Willing to work for Samba GSOC 2011 ideas(George)
mat at samba.org
Sun Mar 27 15:27:41 MDT 2011
I'm one of the proposed mentor for the GPO implementation and I guess
it's more or less my proposal.
Most of the GPO are targeted to alter the behavior of the client
(workstation, server, domain controller) but some are not: Server side GPO.
Server side GPO as I called them are GPO (Group POlicies) that are
targeted for active directory database of DCs (Domain Controllers) and
that most of the time result in a change in the sam database where all
the objects of the Active Directory domain are stored.
The example I always gave is the number of days for password validity,
by default it's 42 (;-). With gpmc.msc (you need the administration
tools for windows server, it's "free") you can set the entry: Computer
Configuration -> Windows Settings -> Security Settings -> Account
Policies -> Password Policy -> Maximum password age and it sets the
maxPwdAge to -36288000000000 on root DN of the domain (the one that's
stats with DC=) after you wait for the gpo to be reread by the DC (or if
you force it with gpupdate /force).
The value is stored in GptTmpl.inf in
We expect to have the same behavior with samba4 that is to say when you
edit with gpmc.msc this entry you expect within a couple of minutes to
have the attribute changed as well on a samba4 DC.
The goal is to implement server side GPO so that setting those GPO would
effectively alter the sam database.
This project is rated medium in difficulty, if I was about to implement
it I would do the following:
1) create an as exhaustive as it can be list of server side GPO
(password age, password length, password complexity, ...)
2) create a task in samba4 with a timeout of x seconds, take inspiration
on the task that is doing the dns record update
3) make the task look for the different files known to hold serverside
GPO (there is GptTmpl.inf for sure) in the different GPO directories.
4) for each file extract the parameters that needs to be set in the sam
5) for each parameter, update the sam if needed
Step 2 is in C for sure, steps 4-5 could be done in python as it is our
language for scripting (usually scripting is quicker than pure C in
terms of "time to product") as we have already some helpers in python to
set some of this parameters (in samba-tool) so we can do some code reuse.
From my point of view the project will be considered as fulfilled if
for a given set of settings in GPMC they are automatically updated. Then
there is subtlety that would be nice to have like taking care of the
priority and whether or not the GPO is enabled and maybe some other
stuff that we will discover.
Concerning your skills, I guess it's ok as a lot of things can be done
by duplicating/adapting code that has already be done for similar
things, with the description that I made it's more up to you to see how
you feel with the project.
As for login/logout there is another student willing to work on this so
I would say that it's better if you can do the GPO ;-).
On 25/03/2011 01:08, George zhao wrote:
> Hi Matthieu Patou, Wilco Baan Hofman, and Andrew Bartlett,
> This is George, and I am a computer science PhD student in USA now. I intent
> to work for your project during GSOC 2011, I am really interested in
> your project ideas.
> * Implement server side GPO in Samba4
> * Implement login / logout related counter update
> Please allow me to introduce some of my background and the reason why
> I choose these ideas here for your reference.
> Before I was involved in the current PhD program, I have worked on two
> platforms for two companies(Huawei and SIEMENS), for around 5 years.
> The first platform is a large scale router platform, I've been involve
> in some protocol implementations of the transport layer, like PPPOE,
> PPOA, and some application layer servers, like RADIUS and TACACS, in
> 4-tier TCP/IP protocol stack.
> The second one is a test platform for a device called RNC in WCDMA
> network, which is an wireless network based project.
> Both of them are developed by C programming language.
> I saw you are the mentors of these two projects, can you guys give me
> some feedback about my background, and am I qualified for these two
> The requirement in the samba idea page is C and network, both of them
> are in my skill set, but for the whole samba system, I am afraid that
> I am a freshman. Hopefully, I still have the chance to give it a shot.
> Thanks again for your time!
> Have a good day!
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical