samba-tng-alpha-2.2.tar.gz
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Apr 10 07:13:59 GMT 2000
On Mon, 10 Apr 2000, Panagiotis Malakoudis wrote:
> Is it just me this version boosts the login procedure speed. I've never seen
> a login so fast.
whoa, that's kinda cool. i wonder why it's so slow here... um, oh yes:
vmware and log level = 100, that'd do it :)
> I guess this is mainly why most of us are using TNG. To get
> rid of you-know-what.
be nice, i work _with_ you-know-what, not against you-know-what.
> Grear job Luke.
thx! thanks to everyone who keeps sending bug-reports, patches, log-files
and encouragement.
> I just cannot figure out what are the steps to create an inter-domain trust
> relationship. Are there any docus?
hmmm... you want to write them? :)
ok, you can try it out (i haven't for a while).
firstly, can your system cope with unix usernames (/etc/passwd) like this:
DOMAINNAME\username
(*tee hee* :)
guess what i'm up to :)
me and andrew have been talking, again...
>
> ----- Original Message -----
> From: Luke Kenneth Casson Leighton <lkcl at samba.org>
> To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> Sent: Monday, April 10, 2000 5:56 AM
> Subject: samba-tng-alpha-2.2.tar.gz
>
>
> > update:
> >
> > - fixed smbd for win95-style profile-locating (it now works, thank you to
> > everyone who sent in log files to get this fixed)
> >
> > - various modes tested and confirmed as working:
> >
> > * ROLE_STANDALONE
> > security = user
> > encrypt passwords = yes
> > domain master = no
> > domain logons = no
> >
> > * ROLE_DOMAIN_PDC
> > security = user
> > encrypt passwords = yes
> > domain master = yes
> > domain logons = yes
> >
> > * ROLE_DOMAIN_MEMBER
> > security = domain
> > password server = PDC [BDC1 BDC2...]
> > encrypt passwords = yes
> > domain master = no
> > domain logons = no
> >
> > - modes NOT tested recently:
> >
> > * ROLE_DOMAIN_BDC
> > security = user
> > password server = PDC
> > encrypt passwords = yes
> > domain master = no
> > domain logons = yes
> >
> > - a reminder that in this version of TNG, smbd, spoolssd and nmbd are now
> > up-to-date from cvs main. oh, and they work. we _have_ had one report of
> > a coredump from smbd for an oplock issue [REALLY important to track this
> > down, people!]
> >
> > - i am also impressed (even though i wrote it) that pam_ntdom actually
> > works. just for fun, i added an account named DOMAIN\administrator to
> > /etc/passwd yesterday, and was stunned to find that it actually worked.
> > i typed in DOMAIN\administrator, and password of test, and got a login
> > prompt. in combination with winbindd, this is going to be great. it's
> > _such_ a pity that not many more OSes support PAM, oh well.
> >
> >
> > anyway, here follows a copy of the WHATSNEW.txt file, which i thought
> > you'd appreciate.
> >
> > all the best,
> >
> > luke (samba team)
> >
> >
> > WHATS NEW IN Samba (The Next Generation) 2.2
> > ============================================
> >
> > This is an ALPHA release of Samba TNG, the UNIX based SMB/CIFS file,
> > print and login server for Windows systems.
> >
> > This release is to enlist the help of people who are unable to use
> > cvs (http://samba.org/cvs.html) in a major development project to
> > integrate Samba into a Windows NT (tm) Domain environment - the
> > NT Domains for Unix project.
> >
> > If you are running Windows 9x and do not forsee the need for or
> > need to use any Windows NT Workstations on your network in the near
> > future, you will not need Samba TNG or any of its functionality,
> > and your assistance is not being solicited in the development of
> > this project.
> >
> > [lkcl: There is, however, a large enough Windows 9x user-base
> > to warrant ensuring that Samba TNG remains compatible, it's just that
> > personally i will not touch it with a ten foot barge pole (I got
> > as far as setting up a vmware session called win98, and it's still
> > empty). This is a personal view, not held by any other Samba
> > Team members who are cracking the whip in my direction, and I
> > keep getting into trouble over this. I apologise sincerely and
> > wholeheartedly to all Windows 9x users for any offense and
> > inconvenience I may have caused to anyone using this stupid OS.]
> >
> >
> > Major changes in Samba TNG
> > --------------------------
> >
> > There are many major changes in Samba TNG. Here are some of them:
> >
> >
> > 1). Windows NT (tm) Primary Domain Controller compatibility
> > -----------------------------------------------------------
> >
> > Samba TNG can act as a Primary Domain Controller to Windows NT 3.5,
> > 4.0 and 5.0 (in 4.0 backwards-compatible mode) Workstations. Backup
> > Domain Controller and Inter-Domain Trust Relationships are at an
> > early, but functional and very hands-on, stage.
