samba-tng-alpha-2.2.tar.gz

Panagiotis Malakoudis pmal at space.gr
Mon Apr 10 07:05:38 GMT 2000


Is it just me this version boosts the login procedure speed. I've never seen
a login so fast. I guess this is mainly why most of us are using TNG. To get
rid of you-know-what.
Grear job Luke.

I just cannot figure out what are the steps to create an inter-domain trust
relationship. Are there any docus?

----- Original Message -----
From: Luke Kenneth Casson Leighton <lkcl at samba.org>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
Sent: Monday, April 10, 2000 5:56 AM
Subject: samba-tng-alpha-2.2.tar.gz


> update:
>
> - fixed smbd for win95-style profile-locating (it now works, thank you to
> everyone who sent in log files to get this fixed)
>
> - various modes tested and confirmed as working:
>
>   * ROLE_STANDALONE
>     security = user
>     encrypt passwords = yes
>     domain master = no
>     domain logons = no
>
>   * ROLE_DOMAIN_PDC
>     security = user
>     encrypt passwords = yes
>     domain master = yes
>     domain logons = yes
>
>   * ROLE_DOMAIN_MEMBER
>     security = domain
>     password server = PDC [BDC1 BDC2...]
>     encrypt passwords = yes
>     domain master = no
>     domain logons = no
>
> - modes NOT tested recently:
>
>   * ROLE_DOMAIN_BDC
>     security = user
>     password server = PDC
>     encrypt passwords = yes
>     domain master = no
>     domain logons = yes
>
> - a reminder that in this version of TNG, smbd, spoolssd and nmbd are now
> up-to-date from cvs main.  oh, and they work.  we _have_ had one report of
> a coredump from smbd for an oplock issue [REALLY important to track this
> down, people!]
>
> - i am also impressed (even though i wrote it) that pam_ntdom actually
> works.  just for fun, i added an account named DOMAIN\administrator to
> /etc/passwd yesterday, and was stunned to find that it actually worked.
> i typed in DOMAIN\administrator, and password of test, and got a login
> prompt.  in combination with winbindd, this is going to be great.  it's
> _such_ a pity that not many more OSes support PAM, oh well.
>
>
> anyway, here follows a copy of the WHATSNEW.txt file, which i thought
> you'd appreciate.
>
> all the best,
>
> luke (samba team)
>
>
>           WHATS NEW IN Samba (The Next Generation) 2.2
>           ============================================
>
> This is an ALPHA release of Samba TNG, the UNIX based SMB/CIFS file,
> print and login server for Windows systems.
>
> This release is to enlist the help of people who are unable to use
> cvs (http://samba.org/cvs.html) in a major development project to
> integrate Samba into a Windows NT (tm) Domain environment - the
> NT Domains for Unix project.
>
> If you are running Windows 9x and do not forsee the need for or
> need to use any Windows NT Workstations on your network in the near
> future, you will not need Samba TNG or any of its functionality,
> and your assistance is not being solicited in the development of
> this project.
>
> [lkcl: There is, however, a large enough Windows 9x user-base
> to warrant ensuring that Samba TNG remains compatible, it's just that
> personally i will not touch it with a ten foot barge pole (I got
> as far as setting up a vmware session called win98, and it's still
> empty).  This is a personal view, not held by any other Samba
> Team members who are cracking the whip in my direction, and I
> keep getting into trouble over this.  I apologise sincerely and
> wholeheartedly to all Windows 9x users for any offense and
> inconvenience I may have caused to anyone using this stupid OS.]
>
>
> Major changes in Samba TNG
> --------------------------
>
> There are many major changes in Samba TNG.  Here are some of them:
>
>
> 1). Windows NT (tm) Primary Domain Controller compatibility
> -----------------------------------------------------------
>
> Samba TNG can act as a Primary Domain Controller to Windows NT 3.5,
> 4.0 and 5.0 (in 4.0 backwards-compatible mode) Workstations.  Backup
> Domain Controller and Inter-Domain Trust Relationships are at an
> early, but functional and very hands-on, stage.
>
> 2). Support for Windows NT (tm) Administrative tools
> ----------------------------------------------------
>
> Significant in-roads have been made into providing support for at least
> the following Windows NT (tm) tools and services:
>
> - User Manager for Domains
> - Server Manager for Domains
> - Event Log
> - Service Control Manager
> - Registry Editor
> - Command Scheduler
> - NT-style Printing
>
> A command-line tool named rpcclient, with a command-syntax similar to
> smbclient, has over sixty five commands that provide equivalent
> functionality for the same Windows NT (tm) Administrative tools,
> including the ability to remotely shut down a Windows NT (tm) Server.
>
> rpcclient has now been joined by net, samedit, regedit, ntspool,
