Feeds

SAMBA team plots ‘killer appliance’

All that and single sign-on too

  • alert
  • submit to reddit

High performance access to file storage

The SAMBA team is working on code that will lead to "killer appliances" according to author Jeremy Allison. At the very least, it could offer an opportunity to reduce the need for many of the NT servers that are deployed today.

Winbind hooks into the authentication mechanism used by Linux and most commercial Unixes, and replicates user and group information that's stored on a Windows NT/2000 server. It offers a single sign-on to Windows user information and works transparently with existing Unix software. Currently, sites using the open source SAMBA replacement for Windows file-and-print services must keep the Windows user database and the SAMBA server's user information in sync, a pretty tedious job.

The code is slated for release later this year, but The Register has had a sneak preview. Although the code is still in a pretty rough state, it worked seamlessly with existing Linux software. For example, once logged in using Winbind, group information was visible in KDE's file properties box as well as ls and other command line programs.

"It's the missing link," says Allison, the joint lead for the Samba project. "With Winbind, a Linux, or a Solaris or HP-UX server simply becomes a member server. You still need a PDC [Windows primary domain controller] - but eventually we can replace the PDC."

It works like this. The Linux authentication model uses PAM, or pluggable authentication modules (yes, the M is redundant), originally devised by Sun but adopted by most other commercial Unixes. Client side programs such as ls, ftp su or login make a call to nsswitch, which goes and looks for modules - which might be Unix Yellow Pages, LDAP or local information. Winbind is simply another module - the Winbind daemon caches user information stored on a Windows server. The user only need login as usergroup\username at their terminal.

The Samba code is widely used as a replacement for Windows file and print services. In fact, according to Allison, SAMBA often works more efficiently than the SMB protocol it replaces: by checking the RPC strings for overflows (which is why SAMBA servers can resist crashes NT/2000 can't), as well as using obvious optimisations ignored by Windows. There's not much the team can do about designed-in Windows security flaws, such as sending passwords of new machine as Unicode text over the network.

Appliance manufacturers including Cobalt are already interested, says Allison. The code was developed with input from Sun, which doesn't use Samba in its Cascades code, which also tries to make Windows-hosted Windows services redundant by doing the same jobs on Solaris servers. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.