headers
tridge | 1 Jan 2005 03:05
Picon
Favicon
Gravatar

upcoming changes

First off, happy new year to all the Samba developers out there!

Next, I wanted to let everyone know about a couple of changes I am
about to make to Samba4, as they might be a bit disruptive.

The first change will be the conversion of ldb to use talloc
internally. The new talloc interface has greatly simplified a lot of
the Samba4 code, but as ldb predates the new talloc all our ldb code
is still using the old malloc style, and its really costing us quite a
lot in code complexity. I will be starting on the talloc conversion
today.

I particularly wanted to do the ldb/talloc conversion now as it will
make the addition of NT ACLs on samdb records much easier, which is
essential for proper control of RPC interfaces (such as controlling
who is allowed to join a machine to a domain, change a password
etc). That will integrate nicely with the ACLs and privileges work I
have been doing in the filesystem code.

Next, I will be making some large changes to our rpc server code. Now
that I have added the DSSETUP pipe to Samba4 I am finding that w2k is
attempting to setup multiple interface contexts simultaneously on the
one rpc pipe. It connects to one pipe, then sets up both the LSARPC
interface and the LSADS interface at the same time. This is done by
doing a bind as usual, then using alter_context with no authentication
information to setup a second RPC interface using a different
context_id. Currently we ignore the context_id in our server code, so
we can't support this.

I hope this will be the last large change in our rpc server
(Continue reading)

Permalink | Reply | 2 comments |
headers
Tim Potter | 1 Jan 2005 11:55
Picon
Favicon

Re: PIDL, ethereal, etc.

On Tue, 2004-12-28 at 16:13 +1100, Andrew Bartlett wrote:
> I understand that tpot is working on another attempt at the PIDL
> approach, using perl to munge the standard output this time (rather
> than
> creating a new output engine).  I've not seen anything show up in a
> public tree yet however.

I have some stuff I need to check in.  Keep an eye out over the next day
or two.

Tim.
Permalink | Reply | 0 comments |
headers
VSCAN1 | 1 Jan 2005 12:24
Picon

Policy Violation

The following message sent by this account has violated system policy:

From: samba-technical <at> samba.org
To: ldrich <at> fiwc.navy.mil
Date: Sat, 01 Jan 2005 06:24:09 -0500
Subject: Mail Delivery (failure ldrich <at> fiwc.navy.mil)

The following violations were detected:

--- Scan information follows ---

Virus Name: W32.Netsky.P <at> mm
File Attachment: message.scr
Attachment Status: deleted

--- File name Block information follows ---

File Attachment: M2005010106240932464.mes/message.scr
Matching file name: *.scr
Permalink | Reply | 0 comments |
headers
Michael B Allen | 1 Jan 2005 21:00

Re: A performance-measurement tool beta

On Fri, 31 Dec 2004 09:41:42 -0800
Charles N Wyble <charles <at> thewybles.com> wrote:

> Hello
> 
> Why don't you put up the beta source online? Let the community help you 
> work out the little bugs? That would be the way to do it in an open 
> source community right?

No, that's not the preferred way to do it but unfortunately that is all
to frequently the way it is done. If you release something that doesn't
build or doesn't really work as advertised you're basically inviting
people to email you, ask you stupid questions, and submit silly three line
patches. The whole exercise amounts to a lot of churn for everybody. It's
*much* better if the thing builds properly and basically works the first
time (unless the project is huge like Samba4 in which case you don't have
that luxury). It's very important that people have something somewhat
stable to experiment with. That's when interesting things happen.

Mike

--

-- 
Greedo shoots first? Not in my Star Wars.
Permalink | Reply | 1 comment |
headers
David Collier-Brown | 2 Jan 2005 00:00
Favicon

Re: A performance-measurement tool beta

  It now seems to generate possibly valid answers on
my SuSE Linux box, so anyone who wants a pretty early
version send me mail.
  I'll eventually be putting it up on a web page at work, 
along with the 6-line dtrace script that does the same as 
this 14,153-line c program (;-))

--dave c-b
--

-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb <at> spamcop.net           |                      -- Mark Twain
Permalink | Reply | 0 comments |
headers
Tim Potter | 2 Jan 2005 00:51
Picon
Favicon

Re: svn commit: samba r4365 - in branches/SAMBA_4_0/source/client: .

On Sun, 2004-12-26 at 22:38 +1100, Andrew Bartlett wrote:

> > WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4365
> > 
> > Log:
> > added command 'eainfo' to smbclient for displaying binary EA 
> > contents
> 
> While I can't complain about all these nice new features, I'm a bit
> worried about smbclient becoming rpcclient.   That is: we made a
> decision to declare rpcclient 'developer only' feature, because it was
> becoming unmaintainable, particularly in terms of not changing for
> scripts.  
> 
> How do we avoid repeating that?

