Opening windows

sambaXP 2018

17th International User and Developer Conference

5th- 7th of June 2018

Sponsored by:

Opening windows
sambaXP 2018

Save the date: SAMBA eXPeriencce 2018 will take place in Goettingen, Germany from 5th-7th of June 2018!

The SAMBA eXPerience 2017 was the 16th international SAMBA conference for users and developers. Attendants met the SAMBA Team, discussed requirements, new features and got an update on current developments. The conference was organized by SerNet. We are looking forwards to seeing you (again) in 2018.

program Call for Papers 2018

Jeremy Allison
(Chairman of sambaXP)

Call for Papers & Deadlines

Please note the following deadlines concerning paper submission:

  • until February 28th, 2018: call for papers
  • until March 8th, 2018: notification of accepted talks

Preparations for the 2018 SAMBA eXPerience Conference are under way. SerNet and the SAMBA Team wish to receive submissions of interest and proposals for papers, presentations, and talks about SAMBA and the broader challenges of data management at the sambaXP 2018 conference.

There will be opportunity for technical talks, user reports, presentations, and technical papers. Preference is given to English language materials although proposals in English for an other language will be gladly considered.

Topics of interest include:

Data Management:

  • Special Business Solutions with Samba
  • File and object storage technology developments
    • Large capacity file storage search and index
    • Open Source solutions that facilitate file life cycle management
    • Distributed storage management
  • Meeting future challenges
    • Performance optimization
    • Project roadmaps and how to achieve them
    • The changing shape of file usage
    • Development Projects Overview
    • Mobile file storage methods involving Samba
  • Selling Open System Infrastructure File Services
    • How to get the right Support for your organization
    • Meeting HelpDesk needs.

Technology Spectrum:

  • Authentication and Identity Management
    • Active Directory Integration
    • Getting the best out of the Samba Directory Server (DS)
    • Integration with external LDAP servers
    • Samba DS use with Microsoft ADS
  • Handling extreme data sets
  • Samba SMB2.x implementation – preparations for early adopters
  • Samba Clustering for High-Availability & High-Performance
  • How to keep your protocols current, your systems secure, and avoid downtime
  • File systems and Clustered file systems
    • The things that really matter
    • Upset recovery
    • Data protection
    • Backup and Recovery
    • Use of snapshot file systems
    • Use of versioned file systems
    • Virtualization and NAS systems

Talk should last 45 minutes including discussion.

Paper registration and paper submission can be done online only via the registration form on this Website. You may upload your presentation (any format, PDF or PostScript is preferred) together with the paper registration. After acceptance by the program committee your contribution will be published in a conference transcript as handout.

Remembrance

The sambaXP 2017 is dedicated to the remembrance of Lars „Lieschen“ Müller, who passed away on October 1st 2016 at the age of 46. Lars Müller was a long term Samba Team member, a good friend of many people at SerNet and a diligent sambaXP participant. But first of all Lars was a brave, honest and modest person, never afraid of sharing his valuable opinions that always came with great self-irony and reflection. He will be missed and never forgotten.

Lars "Lieschen" Müller

Conference program 2017

10:00 am - 05:00 pmThe Tutorial

Creating a Samba 4 Active Directory with DDNS

This year I will show in my tutorial how to setup a Samba 4 Active Directory with two Domaincontrollers. The DNS-Backend I will use is bind9. In addition we will install isc-dhcp-server to set up a DDNS, so that all clients get the IP-configuration via a dhcp-Server and register there hostname and IP-address dynamically to the forward- and reverse-zone. The ic-dhcp-server will be configured on both DCs, so that the DHCP-Service is fault-tolerant. Topics: - Setting up a Debian Server as first ADDC - Configure bind9 as DNS-backend - Setting up the DHCP-server on the first ADDC - Configuring the second ADDC with bind9 DNS-backend - Setting up the DHCP-server als failover on the seconf DC - configure sysvol-replication via rsync - setting up a debian-client as Domainmember
Stefan Kania
Stefan Kania
8:00 am - 10:00 am

