Samba Backport Urgently Needed

Thank you for taking the time to report this bug and helping to make Ubuntu better. This bug did not have a package associated with it, which is important for ensuring that it gets looked at by the proper developers. You can learn more about finding the right package at https://wiki.ubuntu.com/Bugs/FindRightPackage. I have classified this bug as a bug in samba.

On Thu, Sep 06, 2007 at 09:28:46AM -0000, Launchpad Bug Tracker wrote:
> The latest version of Samba supported by Ubuntu Server Edition 6.06
> LTS is 3.0.22. This contains a VAST NUMBER OF VERY SERIOUS BUGS which
> have been cured or worked around in the current stable release of
> Samba i.e. 3.0.25c.

First of all: Yelling won't help you a whole lot.

> Considering that Samba is such a critical component of many 6.06
> Server Installations, if LTS means anything then a Samba BACKPORT is
> urgently required at this time.

Of course LTS means something. One of the things it means is that if
people are running an LTS release, we're not going to break it. There
may have been a number of backwards incompatible changes to Samba, so
just throwing a new version into a released version of Ubuntu may break
existing setups, which is completely unacceptable.

> I understand that much of this work has already been done (see
> Enterprise Samba link on Samba web site with Debian packages available
> for download)...

I don't see that link. Could you point it out for me?

> I am not familiar with the packaging process but I assume it's a case
> of prioritising this backport

We're not going to just take the new release and force it upon all our
existing Dapper users by dumping it in -updates. A straight backport is
not possible either as the current Samba package has dependencies that
cannot easily be fulfilled in Dapper.

> If this is not possible, a technical note on bypassing the packaging
> system might be useful as it will give end-users the ability to keep
> up with Samba changes independently of packaging system.

This is unlikely to happen either. While it might feel like a good
solution when you're doing it, when the time comes to upgrade to the
next LTS, headaches and aggrevation is guaranteed.

> PLEASE UNDERSTAND THAT, AS IT STANDS, 6.06 MIGHT AS WELL NOT SUPPORT
> SAMBA AS THERE ARE FUNDAMENTAL PROBLEMS WITH INTERWORKING WITH XP AND
> VISTA APPLICATIONS EVEN IN BASIC SET-UPS.

Please understand that shouting does not help. Also please understand
that if things seem risk-free and easy to do, but we're not doing them,
there's probably a reason.

I'm not saying that the Samba version we offer for Dapper is perfect.
I'm not even saying it's good. I'm certainly not saying it doesn't need
fixing. It does. Very much so. We "just" need to:

a) pinpoint the exact bugs that makes the Samba version in Dapper
unacceptable, extract patches for those bugs, integrate them into the
Dapper packages, and put them into dapper-updates.

and/or

b) create a recent Samba package for Dapper and put it into -backports
or perhaps a PPA for this particular purpose and somehow convey the
message of this repository's existence to the users who are experiencing
problems.

The problem with a) is that it's a tedious and error-prone process. It
takes a lot of time to evaluate bugs, and even longer to pinpoint the
exact changes Samba that fixes them, and finally testing the fixes. The
problem with b) is the process of making the updated version of Samba
apparant to everyone. There is no set mechanism for that.

I'm happy to accept input on the issue, especially if it's

a...

Backports are handled through the release specific Backports projects on Launchpad.

On Thu, Sep 06, 2007 at 12:35:24PM -0000, Scott Kitterman wrote:
> Backports are handled through the release specific Backports projects on
> Launchpad.

Yes, but as I pointed out, a backport is not possible in this case, and
it may not even be appropriate.

 affects ubuntu/samba
 status confirmed

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

A bit of discussion on IRC revealed I may have not been as precise as I
would have hoped.

Of course we want to support Dapper. If not, doing an LTS release (or
any release for that matter) would have been quite pointless.

You, however, seem to think that supporting a distribution means keeping
it completely up-to-date with the latest crack. That's not - and should
not be - how it works. If that's what you want, you should be running
Debian unstable, and no company in their right mind will support that.

If you have specific issues you are experiencing, you should report a
bug about them, so that we can evaluate them and see if they're worth
fixing in a released version of Ubuntu. Not "worth the time and effort"
for us, but "worth the risk" for all the other Dapper users out there
for whom it's working fine.

Please go through the bug list and see if any of those issues are the
ones that are causing you grief, comment on them that you think they are
really important and we can perhaps reevaluate them and reprioritise our
work. If they're not already reported, file new bugs and point out
(without shouting) that it's a big problem for you.

Thanks in advance for your help.

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

also are you sure these bugs mentioned arent fixed in one of the three security updates that sit in dapper-security ? you didnt give the porper version number of the samba package in the inital bugreport, note that serious security bugs get fixed all the time, so many of your "VAST NUMBER OF VERY SERIOUS BUGS" might have been fixed in a security backport of the patches, take a look.

