Willing to work for Samba GSOC 2011 ideas(George)

Matthieu Patou mat at samba.org
Sun Mar 27 15:27:41 MDT 2011 

Hi Georges,

I'm one of the proposed mentor for the GPO implementation and I guess 
it's more or less my proposal.

Most of the GPO are targeted to alter the behavior of the client 
(workstation, server, domain controller) but some are not: Server side GPO.
Server side GPO as I called them are GPO (Group POlicies) that are 
targeted for active directory database of DCs (Domain Controllers) and 
that most of the time result in a change in the sam database where all 
the objects of the Active Directory domain are stored.

The example I always gave is the number of days for password validity, 
by default it's 42 (;-). With gpmc.msc (you need the administration 
tools for windows server, it's "free") you can set the entry: Computer 
Configuration -> Windows Settings -> Security Settings -> Account 
Policies -> Password Policy -> Maximum password age and it sets the 
maxPwdAge to -36288000000000 on root DN of the domain (the one that's 
stats with DC=) after you wait for the gpo to be reread by the DC (or if 
you force it with gpupdate /force).

The value is stored in GptTmpl.inf in 
\\domain.tld\SYSVOL\domain.tld\Policies\{id_policy}\MACHINE\Microsoft\Windows 
NT\SecEdit.

We expect to have the same behavior with samba4 that is to say when you 
edit with gpmc.msc this entry you expect within a couple of minutes to 
have the attribute changed as well on a samba4 DC.

The goal is to implement server side GPO so that setting those GPO would 
effectively alter the sam database.
This project is rated medium in difficulty, if I was about to implement 
it I would do the following:

1) create an as exhaustive as it can be list of server side GPO 
(password age, password length, password complexity, ...)
2) create a task in samba4 with a timeout of x seconds, take inspiration 
on the task that is doing the dns record update
3) make the task look for the different files known to hold serverside 
GPO (there is GptTmpl.inf for sure) in the different GPO directories.
4) for each file extract the parameters that needs to be set in the sam 
database
5) for each parameter, update the sam if needed

Step 2 is in C for sure, steps 4-5 could be done in python as it is our 
language for scripting (usually scripting is quicker than pure C in 
terms of "time to product") as we have already some helpers in python to 
set some of this parameters (in samba-tool) so we can do some code reuse.

 From my point of view the project will be considered as fulfilled if 
for a given set of settings in GPMC they are automatically updated. Then 
there is subtlety that would be nice to have like taking care of the 
priority and whether or not the GPO is enabled and maybe some other 
stuff that we will discover.

Concerning your skills, I guess it's ok as a lot of things can be done 
by duplicating/adapting code that has already be done for similar 
things, with the description that I made it's more up to you to see how 
you feel with the project.

As for login/logout there is another student willing to work on this so 
I would say that it's better if you can do the GPO ;-).

Matthieu.

On 25/03/2011 01:08, George zhao wrote:
> Hi Matthieu Patou, Wilco Baan Hofman, and Andrew Bartlett,
>
> This is George, and I am a computer science PhD student in USA now. I intent
> to work for your project during GSOC 2011, I am really interested in
> your project ideas.
>
>     * Implement server side GPO in Samba4
>     * Implement login / logout related counter update
>
> Please allow me to introduce some of my background and the reason why
> I choose these ideas here for your reference.
>
> Before I was involved in the current PhD program, I have worked on two
> platforms for two companies(Huawei and SIEMENS), for around 5 years.
>
> The first platform is a large scale router platform, I've been involve
> in some protocol implementations of the transport layer, like PPPOE,
> PPOA, and some application layer servers, like RADIUS and TACACS, in
> 4-tier TCP/IP protocol stack.
>
> The second one is a test platform for a device called RNC in WCDMA
> network, which is an wireless network based project.
>
> Both of them are developed by C programming language.
>
> I saw you are the mentors of these two projects, can you guys give me
> some feedback about my background, and am I qualified for these two
> projects.
>
> The requirement in the samba idea page is C and network, both of them
> are in my skill set, but for the whole samba system, I am afraid that
> I am a freshman. Hopefully, I still have the chance to give it a shot.
>
> Thanks again for your time!
>
>
> Have a good day!
> George


-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba-technical mailing list