NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Samba management
9 answers - 1171 bytes -
>Volker wrote:
>An API for managing Samba from my point of view depends on
>the model we use to store the configuration information.
>Yes, we could in theory save and restore the smb.conf as
>such, but this really heavily sucks, and it is nothing I
>would recommend. Yes, swat does it, but as already stated in
>this thread, swat sucks.
IMH, the management API does not depend on the config storing
implementation. It should hide the implementation details whether
it is stored in a smb.conf or in a registry.
I agree with Jeremy:
>Adding ejs to Samba3 is pointless (IMH). We need good
>management interfaces with scripting language bindings.
The most important step is to define this management API and to
implement it inside samba3. Exporting this API via rpc is secondary.
SWAT would be ok for the first consumer / to polish the API.
best regards
Mathias Dietz
Filesystem Center of Competence
Software Development Dept. A182
IBM Deutschland GmbH
E-Mail : MDietz (AT) de (DOT) ibm.comNo.1 | | 1525 bytes |
| 
PGP SIGNED MESSAGE
Hash: SHA1
Mathias Dietz wrote:
The most important step is to define this management API and to
implement it inside samba3. Exporting this API via rpc is secondary.
Sorry. I disagree. just to make this clear, I believe MS-RPC
*is* the API. Why reinvent the wheel? Maybe we'll need to
have client RPC over unix domain sockets for local.
So the question is how do you use RPC before Samba is up
and running? The answer is a simple provision script.
I mean very simple. Just enough to get the server up
and have a single account.
SWAT would be ok for the first consumer / to polish the API.
Pleaseno. We need an API that will get used. SWAT
has its fingers in everything and is just broken as a
management tool.
If you want to go this route, through swat away and start over.
Break it out as a separate project outside the Samba source tree.
Let it have a life of its own. Get UI people involved.
I'm willing to concede if proven wrong, but a language bindings
to a popular scripting language that can be used by admins and "make
test" will get you much more mileage.
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
VBiUzniX2E9E/o9gNvfNk=
=CErh
PGP SIGNATURENo.2 | | 1098 bytes |
| Wed, 2006-06-21 at 17:06 -0500, Gerald (Jerry) Carter wrote:
PGP SIGNED MESSAGE
Hash: SHA1
Mathias Dietz wrote:
The most important step is to define this management API and to
implement it inside samba3. Exporting this API via rpc is secondary.
Sorry. I disagree. just to make this clear, I believe MS-RPC
*is* the API. Why reinvent the wheel? Maybe we'll need to
have client RPC over unix domain sockets for local.
So the question is how do you use RPC before Samba is up
and running? The answer is a simple provision script.
I mean very simple. Just enough to get the server up
and have a single account.
SWAT would be ok for the first consumer / to polish the API.
Pleaseno. We need an API that will get used. SWAT
has its fingers in everything and is just broken as a
management tool.
Agreed. I'm all for ditching SWAT. There's an ocean of management tools
out there, both open source and proprietary. IMH, providing a rich
management interface for these is of more value than supporting SWAT.No.3 | | 1146 bytes |
| James Peach :
Wed, 2006-06-21 at 17:06 -0500, Gerald (Jerry) Carter wrote:
SWAT would be ok for the first consumer / to polish the API.
>Pleaseno. We need an API that will get used. SWAT has its
>fingers in everything and is just broken as a management tool.
Agreed. I'm all for ditching SWAT. There's an ocean of management
tools out there, both open source and proprietary. IMH, providing a
rich management interface for these is of more value than supporting
SWAT.
So, let me round up this discussion:
1. Reviving SWAT in Samba 3 is pointless.
2. Better to concentrate on API for external management tools
3. Such an API is actually a set of MSRPC interfaces, including registry
management
4. Encapsulating those interfaces into a sort of library and providing
its bindings for popular scripting languages (Perl, Python, etc) is seem
of better value.
5. Additionally, local operation via Unix socket is probably a good
thing as user of that library and probably will be subject to test via
'make test'.