Thank you all for quick replies

> First of all: Yelling won't help you a whole lot.

Very very very very very strong emphasis was the intention. *Asterixes don't seem to hack it anymore* ;-)
Do we have to be so politically correct about a few lines of uppercase?

> > I understand that much of this work has already been done (see
> > Enterprise Samba link on Samba web site with Debian
> packages available
> > for download)...
>
> I don't see that link. Could you point it out for me?
>

Here is the link (it seems to be down at the moment but I did access it last night)
http://enterprisesamba.com

You normally access up-to-date Samba Debian packages from:
Samba Home Page->Left Pane->Download Info->EnterpriseSamba->Debian->Sarge or Woody....

I was previously informed (rightly or wrongly) that Ubuntu closely tracks Debian. Now I don't know what the correlation is between Dapper and Debian (Sarge? Woody?) but I would assume that if the latest Samba release is available in packaged form for both these versions then all (or most of) the hard work will have been done for Ubuntu. If there is a serious degree of forking between Debian and Ubuntu, and this is therefore an incorrect assumption, then this begs the inevitable question:

"Why should anybody that is serious about Samba choose a Ubuntu distro over Debian?"

> I'm not saying that the Samba version we offer for Dapper is perfect.
> I'm not even saying it's good. I'm certainly not saying it
> doesn't need
> fixing. It does. Very much so. We "just" need to:
>
> a) pinpoint the exact bugs that makes the Samba version in Dapper
> unacceptable, extract patches for those bugs, integrate them into the
> Dapper packages, and put them into dapper-updates.
>
> and/or
>
> b) create a recent Samba package for Dapper and put it into -backports
> or perhaps a PPA for this particular purpose and somehow convey the
> message of this repository's existence to the users who are
> experiencing
> problems.
>
> The problem with a) is that it's a tedious and error-prone
> process. It
> takes a lot of time to evaluate bugs, and even longer to pinpoint the
> exact changes Samba that fixes them, and finally testing the
> fixes. The
> problem with b) is the process of making the updated version of Samba
> apparant to everyone. There is no set mechanism for that.

I accept these points...up to a point...but would you not agree that Samba is one of those apps that probably does not lend itself to piecemeal backports. It seems to me that there are so many inter-dependencies within Samba itself across releases that it would make more sense to perform backports in chunks that correlate closely with Samba releases á la Debian releases by Enterprise Samba people (mentioned above).

Just have a look at the Samba bug fixes between 3.022 and 3.025c and you will see what I mean.

>
> I'm happy to accept input on the issue, especially if it's
>
> c) not of the form "this is really easy, and I cannot
> understand why you
> are not doing it already"
>
You will note from my initial report that I apologised in advance if my assumption was incorrect.
As for reporting individual bugs...how long is a piece of string?
...

On Thu, Sep 06, 2007 at 03:01:08PM -0000, rvjcallanan wrote:
> > First of all: Yelling won't help you a whole lot.
> Very very very very very strong emphasis was the intention. *Asterixes
> don't seem to hack it anymore* ;-) Do we have to be so politically
> correct about a few lines of uppercase?

Unless people are very far away, shouting is not polite. I'm about 60 cm
from my screen. Lower case letters are sufficient.

>>> I understand that much of this work has already been done (see
>>> Enterprise Samba link on Samba web site with Debian packages
>>> available for download)...
>> I don't see that link. Could you point it out for me?
> Here is the link (it seems to be down at the moment but I did access
> it last night) http://enterprisesamba.com

It works now.

> You normally access up-to-date Samba Debian packages from: Samba Home
> Page->Left Pane->Download Info->EnterpriseSamba->Debian->Sarge or
> Woody....

What about Etch?

> I was previously informed (rightly or wrongly) that Ubuntu closely
> tracks Debian.

That's true.

> Now I don't know what the correlation is between Dapper and Debian
> (Sarge? Woody?) but I would assume that if the latest Samba release is
> available in packaged form for both these versions then all (or most
> of) the hard work will have been done for Ubuntu.

That sounds great. It's a shame, though, that they haven't contacted us
about maintaining the packages, triaged the bugs, closed them as
appropriate, etc.

It actually makes me proud and happy that you fail to see why this is a
problem. This means that we are doing a good job making sure that
upgrades work as expected. If you had seen the sort of breakage that
happen when you start installing packages from all sorts of weird
places, you wouldn't be suggesting this. We do the very best we can to
make sure upgrades work. We can't do that anymore if people are
installing packages from other places.

> If there is a serious degree of forking between Debian and Ubuntu, and
> this is therefore an incorrect assumption, then this begs the
> inevitable question:
>
> "Why should anybody that is serious about Samba choose a Ubuntu distro over Debian?"

