Table Of Contents
|1.||22 Jan 2000||(1 post)||Snapshot of Samba-TNG Available|
|2.||25 Jan 2000 - 26 Jan 2000||(4 posts)||Wanted: Universal Domain Controller|
|3.||25 Jan 2000 - 27 Jan 2000||(5 posts)||Newsflash! TNG Code Not Stable|
|4.||28 Jan 2000||(7 posts)||Unnecessary User Lookups|
|5.||28 Jan 2000||(1 post)||Samba 2.0.7 Coming Soon|
|6.||27 Jan 2000 - 28 Jan 2000||(27 posts)||Databases Versus Text Files|
This week, although list traffic was at a healthy level, several of
the more important threads seem to be ongoing, so there just isn't as
much to report as usual. Luke Leighton's Code Reorganization Project
Of The Week (he really does seem to have that many of them) is to
rewrite Samba's whole server-side RPC API, with the goal of matching
Microsoft's own API (which they document in MSDN, the Microsoft
Developer Network) as closely as possible. He has enlisted the help of
quite a few people, splitting up the various RPC subsystems between
them, and much of the hard work is done now. Meanwhile, though, the
SAMBA_TNG branch may well be unusable for the near future,
while bugs are worked out.
On a completely different front, we have mentioned in the recent past that Jeremy Allison has been polishing up the 2.0.x code for another release. This week he officially released an alpha of 2.0.7, so the real thing may follow soon. Note that several minor problems with the prerelease have been reported so far (only some of which are new; others are left over from previous Samba releases), so wise administrators may wish to keep it off the important servers for awhile.
Mailing List Stats For This Week
We looked at 923 posts in 1536K.
There were 230 different contributors. 80 posted more than once. 53 posted last week too.
The top posters of the week were:
1. Snapshot of Samba-TNG Available
22 Jan 2000 (1 post) Archive Link: "SAMBA TNG - Alpha release"
People: Luke Leighton,
Luke Leighton announced on
for the benefit of those people who are unable to use cvs, i have created an alpha release of SAMBA_TNG:
please read the
WHATSNEW.txt and the
source/README before proceeding.
This release happened before Luke shook the branch up with the RPC API conversions, so it is definitely somewhat out of date by now, but probably more usable than the latest CVS.
2. Wanted: Universal Domain Controller
25 Jan 2000 - 26 Jan 2000 (4 posts) Archive Link: "login server for *any* domain"
People: Daniel Stenberg, Luke Leighton,
Daniel Stenberg wanted a rather strange bit of functionality. He
posted thus to
"We want our samba machine to work as a login-server for all
possible domain names (eventually also with a specified list of
exceptions). This could probably be made if the master browser gets the
capability to keep a default login-server for unknown domains. This
also forces the login-server to be able to respond to an "any-domain"
request. We want all users with any password that login with whatever
domain to be acknowledged and approved to "login". This is probably as
easy as to not make any real password check in the
In other words, he doesn't care so much for
actually authenticating known computers, but wants each workstation to
think it is in the domain it wants to be in. (One wonders why he
doesn't just settle for workgroups ... but nobody asked.)
Luke Leighton pointed Daniel to a bit of old experimental code, ftp://samba.org/pub/samba/contributed/samba-1.9.16alpha-multi-wg.tar.gz. He explained, "examine the design restructuring in nmbd. that version of samba was capable of being a domain master browser for any domains you told it to be. if you want that functionaliity, i suggest that you attempt to recreate it in samba cvs main (3.0)."
In another post, Luke continued, "it'd be really good if you could do this, it would save a lot of trouble. there are, however, some design issues that need to be carefully dragged up from over three years ago and dusted up. they'll be in the samba archives...."
3. Newsflash! TNG Code Not Stable
25 Jan 2000 - 27 Jan 2000 (5 posts) Archive Link: "Latest support for PDC, BDC, trusted relationships"
People: Pedro Luis Paniagua Moreno, Lars Kneschke, Luke Leighton,
Pedro Luis Paniagua Moreno had a rather common question on
samba-ntdom. He wanted information on a stable version of
Samba that could serve as a BDC on a domain with no real user accounts.
