samba netbios / namedpipes domination: a comparison with linu x having a proprietary web server built-in

ntb at ntb at
Wed Jan 9 05:16:03 GMT 2002


Jeremy Allison wrote:

> On Tue, Jan 08, 2002 at 03:36:55PM -0500, David Brodbeck wrote:
> > While I understand that you feel Samba could be rewritten to make extensions
> > easier (hardly a point I'd argue against), aren't you overstating your case
> > a little?  You make it sound like they're in league with Microsoft in an
> > effort to undermine open-source development, or something.  No one is
> > stopping anyone from forking off a seperate version if they think they can
> > do better.
> >
> > I'm sure you realize that while you may see Samba as an Important Political
> > Weapon against the Great Satan Of Redmond, to many (probably most!) people
> > it's simply a useful software package for getting work done.
> Exactly. Plug-in's are great. Plug-in's will make what Luke wants much easier.

Not so fast, please. Plugin (in form Andrew described before) allows only
adding an rpc service on additional pipe (an one samba is not listening itself)
It makes impossible using samba as fileserver with Luke's domain controller stuff
(dce/rpc based netlogon, samr and lsarpc) which is, in my opinion,
best solution not just for me, but for all who wants nt4 compartible domain
(in perspective with almost all functionality, not just what samba team counts
with fileserver with acceptible performance (which samba tng is not).
Ideally it must use AD-compartible schema in ldap (for using winxp and w2k w/o
'rpc domain controller fallback') - but this is another story, I don't want
discuss it here.

to make it possible using 'external' auth mechanism (doesn't matter is it DC or
member server)
it must be an option in 'plugin api' to disable samba's internal rpc handling.
Ideally all 'internal' samba rpc (and domain controller) code must be presented
as default 'plugin' bundled with it.
when someone want to set it up as domain controller, he 'unplugs' default module,
and replaces it with interface module for fredce. (I don't like term 'glue' - it's
too offending.
sounds like 'can for Your shit')
In that case all connections requesting IPC$ share must be 'forwarded' to that
module, which,
in turn, sets up rpc-over-np transport for all dce/rpc servers running.
(I think Wez can give more detalied comments in this area)

> That was I can continue with "NOT CARING"
> (which Luke thinks is an offence :-) whilst the people who
> want to care about DCE/RPC named pipes can happily work within that framework.

While samba controls arbitrary pipes itself it is almost impossible. I don't talk
here about osexchange
or something like, it can be implemented thithin this framework.
But if it allows only adding but not replacing pipe handlers, it's more correct to
'can UNhappily work (or try to work)'

> Jeremy.

SMTP /Perece/.

More information about the samba-technical mailing list