I'll give you several:

1) Because one should not base one's choice of Linux distribution on
whether or not any one (1!) upstream chooses to provide non-standard
packages for said Linux distribution?

2) Because they don't provide Samba packages for the newest Debian
release either?

3) Because we actually offer support for things?

4) Because when you install a released version of Ubuntu, we don't
listen to all the people who suggest that we break their *installed* and
*working* systems by forcing random new software down their throat, but
rather take the responsible approach and cherrypick fixes for *reported*
*bugs* which our users have found to be a problem.

> I accept these points...up to a point...but would you not agree that
> Samba is one of those apps that probably does not lend itself to
> piecemeal backports.

Yes, and that makes my work very annoying from time to time.

> It seems to me that there are so many inter-dependencies within Samba
> itself across releases

Yes! Exactly! *That* is precisely w...

rvjcallanan wrote:

> Just have a look at the Samba bug fixes between 3.022 and 3.025c and you will see what I mean.

And then have a look at regression bugs (still unsolved):

https://bugzilla.samba.org/show_bug.cgi?id=4047
https://bugzilla.samba.org/show_bug.cgi?id=4886

and undefined (regression or new) bugs:

https://bugzilla.samba.org/show_bug.cgi?id=4917
https://bugzilla.samba.org/show_bug.cgi?id=4955
...

Some of this bugs are marked as 'major'. This is what Soren is talking
about. Backporting new version really does fix some bugs, but also (in
some cases) introduces new bugs.

In this case, introducing 3.0.25c could make ubuntu clients unusable in
AD networks (4047), unusable for older Samba installs (count in almost
all Linux distributions and OSX) (4886), probably hog some servers with
too high RAM consumption (4917) and make ACLs in Windows unusable
(4955). The list goes on, of course.

I don't say that things like this will happen, but there is possibility
and there are bugs open. So, there is a chance that some/all users of
Samba in Dapper will have new problems.

This is not how LTS works. Just take a look at RHEL 4 (or any other
enterprise distribution)- they still have kernel 2.6.9.

Sorry if anyone feels hurt...that was obviously not my intention, as anyone can see...and there's no need to get personal.

Maintaining a distro is indeed a hard station. Perhaps we (as a global community) should put a stop to this hack fest and set down very sensible guidelines for software cycle...that is of course if GNU/Linux wants to make serious inroads in the non-LAMP server arena outside the hobbyist sphere. Or is that another niaive assumption of mine?

It seems that nothing will come of my misguided "bug report" but let me close my involvement on this topic with the following observation....

I don't want to appear all self-serving but Samba is a very very special application and needs very very special attention.

Most other packages tend to co-exist in an informal development cycle where they more-or-less track each other and tend to need nothing more than security patches and ocassional bug fixes. Now, before some hard-pressed maintainer flames me, I emphasise the *more-or-less* and *tend to* part.

Samba is different in that it's development and maintenance cycles are driven primarily by what's going on in the Windows world. For exampe, a Microsoft service pack here or security hotfix there can introduce new issues or uncover existing problems which Samba must track as quickly as possible. Even updates to end-user applications such as Excel, Access, etc. can break Samba. I won't even mention Vista!! So while my server installations can be pretty stable in all other respects, I find myself needing access to Samba updates on an on-demand basis...yet I don't want to run an unstable Linux release. Catch 22 if ever there was one!!!

Since Windows dominates business installations, on the client side at least, it is imperative that any serious distro which claims LTS needs to sit down with the Samba team and look at ways of easing the incorporation of Samba fixes. Is that not what the enterprise samba effort is all about? (I note from your observations that this effort seems to have had little or no real value).

I detect from your replies some bad karma between Ubuntu and the Samba team. It does seem, with the benefit of hindsight, that the onus is more on the Samba side.

Given the impact that Ubuntu has undoubtedly made, the great man himself should don his space suit and sit down with Jeremy A. to hammer out some kind of a workable go-forward. If not then these two great icons of our times need to receive some serious prodding from the masses...nobody is beyond reproach..we are all expendable ;-)

rvjcallanan - I feel your pain on this one.

For the past 5 years I've been managing two networks running Linux/Samba servers as primary domain controllers with no Microsoft servers and a mix of Linux and Windows clients.

In every distribution that I've tested (Redhat/Suse/Ubuntu/Debian/Slackware), Samba has pretty much been treated as the redhead stepchild. Even in their so called enterprise version, the recommended Samba configurations generally give about as much functionality as directory sharing in Windows 95. Manually editing scripts, installing unsupported packages and compiling software seems to be the rule if you want a fully functional Samba domain controller. Especially if you want to use LDAP, DHCP and Dynamic DNS with Samba. Which to me are the basis of any fully functioning domain controller. And to top it off, most of the information you'll find googling Samba configuration, is either completely outdated or totally wrong. I can't even imagine anyone with limited experience with SMB/CIFS and TCP/IP and LDAP and the rest even attempting to setup a fully functional, mission critical system.