Start of the sambaXP conference

Conference registration at Hotel FreizeitIn Göttingen
10:00 am - 10:05 am

Welcome Note from SerNet

10:05 am - 10:15 am

Chairman’s note

10:15 am - 11:00 am

Samba/Microsoft alignment – possible future directions

Samba has always had an important place in Microsoft’s customer ecosystem, and over time the growing importance of cloud computing, multivendor applications and multiplatform convergence bring Samba and Microsoft even closer. A number of Samba-related efforts are underway at Microsoft, spanning cloud services, high performance file sharing, and potentially growing into opportunities for advanced low-latency remote storage through networked persistent memory. This talk will explore ones the speaker finds most relevant and most exciting, and encourage focused thinking of how the Samba project and Microsoft can continue to engage in future ubiquitous high performance remote storage.
Tom Talpey
(Microsoft)
11:00 am - 11:45 am

Fixing a mess: Symlinks and security

Recently a security bug was fixed in Samba that had its origin in the very design of Samba and POSIX itself. This talk will discuss what the problem was, how it was addressed, and how to avoid such problems in the future when creating SMB3 UNIX extensions.
Jeremy Allison
(Google / Samba Team)
11:45 am - 1:00 pm

Lunch

1:00 pm - 1:45 pmTrack 1

Pushing the Boundaries of SMB3: Status of the Linux kernel client and interoperability with Samba

With continued progress in the Linux kernel client (cifs.ko), interoperability has improved, and key SMB3 features such as per-share encryption and snapshots are now fully supported in the kernel client. The Linux kernel client also has dramatically improved performance of asynchronous I/O which enhances the speed of file transfers to Samba and other SMB3 servers. This paper will discuss the recent progress in the SMB3 kernel client for Linux and the state of interoperability with Samba and Windows servers.
Steven French
(Samba Team)
1:00 pm - 1:45 pmTrack 2

Samba, quo vadis?

In the opening session to last year's Samba XP conference, Jeremy Allison stated that "the [Samba] project does need to consider the use of other, safer languages". This talk investigates a number of modern languages that would be contenders for use in the Samba project: Python 3, Rust, and Go. In order to realistically evaluate the usability of the respective languages, a network service is implemented that provides a Kerberos Key Distribution Center Proxy (KKDCP) protocol server. The KKDCP protocol is a method to allow clients to contact a Kerberos KDC server over the internet using a Kerberos message encapsulated in an HTTP(S) POST request to a KKDCP server which relays the request to an appropriate KDC. The KKDCP server then relays the KDC's response back to the client. The example project is to implement a KKDCP server using concurrent programming techniques, while following the respective language's standards regarding testing and documentation. The implementations in the different languages are then benchmarked for performance and compared regarding their ease of implementation. This talk will give a first look at contenders for a possible new language to write Samba code in.
Kai Blin
(Samba Team)
1:45 pm - 2:30 pmTrack 1

Windows Search Protocol recap & update

An introduction/recap of the windows search protocol and the work in progress samba implementation. The talk will describe the current server implementation, outline some of the problems encountered and existing issues and some of the features currently implemented. Additionally the talk will introduce the new client implementation.
Jim McDonough
(SUSE /Samba Team)
1:45 pm - 2:30 pmTrack 2

Samba and Python 3

About 7% of Samba's codebase is written in Python -- in Python 2, for which extended upstream support will end in 2020. We are working on patches to port Samba to Python 3 well before that date. We will explain why a backwards incompatible version of Python was created, highlight the major changes, and debunk some myths concerning Python 3, in relation to Samba and C developers. Also, we will discuss the porting strategy we chose for Samba, and compare it with other possible approaches and upstream recommendations.
Petr Viktorin
(Red Hat)
2:30 pm - 2:45 pm

Break

2:45 pm - 3:30 pmTrack 1

Something must be done

...or how I learned to love perf. Analyzing and improving fileserver performance for small file copy workloads and directory enumeration in clustered Samba.
Ralph Böhme
(SerNet / Samba Team)
2:45 pm - 3:30 pmTrack 2

