s the culmination of ten years' work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. LDAP, Kerberos, DNS, and all other essential services that are required for Active Directory are natively supported by Samba4. Samba4 doesn't have only Active Directory functions, but it has also many other incredible features like smb3 protocol implementation, ctdb (cluster) functionality and much more. The presentation will describe the supported scenarios of Samba 4 as an Active Directory DC and also, discusses the developments in the File Server, in particular the components of SMB2, SMB3 and CTDB.

1. Beolink.org!
SAMBA 4
Fabrizio Manfredi Furuholmen
"

2. Beolink.org!
Froscon 2013"
2"
Agenda
§ Introduction
§ Samba 4
§ Goals
§ Active Directory
§ SMB 2.X/3
§ CTDB
§ Overview
§ Samba
§ ecosystem

3. Beolink.org!Introduction
Froscon 2013"
3"
What is Samba ?!

4. Beolink.org!Introduction
Froscon 2013"
4"

5. Beolink.org!Introduction
Froscon 2013"
5"
Samba provide secure, stable and fast file and
print services for all clients using the SMB/CIFS
protocol, such as all versions of DOS and
Windows, OS/2, Linux and many others…"

6. Beolink.org!Introduction
Froscon 2013"
6"
q Andrew Tridgell developed the first version of Samba Unix in December
1991 and January 1992"
q Tridgell released "netbios for unix", nbserver, version 1.5 in December 1993."
q Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter
being released in January 1995. "
q May 1996 to mark the birth of the Samba Team"
q Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001."
q Version 3.0.0, released on 23 September 2003,"
q Version 4.0.0, started in November 2003,"
q Version 3.1.0 released September 2004"
"
q Version 3.2.0 was released on 1 July 2008"
q Version 3.3.0 was released on 1 January 2009"
q Version 3.4.0 was released on 3 july 2009"
q Version 3.5.0 was released 1 March 2010."
q Version 3.6.0 was released on 9 August 2011. "
"
"
Samba Release Planning from 2008"
• nine months fully supported,"
• another nine months in the maintenance mode,"
• nine months in the security fixes only mode. "
"
In total, each series is maintained for a period of
approximately 27 months. "

7. Beolink.org!Introduction
Froscon 2013"
7"
Is Samba a dead project ?!
"
Some stats:"
q 4801 commits last year "
(7286 in 2011, and 10290 in 2010)"
"
q 72 unique contributors"
q 550K lines changed (down from
770K)"
q 1602 patches were reviewed"
"

8. Beolink.org!Introduction
Froscon 2013"
8"

9. Beolink.org!Introduction: Samba usage
Froscon 2013"
9"
Domestic Storage NAS"
All in one Appliance"
No i386 hw"
Heterogeneous env"
High performance "
Fanatic"
No money.."
"
Few small business"
Few installation for office
automation "
Small/
embedded"
XXL Env"
$"

10. Beolink.org!Samba4: Goals
Froscon 2013"
10"
“The basic goals of Samba4 are quite ambitious, but
achievable: "
protocol completeness "
extreme testability "
non-POSIXbackends "
fully asynchronous internals "
flexible process models "
auto-generated RPC infrastructure "
flexible database architecture"
“"
"
Andrew Tridgell From sambaxp 2004!

11. Beolink.org!Samba4
Froscon 2013"
11"
…and Version 4.0
was released on
December 11,
2012…"

12. Beolink.org!Samba4
Froscon 2013"
12"
AD!
SMB2.x/3!
Highly asynchronous!
Simplicity!
Security (Coverity) !
Many other improvements!

13. Beolink.org!
9/4/13"
13"
Powerful Identity Management (for Free)"
Introduction: Samba4 AD
Identity"
Users"
Authentications"
Systems"Groups"
Policies"
LDAP storage (extensibile)!
Kerberos!
DNS (update)"
Group Policies!

14. Beolink.org!Samba4: Simple
Froscon 2013"
14"
Everything is inside" Only a few steps"
Migration scripts/
python lib"
MMC interoperation"
Simple to
deploy!

15. Beolink.org!Samba4: demo
Froscon 2013"
15"
Are you sure … do you want to see a demo ?"

16. Beolink.org!Samba4: AD features
Froscon 2013"
16"
AD:!
• forests: 1, domains: 1, domain
controllers: 1"
• Trusts: Samba can be trusted"
• Samba can not trust"
Replication:!
• directory replication works"
• sysvol replication :Not implemented yet"
• multiple Samba DCs possible (sysvol
replicated externally)"
Samba4.1comingsoon!