Over time it looks like the problem has been that the Samba Team, of whom I have great respect, has been rapidly developing Samba and has never really been happy with any "production" product. Or at least happy enough to maintain a bug-fix only version. And it's really not so much that Windows changes require all of the newest features in the latest Samba. Face it, even Vista with a few tweaks will connect to an old NT file server. It might not have the latest functionality, but if it's new functionality you're looking for, you'll have to upgrade something anyway. It's really more the fact the the Samba Team is always looking ahead to the new version and abandoning the old version and on the way breaking compatibility. Usually the clients aren't affected, but the server configuration definitely is affection from version to version.

Anyway, enough rambling . . . you're right. 6.06 by itself doesn't cut it as a Windows domain controller/server unless you're willing to manually install the latest Samba packages because there are really no backports of the latest patches. It might be worth noting though, that there are distributions out there that are getting better.

Maybe we need a Samba/OpenLDAP/DHCP/Bind DNS server project that is as easy to use a LAMP. After all there are only so many UNIX servers out there to replace and small and medium businesses out there would be more than willing to give a Linux server a try if it supported their clients out of the box. Ubuntu Small Business Server. Catchy!

rvjcallanan wrote:

> I detect from your replies some bad karma between Ubuntu and the Samba
> team. It does seem, with the benefit of hindsight, that the onus is more
> on the Samba side.

I really don't know where you got this feeling, but that's not true.
This has nothing to do with Samba, but with idea of long term support.
You can't support something that's always changing.

And, you should do your homework. Security patches in Ubuntu's Samba 3.0.22:

  * SECURITY UPDATE: remote heap overflows, remote command execution.
  * security_ndr-heap-overflows.patch: upstream fixes (CVE-2007-2446)
  * security_remote-command-execution.patch: upstream fixed (CVE-2007-2447)
  * SECURITY UPDATE: priv escalation via crafted AFS share filenames,
    denial of service when renaming a file in deferred open queue.
  * Add 'debian/patches/ubuntu-fix-open-loop.patch': fix infinite loop,
    taken from upstream patch.
    - CVE-2007-0452
  * Add 'debian/patches/ubuntu-fix-afsacl.patch': fix format string
    overflow, taken from upstrem patch.
    - CVE-2007-0454
  * SECURITY UPDATE: Remote DoS.
  * Add debian/patches/track_connection_dos.patch:
    - Limit active connections to 2048 to avoid DoS due to unbound array
      growing when tracking active connections.
    - CVE-2006-3403

These are all patches to default 3.0.22 version. So, we have all
security patches that are included in 3.0.25c, but without new bugs and
features.

What you are asking isn't security problem, but a wish for latest and
greatest. This will not happen in stable release. You could come up with
same question for every single package.

> What you are asking isn't security problem, but a wish for latest and
> greatest. This will not happen in stable release. You could
> come up with same question for every single package.

Actually no, I'm *not* looking for the latest and greatest, just something that works.
My configuration is little more than an NT Domain Controller clone from circa 1996.

I have now learned a very unfortunate lesson...

No GNU/Linux/Samba stable distro is a reliable replacement for a bog standard Windows Server.
Note my distro generalisation (UBUNTU happens to be my first introduction to Linux).

The strange thing is that the Samba team has done a wonderful job in reverse engineering the low level SMB/CIFS operation
i.e. fundamental file access/manipulation is reliable and performance seems to be excellent.
But the higher level permissions mappings etc seem to be all over the place. Yet I feel Samba is just a hair's breath away from getting things right...if they would just do a feature freeze on 3.0.X.

I can now see how difficult it is for distro maintainers working with Samba. Surely all 3.0.X releases should have more or less identical dependencies, otherwise start a new branch 3.1.X etc. I would also worry that some 3.0.25c security patches backported to 3.0.22 might have unintended side effects given the enormous amount of code changes and bug fixes between the two versions.

Jim Shanks's very "diplomatic" contribution gives me some cause for holding my head high amidst all the venom. Thanks Jim, I needed that!

I am no Samba insider but I think Jeremy and the Samba team need to stop basking in past glories and start getting their act together. They need to stop tinkering around at the bleeding edge and look at what people are experiencing on the ground with stable distros. Otherwise, somebody should fork the Samba project..perhaps as part of a Small Business Server distro along the lines of what Jim is suggesting. Can Ubuntu do to Samba what it did to Debian??? Oops, maybe I shouldn't have said that ;-)

I'm not sure that the Samba Team is really the right place to lay blame for the lack of a stable Linux/Samba server. They are coders. Samba is not an application like OpenOffice.org, or Totem. Samba is a very complicated CIFS server with most of the bells and whistles. And they really don't have much control over how it's implemented in any particular *nix. There are just too many variable for them to expect them to do a feature freeze.

