Comments request to refute arguments about Samba...

David Collier-Brown davecb at canada.sun.com
Mon Dec 13 21:20:33 GMT 1999


|Samba is an implementation of old Lan Manager stuff. For a listing
| of what real Lan Man did/does a reference is "Microsoft Lan Manager,
| Programmer's Reference", MS Press, was $40.

	Very much obsolete... known as "CORE" protocol, and
	no longer used.

| With Lan Man one has groups, and groups, and uncounted more groups.
| They use the word "shares" these days.

| And the wire is cheerfully busy with NetBIOS vintage traffic, making
| bridging a must. Management is equally delightful, especially
security.

	Not with Samba, which is TCP/IP and a bit of UDP.
	There are fewer broadcasts, too, notably when you're
	using a WINS (windows name service) server.

	Security is marginally better than ftp: passwords
	may be encrypted, but data flows in the clear.

| So if 1980 technology is good enough then use Samba. Think small,
| don't interact, that's the stuff.

	Interworks between PC/MT, Mac (dave) and Unix (samba).
	Works reasonably across subnets (TCP is routable), but
	not as aware of the network as AFS ("a nation-wide remote
	file system")

| An oh by the way on Solaris. Unless those machines are fully
| patched and carefully sealed off then the bad guys will feast on
them and
| all machines they can reach via packet snoop programs. We have had a
very
| bad time with that part of things and the problems are not over.

	True of all servers, with the possible exception of one of
	the BSDs.  I'm running Trusted Solaris, in part because of
	that, on a test system.  It's a military-grade os...

| Our UNIX Sysadmin does a good job with Solaris. Does SAMBA open up
other
| security holes ?  

	Not on the server, but running smb clients on PCs makes
	them attackable, as does running NFS clients, AFS clients, 
	etc ad infinitum.


| There has been serious exploration of SAMBA as replacement for
Netware by
| the Systems Group here at UK. Right now, they are testing a "Student
| Locker" system using SAMBA. It isn't widely in use yet, but results
have
| been promising (I guess).

	That's very sane: students tend to stress systems to the limit (;-))

|  One concern has been the amount of RAM needed for each SAMBA
connection.
| On the test machine, SMB connections are using ~3MB/connection. At
that
| rate, we'd need about 3GB of RAM to accommodate our ~1000 machines.

	That's a semi-famous misnomer: the shared libraries and
	executables are counted once for each child process.

	You really need 
		1 * binary
		1 * shared library code
		n * data
		n * stack
	and filesystem data buffers.

	The latter are both dynamic and large: I usually recommend
	1/2 MB per active child process, where active means "currently
	reading or writing".  Inactive processes end up paging their
	data and stack out, so they require 0 MB (;-))

	It's important to be running "priority paging" on Solaris for
	loads of more than 300 active clients: it's stock on Solaris
	7 and an option for  2.5.1 and 2.6.


	For 1000 (hyper?) active PCS, all logging on at the same time, 
	you'd  probably need on the order of .5 GB of memory and
	1000 MB/S throughput.  That's 160 100baseT ethernets, 47 CPUS
	and 1,785 disks. This may be a bit more load than you really
	need to support!  I suspect it might be larger than the competing
	system...

	A more credible approach is to measure a system and see
	what your user base requires. If you know the number of active
	users and their approximate throughput demands on the current
	system, start doing your sizing from that.

	Similarly, if you have access to the  student locker system, you 
	can  collect some real numbers with a few scripts: send me mail!

--dave
[The calculations above are from

http://www.oreilly.com/catalog/samba/chapter/book/appb_03.html#appb-98866
]
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com


More information about the samba mailing list