Samba Traffic #28 For 13 Oct 2000

Editor: Zack Brown

By John Quirk  and  Zack Brown

Table Of Contents


Want to help write KC Samba? See the KC Authorship page (../author.html) the KC Samba homepage (index.html) , and the Thread Summary FAQ (../summaryfaq.html) . Send any questions to the KCDevel mailing list. (

Mailing List Stats For This Week

We looked at 595 posts in 2272K.

There were 184 different contributors. 88 posted more than once. 37 posted last week too.

The top posters of the week were:

1. Which Tree Is Which?

1 Oct 2000 - 3 Oct 2000 (5 posts) Subject: "Samba CVS Tags"

Summary By Zack Brown

People: Josh DurhamAnders ThorsenGerald Carter

Josh Durham asked for a quick rundown on the meaning of the CVS tags for checking out Samba. He said, "For example, I think HEAD is going to be the future 2.2 source, but I'm not quite sure. Something in between the current release and TNG." Gerald Carter gave a link to the Samba CVA Page ( , and explained that he'd updated the "Available Branches" outline toward the bottom of the page. Anders Thorsen suggested changing Samba TNG's description to reflect the fact that no work was being done on it, and Gerald agreed, and said he'd do that.

2. The Next Version Of Samba

2 Oct 2000 - 4 Oct 2000 (6 posts) Subject: "Next version of Samba ?"

Summary By Zack Brown

People: Mike BrodbeltJohn QuirkDavid BannonJean Francois MicouleauUlf Bertilsson

Ulf Bertilsson asked if the next version of Samba would be 2.0.8, 2.2, or TNG. Jean Francois Micouleau replied that it would be 2.2.0. Mike Brodbelt confirmed that, and added, "TNG development has now effectively ceased, with the departure of Luke, and there will be no 2.0.8 release, as I understand." Ulf asked about various features, and whether 2.2.0 would be much different from 2.0.7; someone gave a link to the Samba Resources page ( and John Quirk also gave a link to another Samba page ( and added, "Ulf have a look at these unofficial web pages by David Bannon they answer many of your questions."

3. Config File For Access Restrictions

5 Oct 2000 - 6 Oct 2000 (7 posts) Subject: "Samba suggestion. (.smbaccess)"

Summary By Zack Brown

People: Ries van TwiskUlf BertilssonGerald CarterDavid Lee

Ries van Twisk suggested, "would it be nice if a user could create a '.smbaccess' file just like apache does. I understand that this would create some overhead reading and processing this file but this would extend the flexibility of samba a great deal." Ulf Bertilsson replied, "You can configure "access list" in your smb.conf. Use SWAT, and have a closer look at the docs. Useing your filesystem to set rights is also an option." Ries replied that he'd been doing those things already for years and found them to work great, but he argued that '.smbaccess' would allow "access restrictions on a 'per directory base' or even change locking semantics on a per directory base. I do understand maintaining this files might be a problems so one must be a bit conservative using these files but it would extend the flexibility of samba a lot." Gerald Carter did not disagree, though he did say:

Probably not enogh payoff for the work. Also would be a lot of overhead. And since the same stuff can be done right now using filesystem permissions.....

Of course, this doesn't stop anyone from playing with the idea, I just don't think it will make its way into the HEAD source branch.

Elsewhere, David Lee also replied to Ries' initial suggestion, saying historically:

As of 2.0.7 there is a feature called "inherit permissions" which might help. See the smb.conf(5) man page in 2.0.7 .

This is its history:

About 18 months ago, we started using Samba in earnest. In our preparations before that, one of the limitations I very quickly came across was the inability to do "per-directory" configuration, such as within a user's home directory.

I toyed with the idea of implementing a scheme such as you suggest: a ".smb<something>" file to override the share characteristics. But I realised that it would be a significant project (not huge, but not trivial).

I also realised that there would be ambiguities involving symlinks: if a symlink went across several directories, what would happen? Would the ".files" be applied (i.e. modifying the "share" characteristics) by following the symlink directly or by following through the real path?

But I then realised:

  1. most of our users were unsophisticated, and wouldn't explicitly need this (although we, as their service providers had a particular application on their behalf that would need one feature);
  2. for the small, aware, remainder, a much simpler scheme would suffice, which would meet 95% of their needs (and their awareness would enable them to cope with most of the remaining 5%).

Further, our use in [1], and most of the use in [2] were the same.

So we invented "inherit permissions", which creates all new files and subdirectories with permissions inherited from the immediate parent. Very non-UNIX, but very like the way our users think: "this thing (relatively high-level directory) is a private/group/public project".

