The SAMBA eXPerience 2019 took place from June 4th – 6th 2019 in Goettingen, Germany. It was the 18th international SAMBA conference for users and developers. Attendees met the SAMBA Team, discussed requirements, new features and got an update on current developments. Special thanks to the speakers, the sponsors and of course the participants. Once again you have made the conference an unforgettable event together!
The conference was organized by SerNet.
sambaXP 2020 will be announced soon!
The registration process of this conference is managed by XING Events, in particular ticket sales and payment handling. The purpose and scope of the data collection and the ongoing processing and use of data by XING Events as well as your rights in this regard and related setting options to protect your personal privacy are listed in the Privacy Policy of XING Events.
According to German law the place where the service is rendered is Goettingen, Germany, therefore value added tax must be paid under the German Added Tax Act (§ 3 a Abs. 2 Nr. 3 a Umsatzsteuergesetz.)
In this tutorial you will setup a trust between two active directory-domains. You will learn how to manage the trust and how to add users and groups from a trusted domain to a trusting domain.
Topics:
The release of Linux version 5 earlier this year, coincides with the "rebirth of SMB3" as the Linux SMB3 client has become the most active network/cluster file system with a wealth of new features and fixes added. Access to Samba, and the Cloud (e.g. Azure) and network storage from Linux is better than ever. Dramatically improved performance of large files access, especially with the integration of RDMA support (“SMB Direct” support), improved direct I/O support and also with many metadata and compounding optimizations which help access to large directories, especially in the cloud (like Azure Files).
In addition support for directory leases (and many other caching improvements) has also helped performance. The ability to do new workloads, more efficient compounding of complex operations for improved performance, changes to more easily recover from failures, improvements to DFS/Global Namespace support, improved metadata handling, many security enhancements, and changes to the default protocol dialects, have made this a great year for improvements to Linux's SMB3/SMB3.11 support. In addition, the POSIX extensions to the SMB3.11 protocol have greatly improved with testing over the past year, especially from Linux and Samba, and are leading to additional workloads being possible now over SMB3.11.
This presentation will demonstrate and describe some of the new features and progress over the past year in accessing Samba and also the cloud (Azure) via SMB3/SMB3.11 using Linux clients, as well as how to configure this optimally.
The team at Catalyst IT has been busy implementing quite a range of new features to Samba Active Directory. In doing so, there have been some unintended, but generally positive, consequences which have changed the way we have been developing new features. One such consequence has been from our new backup tools which has resulted in a huge improvement in our ability to test networks more reliably. Particularly at larger scales, it has made identifying performance issues significantly easier.
For users, these side-effects should also be appreciated like the potential for more reproducible lab networks, as we continue to build tools and features like Windows but a little differently (and maybe a little better).
This talk will go over some of the basics of the new backup and restore tools for AD domains, and cover some of the work that was done to make simple group policy objects (GPO) portable. It will also include some of the changes in how we have been doing testing and some of the impacts to the selftest system. Hopefully there'll be something interesting to everyone.
How Samba processes incoming pathnames is a black art, and very old code that has been developed over twenty years. Listen to one of the developers go through the pathname processing code, function by function and explain how and why it got to be this way, and what we can do about it. This talk will be of interest for Samba VFS developers as well as general SMB1/2/3 fileserver developers.
To the newcomer, Samba's command line user interface appears to be a haphazard jumble of scripts and binaries with options and design principles that fade in and out of use according to some esoteric pattern. The tools report back to the user with a eclectic mixture of python tracebacks, NT_STATUS error codes, and friendly messages that sometimes neglect to say what was attempted and if it worked.
To the expert it is actually worse, because in the time it took them to become an expert another layer of new functionality has settled over the UI. The expert realises there is no underlying principle--the interface just collects up like leaves in a drain--and memorises the minimal set of finger-patterns to get their job done.
Can we do better? Without breaking anybody's scripts and finger habits? Could samba-tool provide consistently useful feedback? Is automatic shell-completion possible? Can we get beyond a simple text UI without falling into a horrific expanse of GTK checkboxes or web based graph visualisations?
Some of these questions might be answered.
What can be achieved, in terms performance and reliability, by isolating SMB3 message marshalling and unmarshalling into a separate layer? This talk will describe experimentation with a low-level SMB2/3 message handling engine.