Like any part of Linux that's not an application (i.e. Xorg, Gnome, OpenLDAP, PAM etc.) the decisions of how it works really needs to be done in the distribution. Where decisions of how to implement Samba along with the related packages can be made "for" the end user in a "sane" default configuration. Like I said before, the auto-configuration in almost all distributions provides the functionality of Windows 95 file sharing. That's perfectly fine for a desktop operating system or occasionally copying a file to a Windows client, but it's vastly inadequate for a domain controller/file server/print server with database sharing, file locking, full security, group rights, individual rights, etc.

All of these things can be done, all of the tools are there, I have it working. Problem is, it takes years of experience to make it relatively easy.

Here again, I think there should be a distribution designed primarily as a simple Domain Controller/File/Print Server. It should be a drop in replacement for Windows NT (Not 2003). Active Directory is serious overkill for most small businesses. Not to mention a general pain. Actually you can freeze any version of Samba you want. Anything over 3.0.14 will do what you need it to do as long as:
(1) The security patches are backported
(2) The bugfix patches are at least considered for backporting if they apply to the default "sane" configuration.

Any new functionality should be added only in the event that there is no other option to fix a major bug. (Vista) :)

Is anyone else interested in this? I'm not a coder (used to be, but got out of it a looong time ago) but I have had success in making it work, and would be interested in sharing experiences, scripts, config files and any other info as well as documentation.

I would also like to note that Ubuntu Desktop is the best *NIX that I've used to connect to a Linux/Samba server. I works great. A file server distribution would be a fantastic addition to the Ubuntu experience and once again like the easy-to-use desktop, Ubuntu can be first.

On Thu, Sep 06, 2007 at 06:25:25PM -0000, rvjcallanan wrote:
> Sorry if anyone feels hurt...that was obviously not my intention, as
> anyone can see...and there's no need to get personal.

I don't believe I've gotten personal. I merely explained that shouting
is not polite and not likely to get you closer to your goal. You,
however, have spoken badly about something, I care very deeply about,
namely Ubuntu. I rather consider that personal, but have not called you
on it, so let's let the matter rest.

> Is that not what the enterprise samba effort is all about?

I have no clue. Up until yesterday, I was completely unaware of its
existence.

> (I note from your observations that this effort seems to have had
> little or no real value).

I cannot and will not as a representative for Ubuntu tell people they
should be using something other than the Samba packages we provide.

a) We have no control over them, which makes it completely impossible
for us to give even a smidgeon of guarantee that their system will
continue to function.

b) It would make *our* efforts to provide Samba completely pointless.

> I detect from your replies some bad karma between Ubuntu and the Samba
> team. It does seem, with the benefit of hindsight, that the onus is
> more on the Samba side.

There is no bad karma of any kind (not to my knowledge, at least). The
Samba people have chosen to provide their latest and greatest software
for a select few Linux distributions (none of which are Ubuntu). That is
fine; it's their choice. It's just out of our control, so I can't go an
make any guarantees that if you're yanking out our Samba packages and
shoving theirs in instead, everything will still work as you'd expect it
to.

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

On Thu, Sep 06, 2007 at 09:57:45PM -0000, rvjcallanan wrote:
> > What you are asking isn't security problem, but a wish for latest and
> > greatest. This will not happen in stable release. You could
> > come up with same question for every single package.
> Actually no, I'm *not* looking for the latest and greatest, just
> something that works.

I'd like to direct your attention at the title and description of this
bug report: "Samba Backport Urgently Needed". It specifically does not
point out specific issues and provide suggestions about how to fix them.
In fact, it specfically asks to backport Samba 3.0.25c to Dapper. That
is, in fact, the latest and greatest.

> No GNU/Linux/Samba stable distro is a reliable replacement for a bog
> standard Windows Server.

Pointless generalisation will - much like shouting - bring you nothing
more than *very* annoyed developers.

> The strange thing is that the Samba team has done a wonderful job in
> reverse engineering the low level SMB/CIFS operation i.e. fundamental
> file access/manipulation is reliable and performance seems to be
> excellent. But the higher level permissions mappings etc seem to be
> all over the place. Yet I feel Samba is just a hair's breath away from
> getting things right...if they would just do a feature freeze on
> 3.0.X.

Halleluja. :)

> I would also worry that some 3.0.25c security patches backported to
> 3.0.22 might have unintended side effects given the enormous amount of
> code changes and bug fixes between the two versions.

I sleep pretty well at night knowing that our security team takes great
care to make sure our security fixes do not have unintended side
effects.

