Feeds

SAMBA team plots ‘killer appliance’

All that and single sign-on too

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

The SAMBA team is working on code that will lead to "killer appliances" according to author Jeremy Allison. At the very least, it could offer an opportunity to reduce the need for many of the NT servers that are deployed today.

Winbind hooks into the authentication mechanism used by Linux and most commercial Unixes, and replicates user and group information that's stored on a Windows NT/2000 server. It offers a single sign-on to Windows user information and works transparently with existing Unix software. Currently, sites using the open source SAMBA replacement for Windows file-and-print services must keep the Windows user database and the SAMBA server's user information in sync, a pretty tedious job.

The code is slated for release later this year, but The Register has had a sneak preview. Although the code is still in a pretty rough state, it worked seamlessly with existing Linux software. For example, once logged in using Winbind, group information was visible in KDE's file properties box as well as ls and other command line programs.

"It's the missing link," says Allison, the joint lead for the Samba project. "With Winbind, a Linux, or a Solaris or HP-UX server simply becomes a member server. You still need a PDC [Windows primary domain controller] - but eventually we can replace the PDC."

It works like this. The Linux authentication model uses PAM, or pluggable authentication modules (yes, the M is redundant), originally devised by Sun but adopted by most other commercial Unixes. Client side programs such as ls, ftp su or login make a call to nsswitch, which goes and looks for modules - which might be Unix Yellow Pages, LDAP or local information. Winbind is simply another module - the Winbind daemon caches user information stored on a Windows server. The user only need login as usergroup\username at their terminal.

The Samba code is widely used as a replacement for Windows file and print services. In fact, according to Allison, SAMBA often works more efficiently than the SMB protocol it replaces: by checking the RPC strings for overflows (which is why SAMBA servers can resist crashes NT/2000 can't), as well as using obvious optimisations ignored by Windows. There's not much the team can do about designed-in Windows security flaws, such as sending passwords of new machine as Unicode text over the network.

Appliance manufacturers including Cobalt are already interested, says Allison. The code was developed with input from Sun, which doesn't use Samba in its Cascades code, which also tries to make Windows-hosted Windows services redundant by doing the same jobs on Solaris servers. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.