Anything else?No.4 | | 824 bytes |
| Thu, Jun 22, 2006 at 02:20:37AM -0400, Dave Fenwick wrote:
With the library in place, bindings for Perl, Python, PHP, etc. would be
easily achievable. The API would probably end up looking a LT like the
Win32 API because, well, that's what we do. In fact, some 10 years ago,
I think this is a good point. The pipes that Windows does by
default are so rich, we only have to implement them more
fully. For the things that are not doable using what Windows
provides we could go via the registry or via some custom
pipe. This needs to be decided on a case-by-case basis, and
the smb.conf from my point of view fits quite well into the
registry model.
Volker
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
VHtTs8v+n/yfANo5tU=
=kkBm
PGP SIGNATURENo.5 | | 3855 bytes |
| The problem we've had with Samba up until Samba4 is that it just wasn't
ready for an API. I've been trying to find the right way to APIify (if
that's a word) Samba since 1995, but the code base has always been
pretty monolithic. There was also the considerable problem in Samba2
and Samba3 of having the scads of globals that were required in order to
make any lib functions work for any management interface. With the work
that you've all done in Samba4 to get the globals cut out of the
picture, and with contexts, an API is now workable.
I've given an awful lot of thought to this over the last many years, and
there really are multiple paths that can be taken. path is to
create the monolithic library like we did in Samba3 and let anyone call
functions within that library. However, I'm not sure that makes a lot
of sense from a management perspective. From a management perspective,
we need a set of generalized calls for things like creating a user,
creating a group, adding a specific service (file or print), querying
status of the existing services, stopping, restarting, etc.
We need to think of EJS just as another client of the Samba4 library and
not as the encompassing management strategy for Samba4. It'll be great
having some of those functions available directly in the distribution
(when they're done) but we should be looking for more than that. We
need a library that allows for separation of Samba4 functions from
delivery, as well as allowing for multiple delivery paths and delivery
data types to be used. For example, if we want to allow someone to
create an AJAX frontend for Samba4, we'd need to provide an HTTP
delivery mechanism for retrieving pieces from Samba4. In that
particular case, we could reuse the existing SWAT HTTP engine, but link
it to the library and provide secure URL transactions through it, with
delivery in XML, XHTML, or even proprietary data sets.
With the library in place, bindings for Perl, Python, PHP, etc. would be
easily achievable. The API would probably end up looking a LT like the
Win32 API because, well, that's what we do. In fact, some 10 years ago,
I had proposed doing a CRBA object engine for Samba, but it just wasn't
ready for it at the time.
I still have some of my old documentation as well as some code I put
together for Samba2 and Samba3 that I can pull back out of the dust.
Let me know how I can help.
-- Dave
Thu, 22 Jun 2006 09:46:08 +0400, "Alexander Bokovoy" <ab (AT) samba (DOT) org>
said:
James Peach пишет:
Wed, 2006-06-21 at 17:06 -0500, Gerald (Jerry) Carter wrote:
SWAT would be ok for the first consumer / to polish the API.
>Pleaseno. We need an API that will get used. SWAT has its
>fingers in everything and is just broken as a management tool.
Agreed. I'm all for ditching SWAT. There's an ocean of management
tools out there, both open source and proprietary. IMH, providing a
rich management interface for these is of more value than supporting
SWAT.
So, let me round up this discussion:
1. Reviving SWAT in Samba 3 is pointless.
2. Better to concentrate on API for external management tools
3. Such an API is actually a set of MSRPC interfaces, including registry
management
4. Encapsulating those interfaces into a sort of library and providing
its bindings for popular scripting languages (Perl, Python, etc) is seem
of better value.
5. Additionally, local operation via Unix socket is probably a good
thing as user of that library and probably will be subject to test via
'make test'.
Anything else?No.6 | | 849 bytes |
| Thu, Jun 22, 2006 at 09:46:08AM +0400, Alexander Bokovoy wrote:
5. Additionally, local operation via Unix socket is probably a good
thing as user of that library and probably will be subject to test via
'make test'.
'make test' could make use of the normal socket wrapper, so
the code as such would not need any additional socket layer
stuff.