> >
> > 2). Support for Windows NT (tm) Administrative tools
> > ----------------------------------------------------
> >
> > Significant in-roads have been made into providing support for at least
> > the following Windows NT (tm) tools and services:
> >
> > - User Manager for Domains
> > - Server Manager for Domains
> > - Event Log
> > - Service Control Manager
> > - Registry Editor
> > - Command Scheduler
> > - NT-style Printing
> >
> > A command-line tool named rpcclient, with a command-syntax similar to
> > smbclient, has over sixty five commands that provide equivalent
> > functionality for the same Windows NT (tm) Administrative tools,
> > including the ability to remotely shut down a Windows NT (tm) Server.
> >
> > rpcclient has now been joined by net, samedit, regedit, ntspool,
> > eventlog, lsa, cmdat and svccontrol. If anyone can think of better
> > names for these, suggestions are welcomed.
> >
> > 3). Portability
> > ---------------
> >
> > Samba is now self-configuring using GNU autoconf and libtool, removing
> > the need for people installing Samba to have to hand-configured
> > Makefiles, as was needed in previous versions.
> >
> > You now configure Samba by running "./configure" then "make". See
> > docs/textdocs/UNIX_INSTALL.txt for details.
> >
> > The use of libtool dramatically reduces the size of samba binaries.
> > As we are using libtool in a slightly different way from usual,
> > you may encounter run-time or compilation errors, so please report
> > them to us.
> >
> > 4). New SAM Database Daemons
> > ----------------------------
> >
> > The SAM database daemon, samrd, is being considered "legacy", and
> > the aim is to replace it. To this end, some new SAM database
> > daemons are being developed - samrtdbd and samrnt5ldapd.
> > They will need to be run with their counterparts, netlogontdbd or
> > netlogonnt5ldapd. None of these are built as part of the standard
> > make, they have to be explicitly built because they are in
> > development: samrd and lsarpcd are compiled by default.
> >
> > 5). pam_ntdom and winbindd
> > --------------------------
> >
> > The Windows Bind Daemon and the Plugin Authentication Module for NT
> > Domains are now part of the Samba TNG Development effort.
> >
> > winbindd presents, when installed using nsswitch, a unix-like view
> > of a Windows NT Domain environment, allowing Unix applications and
> > the Unix Operating system to enumerate NT users, groups and aliases
> > as Unix users and groups.
> >
> > pam_ntdom, when installed as part of a PAM-enabled Unix Authentication
> > system, allows Unix users to be authenticated against a Windows NT
> > Domain environment.
> >
> > @begin marketing-speak
> > " The powerful combination of winbindd and pam_ntdom allows Unix
> > to be integrated seamlessly into Windows NT Domain environments,
> > which moves us closer to the Holy Grail of 'Single Sign-on'. "
> > @end marketing-speak
> >
> >
> > =====================================================================
> >
> > NOTE - Some important information
> > ---------------------------------
> >
> > Samba TNG up to alpha-0.3 required that the samba server be joined.
> > to its own Domain. This requirement has been removed.
> >
> > It is important that you read the source/README file for
> > instructions, and it is recommended that you join samba-ntdom at samba.org
> > for update information and status reports. For details, please see:
> >
> > http://samba.org/listproc/samba-ntdom
> >
> > =====================================================================
> >
> > NOTE - Primary Domain Controller Functionality
> > ----------------------------------------------
> >
> > This version of Samba contains code that correctly implements
> > the undocumented Primary Domain Controller authentication
> > protocols. However, there is much more to being a Primary
> > Domain Controller than serving Windows NT logon requests.
> >
> > A useful version of a Primary Domain Controller contains
> > many remote procedure calls to do things like enumerate users,
> > groups, and security information, 98% of which Samba TNG currently
> > implements.
> >
> > This work is being done in the CVS (developer) versions of Samba,
> > development of which continues at a fast pace. If you are
> > interested in participating in or helping with this development
> > please join the Samba-NTDOM mailing list. Details on joining
> > are available at :
> >
> > http://samba.org/listproc/
> >
> > Details on obtaining CVS (developer) versions of Samba
> > are available at:
> >
> > http://samba.org/cvs.html
> >
> > For this version, use a tag of SAMBA_TNG
> >
> >
> > =====================================================================
> >
> > NOTE - Known Bugs
> > -----------------
> >
> > It is *not* recommended that this version of Samba be run in a
> > production environment, for at least the following reasons:
> >
> > 1) The new MSRPC architecture forks() one MSRPC daemon per incoming
> > service request. The msrpc daemon stays around for as long as
> > the remote server maintains a connection to it. An investigation
> > is underway to attempt to minimise the number of outstanding
> > connections, because a *single* NT user logon can result in up to
> > 5 or 6 msrpc daemons waiting around, doing nothing but take up
> > process table space.
> >
> > Connection reuse has now been added and debugged: the number of
> > incoming connections is reduced but still fairly large.
> >
> >
> > =====================================================================
> >
> > If you have problems, or think you have found a bug please email
> > a full, detailed report to:
> >
> > samba-technical at samba.org
> >
> > As always, all bugs are our responsibility.
> >
> > Regards,
> >
> > The Samba Team.
> >
>
<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
<a href=" http://samba.org" > Samba Web site </a>
<a href=" http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list