CTDB remix – 1st movement – dreaming the fantasy

CTDB development has been fraught with many pitfalls owing to its organically evolved, monolithic code base. The only reasonable way forward seemed to split the code into multiple daemons to make the code manageable. After addition of more than 30,000 lines of code creating new abstractions, separating protocol marshalling and re-implementing the client API, the dream of splitting CTDB daemon code seems closer than ever. The most important aspect of CTDB is the clustered database used by Samba. Today CTDB also does cluster management, IP failover and service management. These functions can be taken out and potentially be replaced with something else. This talk will present a new design that will be sculpted incrementally. Over past few years, small bits of code have been split into separate helpers like the lock helper. The client API re-implementation has enabled us to split recovery and takeover helpers. Addition of new abstractions helped split code that is long-lived like the event daemon. The next steps will be laying the foundations for the new design to emerge.
Amitay Isaacs
(IBM Australia / Samba Team)
3:30 pm - 4:15 pmTrack 1

Measuring Samba performance

To make Samba faster we need to understand why it is slow. To help with this we have developed tools that rest on top of the Samba self-test framework and Linux perf and tracing frameworks. Using a variety of munging and visualization scripts, we can see Samba performance changes across versions and under various workloads. These tools can be turned to any part of Samba, testing workloads of varying degrees of artifice, by writing new tests or borrowing existing ones from the self-test framework.
Douglas Bagnall
(Catalyst IT)
3:30 pm - 4:15 pmTrack 2

CTDB remix – 2nd movement – designing the reality

CTDB development has been fraught with many pitfalls owing to its organically evolved, monolithic code base. The only reasonable way forward seemed to split the code into multiple daemons to make the code manageable. After addition of more than 30,000 lines of code creating new abstractions, separating protocol marshalling and re-implementing the client API, the dream of splitting CTDB daemon code seems closer than ever. There have been questions whether CTDB can be used with a 3rd party cluster manager such as etcd. Similar questions have been asked about integration with 3rd party high availability and load balancing tools. To achieve such integration, CTDB will move towards a set of loosely coupled, separate deamons for cluster management, failover and service management. Glue will be needed so that 3rd party tools can be integrated in a way that satisfies some simple assumptions that CTDB needs to make. Though some services, such as NFS Ganesha's lock management, introduce challenges to the loose coupling, this plan looks to be achievable. If we can get there then we can leave a slim clustered database to help achieve highly scalable clustered Samba.
Martin Schwenke
(IBM Australia / Samba Team)
4:15 pm - 4:30 pm

Break

04:30 pm - 05:15 pmTrack 1

New printing protocols in Samba

For a long time Samba's printing support remained relatively unchanged and was based on features that were present already since the release of Windows 2000. Just recently it became necessary to start adding more modern printing features to Samba as Windows clients start depending on them. The required changes include support for the "Print System Asynchronous Remote Protocol" (PAR). With the addition of this DCE/RPC protocol, Samba can then finally provide support for Printer Driver Packages including security signatures. The talk will discuss the interesting challenges we met while implementing the PAR protocol.
Günther Deschner
(Red Hat / Samba Team)
04:30 pm - 05:15 pmTrack 2

Samba at Scale: 100,000 user AD Domains

As Samba use grows, so does the use of Samba at large organizations. Recent performance work has taken Samba from a scale at around 10,000 - 20,000 objects to happily operating at the 100,000 object scale. Samba 4.5 and 4.6 brings significant improvement in our scale, to around 30,000 users, and this talk will look at how we got there, share some war stories along the way, and what have done for Samba 4.7, where we expect to be at the 100,000 size and beyond. We will look at what worked, but also the 'obvious' things that should have helped, but actually didn't. For example, while many suggested replacing our database layer, one quite ambitious project (the OpenLDAP backend) never got beyond prototypes, and another (using LMDB) showed little advantage until the major overriding issues were first addressed. We will take a look at the tools we found most helpful - linux perf and the FlameGraphs project in particular, and the issues they illuminated. For example, we found that no matter how much we might hope, using unlikely() still doesn't mean the branch is free! The talk will advocate for incremental, rather than fundmental rewrites of badly performing code, celebrate the victories so
Andrew Bartlett
(Catalyst / Samba Team)
7:00 pm - open

Social Event

Shuttlebuses will be waiting for you at 6:00 pm & 6:15 pm in front of the hotel. Return to conference hotel with shuttlebuses at 10:00 pm and 11:00 pm. (Location: proOffice, Groner Str. 17c / Düstere Str. 20, 37073 Göttingen)
9:00 am - 9:45 amTrack 1