It could be beneficial to provide a unix-permission
protected SMB server socket that would provide direct root
access without having to provide a password. If the "normal"
management tools that we as developers use go via that path
we would walk most of the code that external tools also
would use.
Volker
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
NFR0ri2XvcBg7LIDW4YvpTE=
=760F
PGP SIGNATURENo.7 | | 1048 bytes |
| 2006/6/22, Alexander Bokovoy <ab (AT) samba (DOT) org>:
James Peach :
So, let me round up this discussion:
1. Reviving SWAT in Samba 3 is pointless.
2. Better to concentrate on API for external management tools
3. Such an API is actually a set of MSRPC interfaces, including registry
management
I have read the discuss in this thread and by Volker Lendecke and
chetan on irc also.As I'm currently implementing a registry like
backend configuration in SC, I want to make sure is this clear.Ithink
that librpc in Samba 4 have already done the interface thins(haven't
read the code.). The registry and the management are two things.
Registry configuration holding parameters as smb.conf and provide
interface to access them(read/write).But the management part has more
logic things like if the user already exists when adding a new user?Is
the share writeable when give some user write permmisions?The registry
backend can only export simple interface help management.No.8 | | 2214 bytes |
| Thu, Jun 22, 2006 at 09:56:39PM +0800, Ming wrote:
I have read the discuss in this thread and by Volker Lendecke and
chetan on irc also.As I'm currently implementing a registry like
backend configuration in SC, I want to make sure is this clear.Ithink
that librpc in Samba 4 have already done the interface thins(haven't
read the code.). The registry and the management are two things.
Registry configuration holding parameters as smb.conf and provide
interface to access them(read/write).But the management part has more
logic things like if the user already exists when adding a new user?Is
the share writeable when give some user write permmisions?The registry
backend can only export simple interface help management.
For many management tasks the normal Windows RPC API already
provides good interfaces. Creating a new user is covered by
the SAMR interface for example, setting security descriptors
is another example. A very terse but quite complete
reference of what Windows already provides can be found in
the Samba4 source/librpc/idl subdirectory. User management
is in samr.idl, share management in srvsvc.idl and so on.
What we are talking about here is what the Windows RPC
interfaces can not provide because it does not have any
counterpart in the Windows world. There's tons of smb.conf
options that just don't make sense under Windows, 'store dos
attributes' would be one example here. This is where we have
to go beyond the native Windows functions. Creating a share
for example could be done via the srvsvc pipe, setting a
special per-share configuration option could then be done in
a special registry key that has magically popped up. for
example setting the unix-style login shell of a user could
also be done via some registry hack. So we would like to
build upon a quite rich API and provide backdoors via the
winreg pipe.
You are doing base infrastructure work for this by plugging
libelektra into this picture.
Volker
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
iNfJgb67PVCXlaipl72w=
=yJgi
PGP SIGNATURENo.9 | | 395 bytes |
| Thu, Jun 22, 2006 at 09:46:08AM +0400, Alexander Bokovoy wrote:
So, let me round up this discussion:
1. Reviving SWAT in Samba 3 is pointless.
I wouldn't say reviving - just let's not make it any worse :-).
There are people who happily use SWAT, and we shouldn't break
it for them, but it shouldn't be a development priority.
Jeremy.
QUESTION ON "Samba"
- Accessing home directories problem (XP Home Edition)
- Unable to cancel print-jobs with Samba+CUPS via WinXP
- change ldap passwd
- samba 3 using a mysql backend
- Second SAMBA Server different NETBIOS alias and sharesforClearCase
- User Manager for SWAT
- vl-messaging configuration readme
- SMB over UDP port 138
- samba3 nmbd and samba4wins simultaneously on multihomed host
- computer outside domain can access resource to inside
- AD code using private MIT krb5 routines
- Printer comments and other weirdness
- samba as a time server (newby question): time not updated
- Stange printer driver problem
- speed trouble ...
- Bug fix needs verification by guru
- smpasswd
- I have no winbind pipe!
- linux_set_kernel_oplock: Refused oplock on file. F_SETLEASEsemantic problem ?
- Problems with Samba 3.0.22 and Fedora Core 5 64 bits(Urgent, please)