> Jim Shanks's very "diplomatic" contribution gives me some cause for
> holding my head high amidst all the venom. Thanks Jim, I needed that!

To what venom do you refer?

> I am no Samba insider but I think Jeremy and the Samba team need to
> stop basking in past glories and start getting their act together.
> They need to stop tinkering around at the bleeding edge and look at
> what people are experiencing on the ground with stable distros.

This is hardly the correct forum to make such suggestions. We've already
established that the Samba team do not handle our Samba bugs. Note: I'm
perfectly fine with that. A few upstreams do it, and it's highly
appreciated, but by no means a requirement. Neither de jure nor de
facto.

> Can Ubuntu do to Samba what it did to Debian???

What would that be?

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

On Thu, Sep 06, 2007 at 07:57:57PM -0000, jshanks wrote:
> [...] Samba has pretty much been treated as the redhead stepchild.

I'm not familiar with this idiom. I'm not a readhead nor a stepchild, so
I'm in no position to make assumptions about their care takers' attitude
towards them, but I gather from the context that this is not a position
one should strive for?

> Even in their so called enterprise version, the recommended Samba
> configurations generally give about as much functionality as directory
> sharing in Windows 95. Manually editing scripts, installing
> unsupported packages and compiling software seems to be the rule if
> you want a fully functional Samba domain controller. Especially if
> you want to use LDAP, DHCP and Dynamic DNS with Samba.

I agree that the default configuration we provide does not do Samba
justice. We would be more than happy to accept suggestions for a better
default configuration or cool scripts to include in our Samba packages.
How would you prefer to work on this? If you've got it all ready, just
file a wishlist bug about it. If you want to take a more active part in
it, stop by #ubuntu-server on IRC and we can discuss it there.

> Anyway, enough rambling . . . you're right. 6.06 by itself doesn't
> cut it as a Windows domain controller/server unless you're willing to
> manually install the latest Samba packages because there are really no
> backports of the latest patches. It might be worth noting though,
> that there are distributions out there that are getting better.

Which ones and how are they getting better? We're eager to learn and
improve.

> Maybe we need a Samba/OpenLDAP/DHCP/Bind DNS server project that is as
> easy to use a LAMP. After all there are only so many UNIX servers out
> there to replace and small and medium businesses out there would be
> more than willing to give a Linux server a try if it supported their
> clients out of the box. Ubuntu Small Business Server. Catchy!

In Gutsy+1 there will be something like this based on
http://www.ebox-platform.com/ .

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

On Fri, Sep 07, 2007 at 04:21:08AM -0000, jshanks wrote:
> (1) The security patches are backported
> (2) The bugfix patches are at least considered for backporting if they apply to the default "sane" configuration.

This is to a great extent what we do already.

> Any new functionality should be added only in the event that there is
> no other option to fix a major bug. (Vista) :)

Agreed.

> Is anyone else interested in this? I'm not a coder (used to be, but
> got out of it a looong time ago) but I have had success in making it
> work, and would be interested in sharing experiences, scripts, config
> files and any other info as well as documentation.

That sounds great. We'd love to have on in the community helping out
with this!

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

Please Soren, I know you probably work your ass off on this stuff, but try not to be so precious.
I am just a humble infrastructure guy trying to make things *actually work*. My lack of expertise regarding what goes on in your domain should not in any way detract from my basic requirement that it "should do what it says on the tin".

> To what venom do you refer?

Are you really serious?

> > Can Ubuntu do to Samba what it did to Debian???
>
> What would that be?

Eh, a fork??? Ubuntu SBS? Copyright Jim Shanks

Look, all joking aside, I've had a night's sleep to get things in perspective...after many sleepless nights...You all know what I mean.

I know that this is probably not the forum for a more general discussion but anyone reading this thread probably needs to get the whole story as my negative comments and resultant defensive postures may frighten off people if taken in isolation. I think this story is worth telling because many many other people have had similar experiences.

I took out a subscription to various Linux mags a couple of years ago to watch developments from a safe distance and try to get a good picture about what was going on. My intial impressions of the community effort were positive, however, I could see many potential fault lines. I used the term "Hack Fest" earlier on in this thread and that just about sums up my feeling at this stage. That is not to say that Microsoft doesn't have it's own structural problems which are reflected in products that have marketing written all over them and are generally over-the-top and "too bloody clever by half".

Having become sick of the patronising approach of Microsoft, I finally dipped my toes in Open Source using Ubuntu/Samba last summer. I was very impressed with initial tests, however many many niggly things began to bite once I started installing production systems. Undoubtedly many of these problems stemmed from the whole permissions mapping side of things and the slight differences between Linux and Windows usage of the underlying filesystem. Of course, my lack of familiarity with Linux didn't help but I persisted when many of my friends drew back and took the easy route...and who can blame them?

