Samba Traffic #10 For 2 Feb 2000

By Peter Samuelson

Table Of Contents


This week, although list traffic was at a healthy level, several of the more important threads seem to be ongoing, so there just isn't as much to report as usual. Luke Leighton's Code Reorganization Project Of The Week (he really does seem to have that many of them) is to rewrite Samba's whole server-side RPC API, with the goal of matching Microsoft's own API (which they document in MSDN, the Microsoft Developer Network) as closely as possible. He has enlisted the help of quite a few people, splitting up the various RPC subsystems between them, and much of the hard work is done now. Meanwhile, though, the SAMBA_TNG branch may well be unusable for the near future, while bugs are worked out.

On a completely different front, we have mentioned in the recent past that Jeremy Allison has been polishing up the 2.0.x code for another release. This week he officially released an alpha of 2.0.7, so the real thing may follow soon. Note that several minor problems with the prerelease have been reported so far (only some of which are new; others are left over from previous Samba releases), so wise administrators may wish to keep it off the important servers for awhile.

Mailing List Stats For This Week

We looked at 923 posts in 1536K.

There were 230 different contributors. 80 posted more than once. 53 posted last week too.

The top posters of the week were:

1. Snapshot of Samba-TNG Available

22 Jan 2000 (1 post) Archive Link: "SAMBA TNG - Alpha release"

People: Luke Leighton

Luke Leighton announced on samba-technical:

for the benefit of those people who are unable to use cvs, i have created an alpha release of SAMBA_TNG:

please read the WHATSNEW.txt and the source/README before proceeding.

This release happened before Luke shook the branch up with the RPC API conversions, so it is definitely somewhat out of date by now, but probably more usable than the latest CVS.

2. Wanted: Universal Domain Controller

25 Jan 2000 - 26 Jan 2000 (4 posts) Archive Link: "login server for *any* domain"

People: Daniel StenbergLuke Leighton

Daniel Stenberg wanted a rather strange bit of functionality. He posted thus to samba-technical: "We want our samba machine to work as a login-server for all possible domain names (eventually also with a specified list of exceptions). This could probably be made if the master browser gets the capability to keep a default login-server for unknown domains. This also forces the login-server to be able to respond to an "any-domain" request. We want all users with any password that login with whatever domain to be acknowledged and approved to "login". This is probably as easy as to not make any real password check in the login-server." In other words, he doesn't care so much for actually authenticating known computers, but wants each workstation to think it is in the domain it wants to be in. (One wonders why he doesn't just settle for workgroups ... but nobody asked.)

Luke Leighton pointed Daniel to a bit of old experimental code, He explained, "examine the design restructuring in nmbd. that version of samba was capable of being a domain master browser for any domains you told it to be. if you want that functionaliity, i suggest that you attempt to recreate it in samba cvs main (3.0)."

In another post, Luke continued, "it'd be really good if you could do this, it would save a lot of trouble. there are, however, some design issues that need to be carefully dragged up from over three years ago and dusted up. they'll be in the samba archives...."

3. Newsflash! TNG Code Not Stable

25 Jan 2000 - 27 Jan 2000 (5 posts) Archive Link: "Latest support for PDC, BDC, trusted relationships"

People: Pedro Luis Paniagua MorenoLars KneschkeLuke Leighton

Pedro Luis Paniagua Moreno had a rather common question on samba-ntdom. He wanted information on a stable version of Samba that could serve as a BDC on a domain with no real user accounts. His guess: "I thing TNG should do it, but i'm confused as how to get it."

Lars Kneschke confirmed: "This should work with the current samba tng from the cvs. But you need to create useraccounts at the linux bdc for every domainuser, if want to share some files on the linux bdc." He also gave the obligatory pointer to his Samba-TNG web page ( , which is possibly the best Samba-TNG resource out there right now.

Pedro Luis then asked, "Is this code (TNG) stable enough as to plan to install on a production Domain (about 35 users). Should I risk and try or better I wait till a production release (any date?)." Luke Leighton didn't have a release date, but his answer was one people would do well to heed: "neeh, give it a couple of weeks, at least. there are some big restructures going on, plus the passdb/*.c code is so horrible and unreliable i can't... nngh! i hate it, it's next on my hit-list."

4. Unnecessary User Lookups

28 Jan 2000 (7 posts) Archive Link: "Service-names and computer-names checked for in getpwnam"

People: Mattias GronlundRichard Sharpe

Mattias Gronlund wondered aloud on the samba-technical list: "Is there anyone that knows why SAMBA checks for the name of the service with getpwnam when a connection to a share is initiated?" The getpwnam() calls, which look up a Unix user's password entry, were generating NIS traffic and slowing things down.

The answer turns out to be Samba's support for a share named "[homes]" which is automatically expanded to every user's home directory. More than one person mentioned this, but Mattias responded: "But the implementation does a lookup in the "local password file" even if there is a separate section for the share. It will also try to lookup IPC$ which if I understands it is a quite special share that do not need a directory."

Richard Sharpe thought this was a bug. "Now, find_service checks to see if the service name is a regular service, and if not, then calls get_home_dir passing the service name. get_home_dir treats the service name as a user, and tries to find such a user. If the home dir is found, find_service then checks to see if a [homes] share exists and uses the params specified there as defaults. This is CONTRARY to what the man pages say, which suggest that get_home_dir would only be called if the [homes] share exists. Perhaps we should fix the code :-)"

Mattias answered,

Yes, you are right about this, this isn't done as the documented. It would be fixed if the line:

if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0)

was moved before the call to get_home_dir.