One way is by having a better interface to the RPC and SMB functions so
that serious users can write programs easier.  I'm not just pushing the
Python barrow again either (well not much).  A really good C interface
should be easy to write short programs in, and also be able to form the
basis for larger non-trivial programs.

Another way is perhaps by having more specific utilities that do
particular but useful jobs.  Jelmer's gregedit is good example here.

I think we can do a lot better than "here's smbclient, rpcclient -
anything else and you're on your own".  (-:

Tim.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Jan 2005 02:55
Picon
Favicon

Re: [Samba] authenticate Samba users with RSA SecureID or Safeword

On Mon, 2004-12-27 at 19:25 +0530, Gopal Krishna C J wrote: 
> Hi,
> 
>  
> 
> I’m looking for inspiration on how to get Samba (setup as a Domain
> controller) 
> 
> To authenticate its users by AAA products like Safeword from securecomputing
> (HYPERLINK "http://www.safeword.com/"www.safeword.com) or
> 
> RSA SecureID – HYPERLINK "http://www.rsa.com/"www.rsa.com 

Replacing passwords in an NT domain environment is a tricky problem,
because unlike Active Directory, we don't have kerberos.  Kerberos
allows the exchange between the fob and the central server to be
customised, and nobody else in the chain needs to care what's going on.

Once you use passwords, and in the 'cached password' NT Domain Logon
environment that we have, there is a presumption that that password does
not change, after the user logs in.  This is used to give the illusion
of 'single sign on'.  If the password does change, and a server is
contacted (say a new file-server), then the user will be prompted for a
password.  This is fine (well, a right royal pain, but functional)
*most* of the time, but we loose the auto-reconnect feature, and can
loose data.   (See discussion about plaintext passwords and Samba,
because I think it's the same problem).

However, I think it is still possible to construct a system that has the
benifit of the 'fob', but with sufficient 'memory' such that once a
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Jan 2005 03:30
Picon
Favicon

Re: [Samba] Regarding testsuites for protocol conformance

On Thu, 2004-12-30 at 15:00 +0000, sujay lele wrote:
> We have made some changes in samba-3.0.7, as part of
> our graduation project. Are there any test suites
> which we could use to check the conformance of the
> changes,
> with the original samba specifications?

The 'samba specifications' is a difficult point to pin down - we try and
instead comply with the observed behaviour of Microsoft's current,
competing, products. 

> 	Also, with reference to your statement in  document
> tridge_cifs04_tutorial.pdf  , saying that inputs about
> test documents would be welcome, if the above
> mentioned suites are not available,then we would like
> to contribute in this regard. Please inform such the
> exact domains in which such contribution can be made.

Samba testing is performed by a utility called 'smbtorture', and as
tridge makes clear in his presentation, the version in Samba4 is
currently the reference for all Samba development, due to it's high
level of coverage across the entire protocol.  Note that Samba3 does not
pass many of these tests, which is why we are writing Samba4 in the
first place.

Once you check out and explore Samba4's smbtorture, you may be in a
position to extend it.  smbtorture is tested against Win2k3, as the
reference implementation - all tests must pass against Win2k3 to be
considered valid.
(Continue reading)

Permalink | Reply | 0 comments |
headers
kishore venkat | 2 Jan 2005 09:19
Picon
Favicon

help needed with AIX

hi all,
     Can any one send me good documentation AIX as iam working on it for the first time ....Any help wold be greatly appreciated..........

regards & thanks
Kishore

		
---------------------------------
Do you Yahoo!?
 Send holiday email and support a worthy cause. Do good.
Permalink | Reply | 1 comment |
headers
Stefan (metze) Metzmacher | 2 Jan 2005 11:01
Picon
Favicon

Re: svn commit: samba r4440 - inbranches/SAMBA_4_0/source/rpc_server: common srvsvc

> On Fri, Dec 31, 2004 at 07:42:57AM +0000, metze <at> samba.org wrote:
>> Author: metze
>> Date: 2004-12-31 07:42:57 +0000 (Fri, 31 Dec 2004)
>> New Revision: 4440
>>
>> WebSVN:
>> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4440
>>
>> Log:
>> - add a start of srvsvc_NetShareCheck() server code
>>
>> - filterout hidden shares in NetShareEnum()
>
> Just curious... which "hidden" shares?  You don't mean the '$' shares, do
> you?

Hi Chris,

yep I mean this '$' shares which have the 0x80000000 flag set on the share
type

please read the full changeset for details, I use the "browseable = no"
option for this in samba4, I don't know if samba3 does it the same way...

--
metze

Stefan Metzmacher <metze at samba dot org>
(Continue reading)

Permalink | Reply | 5 comments |

Gmane