Distributed Filesystem (DFS) in cifs.ko: what’s new and ideas for future improvements

The cifs kernel module recently got DFS (Distributed Filesystem) support for SMB2 and above. This talk will be brief introduction to DFS and overview of how cifs.ko works, what changes were needed for this new feature and finally what can be improved from there.
Aurélien Aptel
(SUSE)
9:00 am - 9:45 amTrack 2

Global Catalog implementation in FreeIPA

FreeIPA supports forest trust to Active Directory with the help of Samba and a number of plugins to 389-ds directory server. Forest trust implementation in FreeIPA allows for efficient use of FreeIPA resources when majority of users and groups are defined in Active Directory. It does not allow, however, to get access to Active Directory resources to users defined in FreeIPA. In the talk I'll explain how implementation of a Global Catalog service in FreeIPA enables access to Windows-based environments for users defined in FreeIPA.
Alexander Bokovoy
(FreeIPA / Red Hat / Samba Team)
9:45 am - 10:30 amTrack 1

Samba KCC: Saying No to Full-Mesh Replication

With Samba 4.5, the new site-aware Samba Knowledge Consistency Checker (KCC) has been turned on by default. Instead of using full mesh replication between every DC, the KCC will set up connections to optimize replication latency and cost (using site links to calculate the routes). Although there is more effort required in establishing effective site topologies, it has enabled users to create larger and more distributed networks without any of the previous replication penalties. It has also meant that Samba AD can be aware of particular details of a network (such as satellite links or certain firewall restrictions) to ensure that information flows through the network in a reasonable way. The aim is to look at how sites in AD generally work, what role the KCC performs, and what implications this new feature has on a range of different networks.
Garming Sam
(Catalyst IT)
9:45 am - 10:30 amTrack 2

Samba AD for the Enterprise

After several years of development Samba 4.7 will ship with Samba AD using MIT Kerberos for the KDC. This will make it possible for Enterprise distributions to provide packages and a secure AD environment. The talk will give some details why it took so long and show the features which will be available with the first release.
Andreas Schneider
(Red Hat / Samba Team)
10:30 am - 10:45 am

Break

10:45 am - 11:30 amTrack 1

Can we Fake a Failover?

Samba does not (yet) provide support for Continuous Availability. That is, Samba doesn't support Persistent Handles. Samba does, however, provide support for Durable Handles, which are designed to survive short network outages that disrupt the TCP connection between client and server. Samba also exposes Durable Handle support via the VFS layer. So... what if we could take that support for Durable Handles and turn it into something more? Can we use Durable Handles to survive a failover situation? Can we maintain Durable Handle state across a cluster, and move an IP address from a failed server node fast enough to fool the client? The Samba Team has a history of innovating with the tight confines of the SMB protocol. This presentation will explore the possibility, explain what could be done with such a feature, what needs to be done to make it work, and how that may inform further development of cluster support.
Christopher Hertel
(Samba Team)
10:45 am - 11:30 amTrack 2

The Important Details Of Windows Authentication

This talk gives an overview about the authentication protocols implemented in Samba, e.g. Kerberos, NTLMSSP and Netlogon Secure Channel. What are the missing new pieces in Windows 2012(R2) and 2016 active directory domains. The limitations the protocols give, especially in respect to trusts. The difference between the different trust types.
Stefan Metzmacher
(SerNet / Samba Team)
11:30 am - 12:15 pmTrack 1

How to write a Samba VFS module

Writing a correct Samba VFS module has been more of a black art than a science. This talk, part tutorial, will cover the basics on getting started in writing a VFS module suitable for upstreaming into Samba, and how to keep it up to date as the Samba VFS evolves and changes.
Jeremy Allison
(Google / Samba Team)
11:30 am - 12:15 pmTrack 2

Samba Group Policy for AD DC

Group Policy is an essential component of an AD DC. This presentation will discuss the design details of a GPO implementation started by a GSoC project. Future work will include better testing, more settings, such as Kerberos Policies, and GPO creation. Will also discuss the possibility of User policy application and reading various vendor GPO implementations.
David Mulder
(SUSE)
12:15 pm - 1:00 pm

Lunch

1:00 pm - 1:45 pm

Is Samba 4 AD Ready for Global Enterprise?