However, he continued, "the problems I get is not related to this, as the service is found. This means that find_service will not call get_home_dir(service) in my case. My problem is the call to add_session_user for services and for clients! Could someone please tell me what a "session user" is and why it should be needed?" A proper explanation would entail a discussion of the whole NetBIOS session concept, and nobody gave it.

5. Samba 2.0.7 Coming Soon

28 Jan 2000 (1 post) Archive Link: "Samba pre-2.0.7 snapshot available."

People: Jeremy Allison

Jeremy Allison, who has been working hard lately to get the SAMBA_2_0 branch into shape for a new release, announced:

I have made a tarball snapshot of Samba pre-2.0.7 available at :

The WHATSNEW.txt file is not yet updated with the list of bugfixes, although the man pages should be up to date with the new options.

I'm making this pre1 snapshot available so people can test that this release builds correctly on their systems and can get some feedback about the bugs we have left to fix before shipping "official" 2.0.7.

If people could download it and test it on (non-production:-) servers I'd be grateful ! Remember this is the "stable" release branch so it doesn't contain any of Luke's NT Domain controller code, but it should be a damn stable fileserver (or I want to hear about it :-).

In other posts, he has mentioned being on the road for the next week or two, doing talks at conferences. "Once I get back, depending on what bugs people have found, we'll either do an official 2.0.7, or a second pre-2.0.7."

6. Databases Versus Text Files

27 Jan 2000 - 28 Jan 2000 (27 posts) Archive Link: "[samba-tng] spoolss conversion and others"

People: Luke LeightonElrondTim ColeGreg LeblancAaron BrooksPeter SvenssonNicolas Williams

This thread started out with Luke Leighton giving a status report on his API conversion of the spoolss code (the whole conversion project will be covered in a future edition). He was almost done with spoolss and happened to mention in passing: "then i will get on with designing and writing a srv_samrd_tdb.c. that's going to be fun, i get a chance to cut out all that trash in passdb/*.c and groupdb/*.c, hooray, at last i hear you all say."

One implication of Luke's proposed change was subtle, but Elrond caught it: "I hope, there will be some nice tools to modify the database by hand. (I'm one of those admins, who like his editor for doing many things.) Berkeley DB for example has a dump-tool, so one can dump the db out, modify it and convert it back to a DB. I don't know, whether tdbtool has this. (Should realy check myself...)" tdb doesn't, as it happens.

Luke pointed out that rpcclient was a good low-level tool for modifying the database, but to Elrond that wasn't good enough: "Well, I like to do funny things, like comment out users, and create temporary new lines for them and other stuff... Or grabbing crypted pws from nt-boxes and writing them directly into smbpasswd. Yes, I know, one shouldn't do this, but hey, in 99% of the cases, I know, what I do. ;)" Luke was properly horrified at Elrond thinking like an old-time Unix admin, so Elrond continued: "*grin* You never saw sysadmins adding users by editing /etc/passwd directly? Well... I'm one of these. ;)" Tim Cole put in: "As am I. I even remember to use vipw(8) sometimes. :)" Greg Leblanc added, in evident surprise, "Wait just a minute, are you saying that there's another way to add users?"

But, of all these, Aaron Brooks seemed to have the truly twisted mind. " :r! perl -e'print crypt("password","/.");' works pretty well for adding the crypt entry in VIM. Who needs anything else? ;) (either that or doing 3DES in one's head can also do the trick.)" He continued, in a saner light, "If you need a program (the code in particular) to read the SAM or any hive file for that matter I have a project that I have been sitting on for about 6 months which reads raw hive files and can dump any info you'd want. It is currently wired to dump out to a REGEDIT4 format. Let me know if this is good or helpful or useful."

Luke was not sure if it would in fact be useful, but then reconsidered: "it takes registry hives? do you have writing-side code as well? have you seen nico's "dosreg" code? does it do security descriptors as well? if so, your code could be used to write a registry implementation. one thing i really, really, really want to be able to do is to be able to shut down an nt PDC, take the *original* registry files, move them to a samba server and just GO. and noone notices the difference." He and Aaron discussed all this a bit.

But we were speaking of the fact that many Unix administrators (and users) really enjoy being able to edit their configuration files without going through specialized tools like NT's REGEDIT.EXE. Peter Svensson is one of these: "Isn't that why we use samba instead of NT? :-) (Actually, for us it sort of is the reason - we grew tired of mysterious databases that weren't vi-able)" Luke responeded, "oh. *deflate*. of course. hmm, what am i goung to do, then?" Peter gave the obvious solution: "I think all that is needed (provided you want/need the database solution) is some way to dump/load the database in some resonable format." But one problem with this is that you need to be able to lock the database against changes made by Samba while you are editing the derivative file, and unlock it again after you have committed your changes. Not only could this get complicated, said Luke, "by "locking" you will stop EVERYONE from being able to log in, access new shares etc. it's a bit like shutting off the pdc! but if you're happy to have that (netlogond paused; samrd paused; lsarpcd paused) and the consequences (during idle time), then yes, i'd say it's possible."

Variations on these ideas were batted about for awhile. Nicolas Williams suggested adding transaction support to Samba's tdb so that transactions could be journalled against such a time as the main database was unlocked again, but that solution seemed to be much too complex for a "trivial database" which is after all what tdb was designed to be. Nicolas also brought up finer-grained locking through more individual tdb files. In the end, it was discovered that Samba didn't really need write access to the database in question during a logon, so Luke's fear of effectively shutting off the PDC during a manual database editing session was perhaps premature.

The day after this whole thread started, Luke posted to a different thread that the spoolss code conversion was finished. Only three or four major subsystems to go, it seems, not counting debugging it all.







Sharon And Joy

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.