Managing AD via terminal commands can be alien to many Windows users and admins, so providing them with familiar tools could ease their transition. This talk will demonstrate new GUI tools, which can run via either qt in a graphical environment, or also via ncurses in the terminal, which simplify the administration of users and groups in an AD domain. These tools emulate the familiar ADUC and ADSI tools in a Windows environment.
CIFSD is a new SMB server implementation for the Linux kernel, intended to provide higher performance than user-space analogues. This talk will start with a brief introduction to CIFSD architecture (high level) and its main design goals: outline components, their responsibilities and communication protocols. In the second part of the talk we will focus on current state of affairs and our future development plans.
Samba 4.10 is the first release to support Python3 (and also Python2)
The talk will cover
Where is that file when you need it? This presentation will give an overview of the current status of macOS Spotlight support in Samba with a brief detour on Microsoft WSP and an outlook on the ongoing work to replace the current search backend Gnome Tracker with something more scalable: Elasticsearch.
will be announced at the conference
On the way to Samba 4.0 a more feature-complete DCE/RPC server was designed and implemented which allows asynchronous execution, a fundamental requirement for some services such as the witness protocol.
This talk will present an approach to DCE/RPC server reunification where the server core has been extracted from the samba4 implementation and a new PIDL compiler class generates code able to invoke samba3 RPC interfaces implementations.
The topics will cover the dissection of the DCE/RPC server to present the components that compose it, the analysis of the initialization to identify the parts that can not be shared, the execution of the common processing loop, the new PIDL compiler class and finally some problems such as the local dispatching (rpcint vs irpc binding handles) and how they have been solved.
In this talk the speaker will give an overview of the existing tools to help debug SMB issues (smbcmp, smblog-mode,wireshark, ...) and some of their recent new features.
With Samba 4.10 and older versions, Samba is currently implementing its own cryptography primitives for commonly used ciphers and hashes(AES, RC4, SHA-1/SHA-2, MD4 and MD5). Writing cryptographic functions is not that hard, you do not even need to understand the math behind a cryptographic primitive you want to implement to be able to construct a set of functions that correctly encrypts and decrypts a ciphertext.
Cryptographers keep saying you should not implement your own crypto. History of Samba shows why it is indeed a sensible suggestion to anyone.We look into why we implemented our own crypto primitives and why it was a bad idea.
This talk will explain the benefits of moving to a proper crypto library for an open source project implementing a complex network-facing protocol set. We also will look into how this helps us to become a predictable code base to be able to pass a FIPS 140-2 certification.
Adding SMB3 multichannel as a fully supported feature to the Samba SMB server has been a long and difficult journey. Not only some aspects of the protocol regarding oplocks and leases needed to be properly
researched and tested - also the implementation design needed to be adapted to the way SMB clusters are run with CTDB. The talk will give an update to the completeness of the multichannel feature and also explore other aspects of clustered SMB with Samba and CTDB using the Gluster filesystem.
In the Microsoft world, AD is well established as "the only" source of identity information for workstations and servers. However, in the opensource world, we have a variety of artisinal solutions to identity management, every one with pros, cons, complexities and hurdles. Sadly as a result, almost no business gets the arcane system right, and wide issues exist.
We want our Linux and BSD machines to "just work" in the same way that Windows "just works" with AD. But surely this is a dream? I'll explore the current changing landscape of services and authentication in opensource and application deployment. From there I will talk about the ways that Samba 4 can be turned into the default LDAP server for use in opensource environments. Finally I'll talk about the future of applications and how Samba 4 could step up to be the default directory server in any environment.
This presentation will provide details of improvements to CTDB's testing infrastructure and to Autocluster.
CTDB's test suite was created in an ad hoc manner to run a limited range of test cases. This included running multiple "local daemons" to allow CTDB's clustering, messaging and database capabilities to be tested. As more test cases appeared, the local daemons functionality was extended in more ad hoc ways, but was still embedded in the "simple" test suite. The "local daemons" support was recently extracted into a standalone script that relies on CTDB's test mode. While this is still used by the "simple" test suite, it can also be used for standalone debugging and could be integrated into Samba's autobuild to test some Clustered Samba capabilities.
