell disagreed on a few points, including Luke's proposed hierarchy for Unix domain sockets with which to communicate between the daemons. Luke protested that some versions of Unix have a bug that makes them unable to set permissions on socket files; thus you have to control permissions through the directories they are in. Solaris 2.4 seems to have been one such. Michael Tokarev, meanwhile, wanted preliminary multi-threaded support put in, while Luke was rewriting everything anyway. Luke was aghast: "argh. no. horrible. :) threads are non-ansi-c-portable. you want us to exclude loads of people? *sigh*" Steve Langasek pointed out that thread-safe library functions are not the same thing as actual multi-threaded code; if the former were in place, the latter would be relatively easy to tack on for those OSes that can use it.

Another minor point of discussion was whether to run the new MSRPC services as root or not. Tridge thought Luke was just a little too paranoid about using the root user in general: "get over your root phobia. I suggest you spend 10 minutes logged in as root 3 times daily till the tremors and cold sweats pass :)"

6. Samba CVS Branches Shuffled Around

16 Dec 1999 - 17 Dec 1999 (7 posts) Archive Link: "New Version in CVS??"

People: Lonnie BorntregerJens SkripczynskiAndrew TridgellSander Striker

Lonnie Borntreger asked on samba-ntdom: "I just got the latest CVS. The version is now pre3.0.0 instead of 2.1.0-prealpha. What happened to 2.1? And the lsarpcd disappeared. Should I no longer be looking at the "head" branch, or did 2.1 get nixed?"

Jens Skripczynski reads the samba-cvs list, so he knew. "Seem's that the samba 2.1pre Shall become the 3.0pre Version. As there is already a big updating process going on between 2.0 and 2.1." Sander Striker was curious about the CVS mailing list, so Jens told him how to join it.

The most coherent explanation of the new layout was the announcement by Andrew Tridgell in samba-technical. It boils down to:

7. Gripe Session on Open-Source Leeches

16 Dec 1999 - 17 Dec 1999 (5 posts) Archive Link: "Commercial organization suckage wrt Samba"

People: Richard SharpeChris Hertel

This thread had very little technical significance, but it fits in very well with the Theme of the Week. Speaking of themes for the week, by the way, this week was a good one for rich, poetic writing. Richard Sharpe's post is definitely in the "long excerpt" rather than "summarize" category:

I have been contacted by various people over the last twelve months. Said people have all been trying to implement various forms of SMB server, mostly for embedding in printers.

None of them have come bearing gifts, and seemed to simply want to suck off of the effort I have put into learning about the SMB protocol and the Samba source code. None have offered pizzas, tools, knowledge, etc, in return, at least not to my knowledge.

This last one seems to take the cake.

It would seem that Texas Instruments, if that who is, is wanting to build an SMB capable printer. They seem to have subcontracted the work to their Indian Development Branch.

I got an EM from a very imperious fellow who want to know all sorts of things. I was busy at the time giving courses and working on more decoding of the SMB protocol in Ethereal, so I did not reply.

A few days later, I got an even more imperious message from this fellow saying that he was waiting for my reply. I refrained from sending back that I was waiting for some money, and pointed out that the info he needed was in Ethereal and Samba, and, but for the want of a clue (converting HEX to Decimal), he would have stumbled over it :-) I did however object to being asked to do, for no recompense, the work he was being paid for.

It seems that this fellow was non-plussed, and today I got an EM from one of his compatriots in the US. This EM was much more pleasantly constructed, but still asking for the same info, and likewise, sans gifts :-(

I provided more clues.

However, it would appear that the world is full of people who want others to do their work for them.

So endeth my gripe for the day.

Chris Hertel replied with a miniature essay on open-source quasi-communism (not his words) versus laissez-faire capitalism. It was not badly written either, so he shall have equal time:

Big business has smelled the roses of the Open Source movement. They've seen Red Hat, VA Linux, etc. fly with this stuff and believe that they are entitled to their share.

Big business being big business, and Open Source being Open Source, there is a culture gap to be faced. What makes the Linux start-ups successful is that they've come to grips with this and are forging a new model. It's not a perfect model but there is, at least, some effort. The real test will be seeing how much these newly-made millionairs put back into the community.

Many people in the commercial world cannot bring themselves to grasp the Open Source way of thinking. Our currency is different than theirs. We deal in cooperation, fun, learning, philosophy, social values, etc. These things often mean nothing to people who are used to dealing in terms of money. Their work, their time, their thoughts all objects to be exchanged for money.

Here in the US, most people are comfortable with the idea that you cannot own the air we breath. Yet we have no trouble with the idea that you can own land or a lake full of water or the fish in that lake. (Minnesota has over 15,000 small lakes and yes, I do know someone who owns an entire lake.)

Then there is "intellectual property". Again, some people believe that ideas are objects that can be bought, sold, and owned, and that they can put up big "No Trespassing" signs. Did you know that there is a patent on the XOR operation?

There are, of course, a spectrum of opinions regarding what ideas may and may not be considered property. The Open Source movement is founded in the belief that ideas should be shared, for the benefit of all.

That sharing has its own currency. When I first started using Open Source software I had little to give in return. I started writing my binary tree modules just so I'd have something. It worked. :)

There is, however, no money involved in that kind of environment. To someone who deals entirely in terms of ideas as property to be traded for money, this is inconceivable. They can't get it, as it contradicts their very being. This profound lack of understanding causes all sorts of trouble.

If, in a ideas-for-money context, you give ideas away for free then the ideas must not be worth anything. Either that, or you are being compensated in some other way and, thus, 'owe' your time to the community. This latter is more-or-less true in an Open Source community. The problem is that the ideas-for-money crowd doesn't know how to be part of that community.

Your pen-pals are obviously under the impression that we owe them our time and effort. They don't understand that they have to put in to get out. Further, they won't understand that what they get out will not belong to them even if they do put in. Our model is one of continued gain for all--everybody wins. Theirs is a competitive model in which the degree of winning is measured not only by what you have, but by what the others do not have. This be the crux of the problem.

What more is there to say? So other people contented themselves with general agreement. A good gripe session was had by all.







Sharon And Joy

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.