Where to for Samba4?
abartlet at samba.org
Thu Sep 6 09:22:41 GMT 2007
On Thu, 2007-09-06 at 09:32 +0200, Matthias Dieter Wallnöfer wrote:
> Hi Andrew!
> Andrew Bartlett schrieb:
> > Now that we have an alpha release, I thought I would try and start a
> > discussion about where Samba4 should go.
> > Clear targets we already have on the Wiki are:
> > - Clustering support. This code started in Samba4, and I hope that in
> > time, Samba4 can use these features.
> > - Schema enforcement. One, not unreasonable, suggestion has been to
> > make this become the responsibility of an OpenLDAP (or Fedora DS)
> > backend.
> > - Access control. We now store NT ACLs in LDAP, and honouring them
> > (rather than kludge_acls) should not be that hard. Likewise on the
> > registry (should have been done for the alpha...)
> > - One-off active Directory migration.
> > Some other tasks I see for the near future:
> > - Kill the LDB browser and move back to SWAT1 in Samba4, with
> > phpldapadmin either run inside SWAT, or with apache.
> > A list of targets is useless, if they bear no resemblance to what is
> > likely to be achieved. Similarly, most of the work done on Samba4 in
> > the past few months has not been on the roadmap, but just the response
> > to well-filed bugs in bugzilla.
> > One particular thought I've had suggested is to try using OpenLDAP to
> > handle schema validation and subtree renames (by always using an
> > OpenLDAP hdb backend). Likewise, should we trim unlikely features such
> > as NetBIOS browsing from the list of features folks may expect from
> > Samba4?
> > Finally, I've heard all manner of different people give views in the
> > press about where Samba4 is heading - a separate release, a DC only,
> > just another head of a Samba3 borg?
> > From my point of view, I'm expecting to make a release, with good DC,
> > and hopefully good file-server capabilities. But I would like to
> > discuss what (if anything) Samba4 means to more than just myself.
> > Thoughts?
> > Andrew Bartlett
> Yes, I think your thought are basically good. But I wouldn't give up to
> implement more RPCs to be more compatible with mainly older Windows
> networking software (and also NT Administration Tools).
Possibly, but then we need someone to implement those RPCs. Most of the
hard work is done (testsuites, IDL), but someone needs to step up and do
> We should then also start to divide/implement other roles to SAMBA 4.
> Because now it seems only to be an AD domain controller, I'm right?
> Because for a normal user-level security machine (similar to a NT
> workstation) we don't really need the LDB backend.
We might not need it, but using LDB is easier than duplicating the code
for this case.
> The schema checking I wouldn't let only do external components. Or we
> change internally to the OpenLDAP HDB backend or we have to do some
> check in LDB, I think.
I'm not sure what you mean here. I'm hoping to avoid duplicating the
schema validation code - OpenLDAP (and Fedora DS) can surely handle this
better than we do.
> The NetBIOS browsing support is needed at one stage.
Why? Modern windows domains don't even use NetBIOS.
> The printing
> services also (if they are also difficult to implement).
Likewise, why? Just because something might be nice to have, doesn't
mean we have the resources to implement it. That is what this
discussion is about - what we can do, rather than what we would like to
That said, I do appreciate your feedback - the different perspectives
are what I want to see.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070906/d0177d2c/attachment.bin
More information about the samba-technical