Autocluster is a tool for generating virtual clusters for testing Clustered Samba. It has now been rewritten as a small Python script that reads configuration from a YAML file, creates a cluster with Vagrant and configures it with Ansible. As a result it is now about 5.5K lines smaller and much more maintainable.
In the third talk talk of the quest to get a more modern programming language supported in Samba we are re-visiting the re-visit to finally get it right (tm).
Last year, we saw a proof of principle project implementing a DNS-like protocol in Rust, and then using the server-side parser for it from a C server providing the rest of the business logic. When the time came to figure out how to handle memory ownership between C and Rust functions, my solution was to implement a Rust wrapper to Samba's Talloc memory management library and keeping the C process in charge of all allocated memory. This turned out to be an unpopular design decision.
So this time around we'll stick to handling the Rust-allocated memory in Rust while giving the project another go. In addition, the talk gives an overview of the current state of automatic C binding generation from Rust and other features relevant for integrating Rust into a real world project.
This is a report on the status of CTDB, similar to that presented at recent SambaXP conferences.
We will review design and associated plans, including those presented at SambaXP 2018 - some of those still aren't in a release. We will discuss how the design as evolved over time and the summarise the current state of the design, including protocol, transport, messaging and use of sockets.
The circumstances of CTDB's lead developers have changed, so there is less time available for development. We will discuss the consequences of these changes, including some musings about competing philosophies for achieving our design and implementation goals.
New requirements appear, so are worthy of mention. This will include the SMB Witness Protocol and some potential database performance optimisations.
We will close by discussing some long term goals for CTDB.
A protocol level deep dive into how Windows Hello Authentication works.
For SMB3 (and Samba) to be used even more broadly, it is critical to improve the experience of Linux users (running POSIX applications). The SMB3 POSIX Extensions, a set of protocol extensions to allow for optimal Linux and Unix interoperability with Samba, NAS and Cloud file servers, have greatly improved with feedback and test results from expermental implementations in Samba and now merged into the Linux kernel. These
extensions address various compatibility problems for Linux and Unix clients (such as case sensitivity, locking, delete semantics and mode bits among others). This presentation will review the state of the protocol extensions, what was learned in the implementations in Samba and also in the Linux kernel (including from running exhaustive Linux file system functional tests to try to better match local file system
behavior over SMB3 mounts) and what it means for real applications.
With the deprecation of older less secure dialects like CIFS (which had standardized POSIX Extensions documented by SNIA), these SMB3 POSIX Extensions are urgently needed to be more broadly deployed to avoid functional or security problems and to optimally access Samba from Linux.
"They did not know it was impossible so they did it" had written Mark TWAIN. This quote is such a perfect fit for the French Ministry of Culture.
In this talk, we want to tell you about the tools and methods that Tranquil IT used to merge 170 Samba3-NT4 domains into 1 Samba-AD domain for 8000 users quickly and with very little manpower. Beside the most practical tool in IT which is loving your users, we'll show you how python scripts, Ansible, our tool WAPT, and Samba's legendary flexibility helped achieve that.
Along the way, we have improved security, upgraded all systems and normalized their network. That's one more happy client to put on Samba's scoreboard.
Andrew Bartlett will look back at the year since the introduction of GitLab in the Samba Team, first for CI and then also for merge requests, and then look forward to future opportunities to improve the Samba Development process.
Samba started to use GitLab, hosted at Gitlab.com in June 2018. Thiscame after a failed attempt to integrate GitHub with our workflow, but was motivated by the same desire: To make contributing to Samba easy for a new generation of Samba developers, as well as a pleasure for existing developers.
Chairman of the 18th samba eXPerience conference is Jeremy Allison – one of the founding members of the Samba Team.
The program of talks and other contributions is supervised by the program committee:
The local organizing committee (LOC) is responsible for all activities during the conference:
Do not hesitate to contact them via loc@sambaxp.org.
SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen
Germany
phone: +49 551 370000-0
email: contact@sernet.de
Managing Directors: Dr. Johannes Loxen, Reinhild Jung
Datenschutzerklärung / data protection declaration
phone: +49 551 370000-0
e-mail: loc@sambaxp.org
