Samba4 Alpha 8 Status

Andrew Bartlett abartlet at samba.org
Tue May 12 12:54:53 GMT 2009 

On Mon, 2009-05-04 at 17:11 +0200, Sassy Natan wrote:
> Samba 4 Alpha 8
> 
> 
> 
> Dear Group Member
> 
> 
> 
> I was wonder if anyone can tell when Samba4 Alpha 8 will be release.

I've been on holiday, but my hope is to release some time in the next
week or two. 

> I have being playing with it for quite a while and it seems to work very
> good on my Linux Debian Lenny Version.
> 
> This version which includes Microsoft Full Active Directory Schema allows me
> now to have a centralized database for my windows and UNIX user, so now all
> my users authenticated via the Active Directory even if they are using Unix,
> Linux or MacOX. (To achieve this I have used Kerberos, libnss_ldap and
> pam_krb5).
> 
> 
> 
> The fact you have RFC2307 attributes and classes in the schema really makes
> life easier when we are talking about SID-UID mapping.
> 
> But I still have some questions in mind:
> 
> 
> 
> 1. What is the use of using OpenLDAP as backend with Samba4? Is it better to
> have it as a stand alone, without OpenLDAP? Or this will increase
> performance?

It will decrease performance, but add rudundency.  (You can setup
multi-master replication). 

> At the moment I am using it with openldap backend but I was wonder maybe I
> can left it out in a production environment?

Do you need 2 servers?

> 2. I notice that the slapd 2.4.15 crashed while using ADUC. This happened
> like 5 times but I can’t really tell at the moment what the cause of the
> problem is.

If slapd crashes, then please file a bug with OpenLDAP.  slapd should
never crash, no matter how bad Samba behaves, and I know the OpenLDAP
crew are very keen to chase down any issues.  

> 3. When Creating Users in the domain – they aren’t being added automatically
> to the Domain Users Group. This was working in the Alpha 6.

Odd.  I wonder what changed. 

> 4. I can’t change a user password from the command line anymore. This was
> working in the Alpha 6. Here is was I’m getting
> 
> 
> 
> Dev:/var/log#  net password set -UAdministrator%password user
> 
> Enter new password for account [HOME\users] :
> 
> net_password_set: Connection to SAMR pipe of PDC of domain 'Home' failed:
> NT_STATUS_IO_TIMEOUT
> return code = -1

Can you figure out what point the smbd is stuck at when this happens?
Breaking the server with gdb might help. 

> 5. I was wonder if anyone can provide some help how to use samba3 with
> windows active directory rc2. I have a configure my opensolaris machine
> with NTP, Kerberos, PAM_KRB5, LIBNSS_LDA  so now when doing "getent passwd"
> I get all my users in AD (Windows) and can logging and logout without a
> problem. The UID and GID of the users come from the AD since I used the Unix
> Services option. My question is how to use the information from the AD with
> winbind. I know there is a way to use it with the RID but I think the best
> option here is to use the info comes from the AD.

Frankly, never use libnss_ldap instead of Winbind.  We wrote winbind
because libnss_ldap and pam_krb5 isn't enough for proper windows
interoperability.  It still astounds me how many folks think "it can't
be that hard, I don't need winbind", and then wonder why it is...

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090512/e4580545/attachment.bin

More information about the samba-technical mailing list