"I thing TNG should
do it, but i'm confused as how to get it."
Lars Kneschke confirmed: "This should work with the current samba tng from the cvs. But you need to create useraccounts at the linux bdc for every domainuser, if want to share some files on the linux bdc." He also gave the obligatory pointer to his Samba-TNG web page (http://www.kneschke.de/projekte/samba_tng) , which is possibly the best Samba-TNG resource out there right now.
Pedro Luis then asked,
this code (TNG) stable enough as to plan to install on a production
Domain (about 35 users). Should I risk and try or better I wait till a
production release (any date?)."
Luke Leighton didn't have a
release date, but his answer was one people would do well to heed:
"neeh, give it a couple of weeks, at least.
there are some big restructures going on, plus the
passdb/*.c code is so horrible and unreliable i
can't... nngh! i hate it, it's next on my hit-list."
4. Unnecessary User Lookups
28 Jan 2000 (7 posts) Archive Link: "Service-names and computer-names checked for in getpwnam"
People: Mattias Gronlund, Richard Sharpe,
Mattias Gronlund wondered aloud on the
"Is there anyone that knows why
SAMBA checks for the name of the service with
when a connection to a share is initiated?"
getpwnam() calls, which look up a Unix user's password
entry, were generating NIS traffic and slowing things down.
The answer turns out to be Samba's support for a share named
[homes]" which is automatically expanded to every user's
home directory. More than one person mentioned this, but Mattias
"But the implementation does a
lookup in the "local password file" even if there is a separate section
for the share. It will also try to lookup IPC$ which if I understands
it is a quite special share that do not need a directory."
Richard Sharpe thought this was a bug.
find_service checks to see if the service
name is a regular service, and if not, then calls
get_home_dir passing the service name.
get_home_dir treats the service name as a user, and tries
to find such a user. If the home dir is found,
find_service then checks to see if a
share exists and uses the params specified there as defaults. This is
CONTRARY to what the man pages say, which suggest that
get_home_dir would only be called if the
[homes] share exists. Perhaps we should fix the code
Yes, you are right about this, this isn't done as the documented. It would be fixed if the line:
if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0)
was moved before the call to get_home_dir.
"the problems I get is
not related to this, as the service is found. This
find_service will not call
get_home_dir(service) in my case. My problem is the call
add_session_user for services and for clients! Could
someone please tell me what a "session user" is and why it should be
A proper explanation would entail a discussion of the
whole NetBIOS session concept, and nobody gave it.
5. Samba 2.0.7 Coming Soon
28 Jan 2000 (1 post) Archive Link: "Samba pre-2.0.7 snapshot available."
People: Jeremy Allison,
Jeremy Allison, who has been working hard lately to get the
SAMBA_2_0 branch into shape for a new release, announced:
I have made a tarball snapshot of Samba pre-2.0.7 available at :
The WHATSNEW.txt file is not yet updated with the list of bugfixes, although the man pages should be up to date with the new options.
I'm making this pre1 snapshot available so people can test that this release builds correctly on their systems and can get some feedback about the bugs we have left to fix before shipping "official" 2.0.7.
If people could download it and test it on (non-production:-) servers I'd be grateful ! Remember this is the "stable" release branch so it doesn't contain any of Luke's NT Domain controller code, but it should be a damn stable fileserver (or I want to hear about it :-).
In other posts, he has mentioned being on the road for the next week or two, doing talks at conferences. "Once I get back, depending on what bugs people have found, we'll either do an official 2.0.7, or a second pre-2.0.7."
6. Databases Versus Text Files
27 Jan 2000 - 28 Jan 2000 (27 posts) Archive Link: "[samba-tng] spoolss conversion and others"
People: Luke Leighton, Elrond, Tim Cole, Greg Leblanc, Aaron Brooks, Peter Svensson, , Nicolas Williams
This thread started out with Luke Leighton giving a status report on
his API conversion of the
spoolss code (the whole
conversion project will be covered in a future edition). He was almost
spoolss and happened to mention in passing:
"then i will get on with designing and
srv_samrd_tdb.c. that's going to be
fun, i get a chance to cut out all that trash in
groupdb/*.c, hooray, at last i
hear you all say."
