Comments request to refute arguments about Samba...
David Collier-Brown
davecb at canada.sun.com
Mon Dec 13 21:20:33 GMT 1999
|Samba is an implementation of old Lan Manager stuff. For a listing
| of what real Lan Man did/does a reference is "Microsoft Lan Manager,
| Programmer's Reference", MS Press, was $40.
Very much obsolete... known as "CORE" protocol, and
no longer used.
| With Lan Man one has groups, and groups, and uncounted more groups.
| They use the word "shares" these days.
| And the wire is cheerfully busy with NetBIOS vintage traffic, making
| bridging a must. Management is equally delightful, especially
security.
Not with Samba, which is TCP/IP and a bit of UDP.
There are fewer broadcasts, too, notably when you're
using a WINS (windows name service) server.
Security is marginally better than ftp: passwords
may be encrypted, but data flows in the clear.
| So if 1980 technology is good enough then use Samba. Think small,
| don't interact, that's the stuff.
Interworks between PC/MT, Mac (dave) and Unix (samba).
Works reasonably across subnets (TCP is routable), but
not as aware of the network as AFS ("a nation-wide remote
file system")
| An oh by the way on Solaris. Unless those machines are fully
| patched and carefully sealed off then the bad guys will feast on
them and
| all machines they can reach via packet snoop programs. We have had a
very
| bad time with that part of things and the problems are not over.
True of all servers, with the possible exception of one of
the BSDs. I'm running Trusted Solaris, in part because of
that, on a test system. It's a military-grade os...
| Our UNIX Sysadmin does a good job with Solaris. Does SAMBA open up
other
| security holes ?
Not on the server, but running smb clients on PCs makes
them attackable, as does running NFS clients, AFS clients,
etc ad infinitum.
| There has been serious exploration of SAMBA as replacement for
Netware by
| the Systems Group here at UK. Right now, they are testing a "Student
| Locker" system using SAMBA. It isn't widely in use yet, but results
have
| been promising (I guess).
That's very sane: students tend to stress systems to the limit (;-))
| One concern has been the amount of RAM needed for each SAMBA
connection.
| On the test machine, SMB connections are using ~3MB/connection. At
that
| rate, we'd need about 3GB of RAM to accommodate our ~1000 machines.
That's a semi-famous misnomer: the shared libraries and
executables are counted once for each child process.
You really need
1 * binary
1 * shared library code
n * data
n * stack
and filesystem data buffers.
The latter are both dynamic and large: I usually recommend
1/2 MB per active child process, where active means "currently
reading or writing". Inactive processes end up paging their
data and stack out, so they require 0 MB (;-))
It's important to be running "priority paging" on Solaris for
loads of more than 300 active clients: it's stock on Solaris
7 and an option for 2.5.1 and 2.6.
For 1000 (hyper?) active PCS, all logging on at the same time,
you'd probably need on the order of .5 GB of memory and
1000 MB/S throughput. That's 160 100baseT ethernets, 47 CPUS
and 1,785 disks. This may be a bit more load than you really
need to support! I suspect it might be larger than the competing
system...
A more credible approach is to measure a system and see
what your user base requires. If you know the number of active
users and their approximate throughput demands on the current
system, start doing your sizing from that.
Similarly, if you have access to the student locker system, you
can collect some real numbers with a few scripts: send me mail!
--dave
[The calculations above are from
http://www.oreilly.com/catalog/samba/chapter/book/appb_03.html#appb-98866
]
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba
mailing list