Indeed has over 5,000 employees in over 20 offices on 5 continents and solely uses Samba for its Active Directory implementation. Samba serves all network authentication in all of our offices as well as our VPN. Numerous applications and 3rd party services have integrated naturally with Samba and it's adoption at Inded is growing. However, this was not always the case. Deploying Samba at scale has not been without its challenges! Our success story with Samba is deeply tied to the continued development by the Samba Team and the open source community. Starting as an intern project in 2013, a Samba 4.0.8 domain was provisioned as a test for domain logon and group policy. That success started a rapid rollout of Samba DCs which lead us to encountering the performance problems of a fully meshed replication topology. KCC changes introduced in Samba 4.3 and furthered in 4.4 helped us scale the number of sites and DCs we could effectively support. As Indeed continued to grow, so did our database of users and groups. Despite being able to reduce the number of replication partners, the amount of time spent in replication with a single partner began to impact timely authentication. Tombstones, deleted
Kevin Kunkel
(Indeed, Inc.)
1:45 pm - 2:30 pm

Playing with domains not the Windows way

SaMBa is a perfect example of the technical superiority of Free Software. With SaMBa, you have a fifth freedom, the one to serve your network better with less effort. We want to share with you our experience of how you can put to use the inner workings of SaMBa-AD to your best advantage, and how easy it is with SaMBa to merge domains, rename domains, modify domain objects, etc. Here python and LDB are kings and queens. That's the server part to reorganizing your domain. Then there is the client part to reorganizing your domain : SID / profile migration, domain join, etc. That's why we want to show you SaMBa-AD's best companion, WAPT. WAPT is Robin when SaMBa is Batman. WAPT, developed by Tranquil IT Systems is apt-get for Windows, a software deployment and configuration management tool for Windows platforms. SaMBa-AD, combined with the use of WAPT, gives superhero powers to system administrators to manage effectively their domains and networks.
Denis Cardon
(TRANQUIL IT SYSTEMS)
2:30 pm - 2:45 pm

Break

2:45 pm - 3:30 pm

SMB3 and Clustering – A discussion

Samba/CTDB has been providing clustered file services for over a decade. Microsoft introduced it's own take on clustered file services via SMB3. To support Microsoft style clustered file services or cluster-aware clients, Samba needs to implement SMB3 features like persistent file handles, witness protocol etc. This talk invites Samba developers to a discussion on following topics:
  • Failover in Samba/CTDB cluster versus Microsoft cluster
  • Witness support for cluster-aware clients
  • Persistent file handles in Clustered Samba
Amitay Isaacs
(IBM Australia / Samba Team)
3:30 pm - 4:30 pm

Panel Discussion

Slides of the talks: https://sambaxp.org/archive_data/

Audio recordings will be avaible soon.

Program Committee

Chairman of the 16th samba eXPerience conference was Jeremy Allison – one of the founding members of the Samba Team.

The program of talks and other contributions was supervised by the program committee:

  • Jens-Peter Akelbein, University of Darmstadt
  • Jeremy Allison, Google
  • Stefan Kania, author
  • Sven Oehme, IBM
  • Thomas Pfenning, Microsoft
  • Karolin Seeger, SerNet

Local Organizing Committee

The local organizing committee (LOC) is responsible for all activities during the conference:

  • Ms. Dr. Chen-Yu Lin, SerNet
  • Mr. Dr. Johannes Loxen, SerNet

Do not hesitate to contact them via loc@sambaxp.org.

Venue

Hotel FREIZEIT IN

Dransfelder Straße 3
37079 Göttingen, Germany

Tel: +49 551 9001-0
Fax: +49 551 9001-100
E-Mail: info@freizeit-in.de

Get Direction Room

Contact

sambaXP is organized by SerNet:

SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen
Germany

phone: +49 551 370000-0
email: contact@sernet.de

everything that matters sambaXP:

phone: +49 551 370000-0
e-mail: loc@sambaxp.org

Imprint
sambaXP