mat+Informatique.Samba at matws.net
Sat Apr 3 13:16:48 MDT 2010
I had 2 ideas for people who wants to apply for google summer of code.
They are both related to samba 4.
1) Implement server side GPO in samba 4.
The idea here is that when you set a GPO for something that has to be
done on the DC (ie. the password age) then it is automatically and
quickly (within a couple of minutes) applied into the samba database
(sam.ldb I think).
For the moment for such parameters we have to run manually python
scripts on one DC to make effective. There is the risk that the value
set in the GPO is not the one really stored in the database and so there
is a manual step.
With this project we aim at manipulating this parameters directly from
A lot of bricks needed are already present, it's mostly a matter to glue
them together and of course to make tests.
The big picture as I saw it is to start a "thread" in samba4 (as it's
done for the dns updates) that will scan gpo files on startup and also
that will monitor gpo files and dir for addition/removal (it can use
inotify or similar things on os that support it).
Once a gpo file is found we use libgpo to parse it and to find if there
is an entry that concerns the server if so parse the value and modify
the database accordingly (if needed).
The first milestone would be to make it work with a simple monitor that
periodically scan the gpo folder, search for gpo files and more
precisely for the password age parameter (as it is the most recurrent
question related to server side GPO), and then modify the database entry
related to this.
The code would have to be modular so that managing another parameter
(ie. minimum password length) must be done very easily and with only few
For students willing to go further there is different possibility:
* make the gpo monitoring more clever by using file monitoring calls for
the os (inotify, ...) (simple)
* manage some subtle part of the gpo (like precedence of gpo defined on
OU=boo,DC=foo,DC=bar on one define on DC=foo,DC=bar) (medium to complicated)
* analyze different options that should be parsed and applied to the
samba 4 domain database, for the moment the list for parameters that are
set through GPO and that are known to have an impact on the database is
fairly small. The goal here to find out more parameters like that.
2) Implement login / logout related counter update
For the moment the attributes related to login and logout are not
updated by samba.
The goal of this project is to understand in which case windows update
the counters (ie. most probably during interactive logon but also maybe
with some netlogon calls ?) and to implement counter and timestamp
update is samba code so that this information can be available.
This project of course include the development of unit tests and should
be suitable for a gsoc. It's to my mind an easy project that will allow
any willing student to dive more deeply into samba code.
As for the mentor I don't know I'm not against mentoring this project,
but I suppose that project should (must?) be mentored by people from
samba team and also I might lack some samba rules knowledge that can be
valuable for mentoring students.
More information about the samba-technical