So take a look at 2.0.7's "inherit permissions". Hope it helps.

4. Samba PDC targets defined

3 Oct 2000 - 9 Oct 2000 (34 posts) Archive Link: "PDC acceptance criteria"

Summary By John Quirk

People: Gerald CarterUlf BertilssonKevin Colby

Not content with his todo list from Issue #27, Section #7  (28 Sep 2000: Jerry's ToDo list) Gerald Carter posted the following

In order to get a Samba PDC out of the door, we need to define some goals and expectations. By doing this, I think it will help new volunteers grab on. Hopefully we can break the goals down into swallowable chunks that nobody chokes on :-)

Q: What features must be present in Samba to release it as a Windows NT 4.0 PDC replacement?

The question focuses on features and services, not of implementations. Implementation has to do with what must be done to provide the service. That is another thread altogether.

What I am trying to pin down is things like

o Support for Domain logons by Windows NT 4.0 SP3+ clients

o Working support for User Manager and Server Manager

o Proper user and group mapping between NT users/groups and UNIX users/groups. This included enumeration functions

o PDC <-> BDC replication?

o Supports for initiating Trust relationships?

These may or may not all apply. I'm just starting the thread. Once we have an agreed upon list, we can then say "These things need to be done and once they are done, a PDC will ship."

Note that this does no good if people make it into a wish list. We need a working set of guidelines to know what needs to be done, what has been done, and what is yet to be completed.

This started a lively discussion of what was important and what wasn't in the midest of all this Kevin Colby post a list of items he felt where important. Gerald like Kevin's list and sugested the addition of PDC <-> BDC replication inline with the current discussion on the list. This generated more discusion and finally Gerald posted this:

Given the feedback from everyone, here is the feature implementation and release proposal I'm throwing out there.

See the updated Roadmap at (

also for more goodies.

This plan allows us to set given milestones for testing and release. This does not mean that features in release 2 are not important for a PDC. This is just a means or ordering the implementation so we can get a stable release out there as soon as the acceptance criteria is met.

Note that I've not included Exchange plugins here. I think I would consider that to be a separete project (beyond this scope).

Release 1:

* Domain logon support for Windows NT 4.0 SP3+ and Windows 2000 clients

* User and group enumeration by domain member services such as assigning users to NTFS ACLs and share permissions.

* Support for the full range of user profile settings such as valid logon hours, password expiration, profile location, home directory, etc...

Release 2:

* Participation in Windows NT 4.0 SAM replication protocols both as a Primary Domain Controller and as a Backup Domain Controller

Release 3:

* Ability to initiate and maintain Inter-Domain Trust Relationships in an existing Windows NT multi domain network.

This list was accepted by the list with the following from Ulf Bertilsson " I must say as Eric in South Park. "Kick ass!" =D " This seemed to sum up every one's feelings.

5. Gerald defines purpose of samba-ntdom

3 Oct 2000 - 4 Oct 2000 (3 posts) Archive Link: "PDC discussion and the purpose of samba-ntdom...."

Summary By John Quirk

People: Gerald CarterBuchan Milne

Gerald Carter posted to the lists

Just so everyone knows where we stand, I'm leaving samba-ntdom for the explicit purpose of testing, reporting, and administering Samba PDC abilities.

All technical discussions and design postings are going to be directed to samba-technical.

So if you want in on PDC development, get on samba-technical. if you just want news on alpha release, new functionality, and how to admin these test boxes, stick with samba-ntdom.

Of course, these are all unmoderated lists, so this is now a hard a fast rule. Just how I will direct people's questions, comments and discussions.

Make sense? Everyone ok with this?

Buchan Milne asked " So where should those of us running samba 2.0.x (hopefully 2.2.x soon) as a PDC post our domain-related questions ? We admin samba-nt-domains, but not on test boxes ? " To which Gerald replied " Good question. Hadn't thought about that one. Let's keep those on samba-ntdom as well. " On that the thread ended.

6. How to feed the samba Team?

5 Oct 2000 - 9 Oct 2000 (14 posts) Archive Link: "Pizza vouchers?"

Summary By John Quirk

People: Frank CarreiroGerald CarterJeremy AllisonSimo SorceSeth VidalAndrew TridgellJohn QuirkChris Hertel

Frank Carreiro though the the samba team may been get a bit hungry after fighting the the flame wars of the pervious weeks and said:

I'm impatient for the next release of samba myself... I'm having all sorts of issues with getting NT local/global groups to map against my UNIX groups. I'm hoping this next version will meet that need...