But let me add some positives...

As it stands, I am on the *cusp* of implementing a reliable MS Windows SB Server replacement using *stable* Ubuntu 6.06 LTS/Samba 3.0.22. I have avoided file system extended attributes. Even though they appear to be supported by Dapper, it seems that cp, tar and many other files sytem utilities have little or no extended attribute support...at least the versions supported by Dapper (if I am wrong, please correct me on this). Again, I don't want to overide packaging system with latest versions for all the usual reasons that have been pointed out already on this thread. By the way, I won't even mention Posix ACLs.

Given these constraints, I decided to use Samba's archive/system/hidden/read-only mapping to x bits together with the DOS FILEMODE option, I disabled ACL configuration on the client side (NT ACL SUPPORT = NO) and control permissions entirely from Linux side. This seems to work reliably and is almost what I want..the only downside is that...

On Fri, Sep 07, 2007 at 10:35:52AM -0000, rvjcallanan wrote:
> Please Soren, I know you probably work your ass off on this stuff, but
> try not to be so precious. I am just a humble infrastructure guy
> trying to make things *actually work*. My lack of expertise regarding
> what goes on in your domain should not in any way detract from my
> basic requirement that it "should do what it says on the tin".

If you actually want me to do anything for you, you could start by not
suggesting over and over again that nothing works, and everything is
completely b0rken. It's like suggesting that a car is completely
unusable because the ash tray is full.

> > To what venom do you refer?
> Are you really serious?

Yes.

> > > Can Ubuntu do to Samba what it did to Debian???
> > What would that be?
> Eh, a fork??? Ubuntu SBS? Copyright Jim Shanks

If that's what you're referring to, I don't understand the "I shouldn't
have said that" comment?

> I took out a subscription to various Linux mags a couple of years ago
> to watch developments from a safe distance and try to get a good
> picture about what was going on. My intial impressions of the
> community effort were positive, however, I could see many potential
> fault lines. I used the term "Hack Fest" earlier on in this thread and
> that just about sums up my feeling at this stage. That is not to say
> that Microsoft doesn't have it's own structural problems which are
> reflected in products that have marketing written all over them and
> are generally over-the-top and "too bloody clever by half".

Did it occur to you that the "hack fest" we have going on right here out
in the open also takes place in every closed source software company,
only behind closed doors? The freedom we provide you with, is the
freedom to take what is there now and use that or to wait until Samba
marks their 4.0 release. That's a choice you have.

> As it stands, I am on the *cusp* of implementing a reliable MS Windows
> SB Server replacement using *stable* Ubuntu 6.06 LTS/Samba 3.0.22. I
> have avoided file system extended attributes. Even though they appear
> to be supported by Dapper, it seems that cp, tar and many other files
> sytem utilities have little or no extended attribute support...at
> least the versions supported by Dapper (if I am wrong, please correct
> me on this).

I don't know. I haven't needed it myself, and I haven't seen any bug
reports about these issues.

> By the way, I won't even mention Posix ACLs.

Why?

> What prompted my misguided bug report was a strange bug which I
> discovered the other day and this was the straw that broke the camel's
> back.

Have you filed a bug report about it? It's kind of hard to fix bugs we
don't know about.

> I want a stable up-to-date Samba release

Are you suggesting that "stable" and "up-to-date" don't exclude each
other? Or are you suggesting that 3.0.25c which is the current
"up-to-date" version of Samba is the end all and be all of Samba
releases, so we can just take that one and never again have to update
it?

> Given the excellent relations we have already built up on this thread,
> you will then agree to my request

Possibly, yes. If I believe the fix is wort...

Soren, I think we're going round in circles here. Your ash tray analogy says it all. Please go back and read the initial contribution by Jim Shanks a.k.a. the voice of reason :) I also suspect we are on different planets when it comes to my futile attempts at humour to calm the waters. I suppose, I should insert smileys more often :) Of course, it goes without saying that I would share my humble experiences to save people from a similar fate, as I have already done on many forums...I need the damned thing working first! Geddit?

I have had enough hardship with Microsoft over the years trying to get them to see the real problems that people on the infra-structure side face on the ground, but at least they always couched their lack of empathy in corporate speak...thank you so much for sparing me that particular fate. I expect you'll have the last word on this as is your wont...as I ride into the sunset...only for the weekend that is, I'll be back in full battle regalia first thing Monday. Have a nice weekend!