> eventlog, lsa, cmdat and svccontrol.  If anyone can think of better
> names for these, suggestions are welcomed.
>
> 3). Portability
> ---------------
>
> Samba is now self-configuring using GNU autoconf and libtool, removing
> the need for people installing Samba to have to hand-configured
> Makefiles, as was needed in previous versions.
>
> You now configure Samba by running "./configure" then "make".  See
> docs/textdocs/UNIX_INSTALL.txt for details.
>
> The use of libtool dramatically reduces the size of samba binaries.
> As we are using libtool in a slightly different way from usual,
> you may encounter run-time or compilation errors, so please report
> them to us.
>
> 4). New SAM Database Daemons
> ----------------------------
>
> The SAM database daemon, samrd, is being considered "legacy", and
> the aim is to replace it.  To this end, some new SAM database
> daemons are being developed - samrtdbd and samrnt5ldapd.
> They will need to be run with their counterparts, netlogontdbd or
> netlogonnt5ldapd.  None of these are built as part of the standard
> make, they have to be explicitly built because they are in
> development: samrd and lsarpcd are compiled by default.
>
> 5). pam_ntdom and winbindd
> --------------------------
>
> The Windows Bind Daemon and the Plugin Authentication Module for NT
> Domains are now part of the Samba TNG Development effort.
>
> winbindd presents, when installed using nsswitch, a unix-like view
> of a Windows NT Domain environment, allowing Unix applications and
> the Unix Operating system to enumerate NT users, groups and aliases
> as Unix users and groups.
>
> pam_ntdom, when installed as part of a PAM-enabled Unix Authentication
> system, allows Unix users to be authenticated against a Windows NT
> Domain environment.
>
> @begin marketing-speak
> " The powerful combination of winbindd and pam_ntdom allows Unix
>   to be integrated seamlessly into Windows NT Domain environments,
>   which moves us closer to the Holy Grail of 'Single Sign-on'. "
> @end marketing-speak
>
>
> =====================================================================
>
> NOTE - Some important information
> ---------------------------------
>
> Samba TNG up to alpha-0.3 required that the samba server be joined.
> to its own Domain.  This requirement has been removed.
>
> It is important that you read the source/README file for
> instructions, and it is recommended that you join samba-ntdom at samba.org
> for update information and status reports.  For details, please see:
>
> http://samba.org/listproc/samba-ntdom
>
> =====================================================================
>
> NOTE - Primary Domain Controller Functionality
> ----------------------------------------------
>
> This version of Samba contains code that correctly implements
> the undocumented Primary Domain Controller authentication
> protocols.  However, there is much more to being a Primary
> Domain Controller than serving Windows NT logon requests.
>
> A useful version of a Primary Domain Controller contains
> many remote procedure calls to do things like enumerate users,
> groups, and security information, 98% of which Samba TNG currently
> implements.
>
> This work is being done in the CVS (developer) versions of Samba,
> development of which continues at a fast pace.  If you are
> interested in participating in or helping with this development
> please join the Samba-NTDOM mailing list.  Details on joining
> are available at :
>
> http://samba.org/listproc/
>
> Details on obtaining CVS (developer) versions of Samba
> are available at:
>
> http://samba.org/cvs.html
>
> For this version, use a tag of SAMBA_TNG
>
>
> =====================================================================
>
> NOTE - Known Bugs
> -----------------
>
> It is *not* recommended that this version of Samba be run in a
> production environment, for at least the following reasons:
>
> 1) The new MSRPC architecture forks() one MSRPC daemon per incoming
> service request.  The msrpc daemon stays around for as long as
> the remote server maintains a connection to it.  An investigation
> is underway to attempt to minimise the number of outstanding
> connections, because a *single* NT user logon can result in up to
> 5 or 6 msrpc daemons waiting around, doing nothing but take up
> process table space.
>
> Connection reuse has now been added and debugged: the number of
> incoming connections is reduced but still fairly large.
>
>
> =====================================================================
>
> If you have problems, or think you have found a bug please email
> a full, detailed report to:
>
>         samba-technical at samba.org
>
> As always, all bugs are our responsibility.
>
> Regards,
>
>         The Samba Team.
>



More information about the samba-ntdom mailing list