Other than that Samba has made my life A GREAT DEAL EASIER!!!

Where can I send pizza vouchers? I'd be happy to purchase and send several. I think the headaches samba has relieved DESERVES at least a few.

Gerald Carter thanked Frank and then replied with a technical answer to which Frank replied with tongue firmly planted in cheek:

I'm sorry I feel compelled to point out that you didn't respond to the most important part of this email.

Have the pizza voucher docs been updated? With most of y'all working for VA now does this mean we can send pizza to just one place.

If a pizza guy showed up at va's hq's (wherever in CA you are) with say 10-20 pizzas would there be a way to find the "samba area" in va. Or would the pizzas be "confiscated" by one of the other groups.

I am really quite disappointed in this attitude - if you can't help your supporters and users with simple questions then I'm afraid you'll get no pizza from me. :)

Gerald replied " Hmmm....We better be careful or else those pizzas might fall in the wrong hands....." and on his attitude " oh..cough, cough,...sorry...cough, cough.... :-)" he went on to provide geographic locations for some of the team members

He then went on "Jeremy said he doesn't like pizza ;) Honest! I just asked him! He likes steak :-) (You can send me his pizza vouchers) :-) :-)"

Jermery replied " Nice try Gerald :-). I don't like pizza in *England* (once you move to california, you can never eat UK pizza again :-) :-). Just for the record - I *do* like pizza :-) :-)." Gerald replied " Doh! and I was so close! :-) " This started a discussion on which pizza's were the best. Simo Sorce stated " Oh men, American Pizza's are nothing compared to the original Italian Pizza's (R) I would send you some but my fax would not be happy :P " Finally Seth Vidal said "what has still not been answered is what method is best for sending pizza. "

(ed. [John Quirk] And it is still a mystery I had a quick look at the web site and can't find how to do it. I am also surprised on Andrew Tridgell lack response on the merits of Aussie Pizza)

7. Resuscitating Samba-TNG

6 Oct 2000 - 9 Oct 2000 (12 posts) Subject: "TNG back from the dead [if we get some decent doctors...]"

Summary By Zack Brown

People: Sander Striker

Sander Striker proposed:

As you all (might) know, TNG is on the floor bleeding to death. Within time all there will be left is a dried out corpse with internal organs cloned and transplanted.

I for one don't want TNG to vanish and with a little help from you (the fine doctors :-)) we can pull it off. We are starting TNG as a subproject of an open source DCE/RPC library/ toolkit. This may sound weird, but TNG is ideal for this because a great part of RPC code is in place in TNG and can all be replaced to use the library in time. This means great cleanup (= more stability) and easier intregration of extra services (Exchange comes to mind). This also makes it easier for external parties to write services.

Our main aims for TNG:

Anyhow, the first goal is keeping TNG alive and kicking and therefor we need your help. We are in search of:



Coders and non-coders combined:

Do you think you can do one of these jobs? You can make a difference.

Several folks liked this idea, and Jon Doyle asked if they'd host the new tree on SourceForge ( , but someone replied that there had been some authors from various folks, though it wasn't known yet which of them wanted public acknowledgement.

8. Samba 2.2.0 Alpha Released

6 Oct 2000 - 10 Oct 2000 (8 posts) Archive Link: "Samba 2.2.0alpha0 snapshot released"

Summary By John Quirk

People: Jeremy AllisonDavid Lee

Jeremy Allison announced the following

I have just released the first alpha snapshot of what will become Samba 2.2.0. It's available from the usual ftp sites, in the alpha directory as :

[ftp mirror]:/pub/samba/alpha/samba-2.2.0-alpha0.tar.gz (

If people could test this snapshot out and provide feedback about what is broken (probably lots at the moment :-) and let the lists know that would help.

The Team will be monitoring the feedback and this will help for the next alpha.

Please note that the documentation is not currently up to date, and the POSIX ACL mapping feature is currently missing, but most of the other improvements are all there, and this code has been running under memory overrun/leak detectors for weeks now without problems.

Having said that - *please* don't use this on a production system :-) :-).

He also posted the release notes for this Alpha0 release. See ( for the complete post.

David Lee thanked Jeremy, but noted that the utmp-handling seemed to be from a pre 2.07 version. He supplied a patch to fix some basic issues but asked for help on how to update the code in "smbd/connection.c" with the new internal Database format, 'tdb', now in use.







Sharon And Joy

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.