> -----Original Message-----
> From: <email address hidden> [mailto:<email address hidden>] On
> Behalf Of Soren Hansen
> Sent: 07 September 2007 12:20
> To: <email address hidden>
> Subject: Re: [Bug 137656] Re: Samba Backport Urgently Needed
>
>
> On Fri, Sep 07, 2007 at 10:35:52AM -0000, rvjcallanan wrote:
> > Please Soren, I know you probably work your ass off on this
> stuff, but
> > try not to be so precious. I am just a humble infrastructure guy
> > trying to make things *actually work*. My lack of expertise
> regarding
> > what goes on in your domain should not in any way detract from my
> > basic requirement that it "should do what it says on the tin".
>
> If you actually want me to do anything for you, you could start by not
> suggesting over and over again that nothing works, and everything is
> completely b0rken. It's like suggesting that a car is completely
> unusable because the ash tray is full.
>
> > > To what venom do you refer?
> > Are you really serious?
>
> Yes.
>
> > > > Can Ubuntu do to Samba what it did to Debian???
> > > What would that be?
> > Eh, a fork??? Ubuntu SBS? Copyright Jim Shanks
>
> If that's what you're referring to, I don't understand the "I
> shouldn't
> have said that" comment?
>
> > I took out a subscription to various Linux mags a couple of
> years ago
> > to watch developments from a safe distance and try to get a good
> > picture about what was going on. My intial impressions of the
> > community effort were positive, however, I could see many potential
> > fault lines. I used the term "Hack Fest" earlier on in this
> thread and
> > that just about sums up my feeling at this stage. That is not to say
> > that Microsoft doesn't have it's own structural problems which are
> > reflected in products that have marketing written all over them and
> > are generally over-the-top and "too bloody clever by half".
>
> Did it occur to you that the "hack fest" we have going on
> right here out
> in the open also takes place in every closed source software company,
> only behind closed doors? The freedom we provide you with, is the
> freedom to take what is there now and use that or to wait until ...

Okay friends,

Let's start off this week on a constructive note.

I have now whittled down my "VAST NUMBER OF VERY SERIOUS BUGS" to a list of bare essentials which, if backported to Ubuntu 6.06 Server Edition LTS/Samba 3.0.22, will fulfill my requirements for implementing a workable Microsoft SBS replacement.
Nothing sexy mind, just a basic but reliable solution using Ubuntu/Samba and XP workstations with a fully open-source self-restore feature (using XOSL/FreeDOS/PartitionSaving) and a workable implementation of roaming/mandatory profiles with some smarts to handle profile-unfriendly apps. Maybe not the kind of lock-down that geeks like but perfect for business customers, schools, internet cafés, etc.

Here is my list...

1. https://bugzilla.samba.org/show_bug.cgi?id=3347

2. https://bugzilla.samba.org/show_bug.cgi?id=3467

3. https://bugzilla.samba.org/show_bug.cgi?id=3858

4. https://bugzilla.samba.org/show_bug.cgi?id=4211

5. https://bugzilla.samba.org/show_bug.cgi?id=4956

6. https://bugzilla.samba.org/show_bug.cgi?id=4346

7. https://bugzilla.samba.org/show_bug.cgi?id=4385

8. In addition to the above, I think it is also essential that we have
   up-to-date file utilities to handle extended attributes which are needed
   for Samba. I'm talking about cp, tar, etc. Otherwise, how can we possibly
   do common admin tasks such as backup, profile rollouts, etc? I hope I
   am not naive in thinking that these can be updated safely without
   compromising 6.06 stability (I was a little surprised that extended
   attributes are supported in 6.06 LTS but EA-compatible file utilities are not).

A few notes regarding the above list:

1. 3347 and 3367 may be related

2. 4211 and 4956 are probably related (in hindsight)

3. Discussion is ongoing on 4385. The bug report was originated by somebody else
   in February. It seems to have been left in limbo, possibly indicating that it
   was cured in a later release. The samba maintainer has not noticed bug at his
   end so this is a strong possibility. When I am in a position to pinpoint the
   exact fix, I will post. I have included it here as it is critical to correct
   file/directory attribute manipulation by a windows client.

4. There will probably be a couple of less obvious bugs with more subtle
   ramifications. I think it is best to take these one at a time when and if
   they arise e.g. when my SBS implementation is really stressed.

As soon as I get a working system, I will post details on forum.

I dont see a reason to keep this open. Its not going to happen.

chuck

Oh, that? Sorry, I've long since moved to CentOS. Must check out Ubuntu
again soon and see if they are really serious about enterprise servers. But
I confess that I still love the Ubuntu Desktop :-)

On 11 June 2010 14:19, Chuck Short <email address hidden> wrote:

> I dont see a reason to keep this open. Its not going to happen.
>
> chuck
>
> ** Changed in: samba (Ubuntu)
> Status: Triaged => Won't Fix
>
> ** Changed in: dapper-backports
> Status: New => Invalid
>
> --
> Samba Backport Urgently Needed
> https://bugs.launchpad.net/bugs/137656
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Regards,
Vincent Callanan
+353-86-8511625