One implication of Luke's proposed change was subtle, but Elrond
"I hope, there will be some nice tools to
modify the database by hand. (I'm one of those admins, who like his
editor for doing many things.) Berkeley DB for example has a
dump-tool, so one can dump the db out, modify it and convert it back to
a DB. I don't know, whether tdbtool has this. (Should realy check
tdb doesn't, as it happens.
Luke pointed out that
rpcclient was a good low-level
tool for modifying the database, but to Elrond that wasn't good enough:
"Well, I like to do funny things, like comment out
users, and create temporary new lines for them and other stuff... Or
grabbing crypted pws from nt-boxes and writing them directly into
smbpasswd. Yes, I know, one shouldn't do this, but hey, in 99% of the
cases, I know, what I do. ;)"
Luke was properly horrified at
Elrond thinking like an old-time Unix admin, so Elrond continued:
"*grin* You never saw sysadmins adding users by
editing /etc/passwd directly? Well... I'm one of these. ;)"
Cole put in:
"As am I. I even remember to use
vipw(8) sometimes. :)"
Greg Leblanc added, in evident surprise,
"Wait just a minute, are you saying that
there's another way to add users?"
But, of all these, Aaron Brooks seemed to have the truly twisted
:r! perl -e'print crypt("password","/.");'
works pretty well for adding the crypt entry in VIM. Who needs anything
else? ;) (either that or doing 3DES in one's head can also do the
He continued, in a saner light,
"If you need a program (the code in particular) to read the SAM
or any hive file for that matter I have a project that I have been
sitting on for about 6 months which reads raw hive files and can dump
any info you'd want. It is currently wired to dump out to a REGEDIT4
format. Let me know if this is good or helpful or useful."
Luke was not sure if it would in fact be useful, but then reconsidered: "it takes registry hives? do you have writing-side code as well? have you seen nico's "dosreg" code? does it do security descriptors as well? if so, your code could be used to write a registry implementation. one thing i really, really, really want to be able to do is to be able to shut down an nt PDC, take the *original* registry files, move them to a samba server and just GO. and noone notices the difference." He and Aaron discussed all this a bit.
But we were speaking of the fact that many Unix administrators (and
users) really enjoy being able to edit their configuration files
without going through specialized tools like NT's
REGEDIT.EXE. Peter Svensson is one of these:
"Isn't that why we use samba instead of NT? :-)
(Actually, for us it sort of is the reason - we grew tired of
mysterious databases that weren't vi-able)"
"oh. *deflate*. of course. hmm, what am i
goung to do, then?"
Peter gave the obvious solution:
"I think all that is needed (provided you want/need
the database solution) is some way to dump/load the database in some
But one problem with this is that you need to
be able to lock the database against changes made by Samba while you
are editing the derivative file, and unlock it again after you have
committed your changes. Not only could this get complicated, said
"by "locking" you will stop EVERYONE
from being able to log in, access new shares etc. it's a bit like
shutting off the pdc! but if you're happy to have that (netlogond
paused; samrd paused; lsarpcd paused) and the consequences (during idle
time), then yes, i'd say it's possible."
Variations on these ideas were batted about for awhile. Nicolas
Williams suggested adding transaction support to Samba's
tdb so that transactions could be journalled against such
a time as the main database was unlocked again, but that solution
seemed to be much too complex for a "trivial database" which is after
tdb was designed to be. Nicolas also brought up
finer-grained locking through more individual
In the end, it was discovered that Samba didn't really need
write access to the database in question during a logon, so
Luke's fear of effectively shutting off the PDC during a manual
database editing session was perhaps premature.
The day after this whole thread started, Luke posted to a different
thread that the
spoolss code conversion was finished.
Only three or four major subsystems to go, it seems, not counting
debugging it all.
Sharon And Joy
Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.