s3compat progress

Andrew Bartlett abartlet at samba.org
Wed Jun 2 07:58:12 MDT 2010

I've made a lot of progress on s3compat in the past few weeks, and I
wanted to mention it on the list again.


The biggest change is that building on the named pipe proxy work done
for Franky, I've plugged these pipes across from Samba3 to Samba4:
"samr", "lsarpc", "netlogon", "drsuapi", "dssetup", "epmapper", "echo"

I've tested this with the RPC-LSA test, and will test domain joins etc

I've also implemented auth, passdb and idmap modules plug into the
available APIs in the source3 code to implement these features in terms
of the Samba4 databases.  I've also added compatible functions for
secrets (domain join) handling and auth_ntlmssp (server-side NTLMSSP). 

I'm running the winbindd code from source3, as well as the file server
code from source3, but most other services are provided by the source4
code, including the storage of domain join secrets, the 'SAM' etc. 

Going forward I hope to look into changing auth_ntlmssp into a 'sort of
GENSEC' in Samba3, handling SPNEGO and Kerberos too.  This will allow
s3compat to implement the AES-based enhancements to GSSAPI and SPNEGO
for the CIFS server (an important detail I would not wish to loose when
changing CIFS servers for the domain controller). 

I also want to look at finishing pdb_samba4, and somehow compiling it
into smbpasswd and (most importantly) pdbedit, as an upgrade tool to
Samba4's sam.ldb. 

The code is at:

git://git.samba.org/abartlet/samba.git s3compat

Finally, I want to say a big thanks to everyone who has helped me by
reviewing and signing off on patches for this.  I know I've been
impatient and stubborn at times, and your patience in dealing with me
and the long string of patches I've proposed has been great.


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100602/d085595a/attachment.pgp>

More information about the samba-technical mailing list