17. Beolink.org!SMB 2.x
Froscon 2013"
17"
SMB (Server Message Block) is a remote file protocol!
In the 2007 was released the smb 2.x, it was the first major
redesign of SMB since 1997 (or 1987)!
q Reduced complexity, going from over 100 commands and subcommands to just"
q Request compounding, which allows multiple SMB requests to be sent as a single
network request "
q Larger reads and writes make better use of faster networks, even with high latency "
q Caching of folder and file properties, where clients keeps local copy of information on
folders and files "
q Durable handles allow an SMB2 connection to transparently reconnect to the server if
there is a temporary loss of network connectivity "
q Message signing improved (HMAC SHA-256 replaces MD5 as hashing algorithm) and
configuration/interoperability issues simplified"
q Improved scalability for file sharing (number of users, shares and open files per server
greatly increased)"
q Extension mechanism (for instance, create context or variable offsets)"
q Support for symbolic links!
q …!

18. Beolink.org!SMB 2
Froscon 2013"
18"
File Copy performance
seen in the"
real world much faster
than SMB1"
"
q Up to ~45x throughput
for WAN"
q Up to 2-10x
throughput for LAN"
Transparent caching!
LAN!

19. Beolink.org!SMB 2
Froscon 2013"
19"

20. Beolink.org!SMB 3
Froscon 2013"
20"
SMB3!
!
!
With windows server 2012 and
windows 8, the smb reached the
version 3 (aka 2.2)"
q Availability "
q SMB Transparent Failover"
q SMB Multichannel"
q …."
q Scale Out"
q SMB Direct (RDMA)"
q Directory Leasing"
q BranchCache™ V2"
q Backup"
q VSS for SMB File Shares"
q Security "
q SMB Encryption –AES-CCM"
q Signing -AES-CMAC"
q Management"

21. Beolink.org!SMB 3
Froscon 2013"
21"
Ethernet10Gb"Infiniband32Gb"Infiniband54Gb"
http://Smb3.info"
The new futures are for:!
q Central storage "
q Virtualization infrastructure"
"

22. Beolink.org!Samba4: SMB 2.2/3
Froscon 2013"
22"
"SMB2 is superfast, increases
security, and improves
Windows compatibility.” by Apple"

23. Beolink.org!Samba4: I forgot to tell you…
Froscon 2013"
23"
"
Samba4:"
• Active Directory Compatible
Sever (AD/DC)"
• daemon "samba”"
• integrated LDAP server"
• integrated Kerberos server
(heimdal)"
• intergrated DNS server (or
external bind)"
Samba3"
• Standalone and domain member
Iaemons smbd, nmbd,
winbindd(4)"
• SMB 2.0 now complete with
durable hanldes"
• partial SMB 2.1 support with
Multi-Credit"
• basic SMB 3.0 support"
Franky(Samba4)!

24. Beolink.org!Samba4: Fileserver
Froscon 2013"
24"
S3fs is the name that has been
given to a development effort to make
possible the agreed default file server
configuration for Samba 4.0 as an AD
Domain controller."
q Samba 3 file server "
q SMB 3 implementation"
"
Ntvfs, used Samba 4.x alpha series"
q Early SMB2 support."
q Native filesystem"
"
To communicate between the smbd
process that handles file sharing and
the DCE/RPC server, all the SMB
named pipe operations are
converted into operations on a unix
domain socket. (Franky Project)"

25. Beolink.org!CTDB
25"
SambaXP 2013"
Samba Server "
DoYouthinkisitenough!
oneSamba?!
Cluster Filesystem!

26. Beolink.org!Samba4: Cluster problem
Froscon 2013"
26"
Sharing the data!
"
Session!
q IPC: messaging (messages.tdb and signals)"
q IPC: share volatile session data:"
q SMB sessions (sessionid.tdb)"
q share connections (connections.tdb)"
q share modes (locking.tdb)"
q byte range locks (brlock.tdb)"
Persistent!
q user database (passdb.tdb)"
q domain join information (secrets.tdb)"
q id mapping tables (winbindd idmap.tdb)"
q registry (registry.tdb)"

27. Beolink.org!CTDB
27"
SambaXP 2013"

28. Beolink.org!CTDB
Froscon 2013"
28"
High Availability!
Each CTDB node is assigned two ip addresses, one
private that is tied to a physical node and is dedicated
to inter-CTDB traffic only and a second "public" ip
address which is the address where clustered services
such as SMB will bind to."
"
The CTDB cluster will ensure that when physical nodes
fail, the remaining nodes will temporarily take over the
public ip addresses of the failed nodes. "
"
Load distribution!
Load between the nodes base on round-robin DNS!
When a physical node takes over the public ip
address of a failed node it will first send out a few
Gratious, secondly the new node will also send a
few "tcp tickles" to ensure that all clients that have
established tcp connections to the failed node
immediately detects that the tcp connections have
terminated and needs to be recovered. "
http://www.samba.org/~obnox/presentations/sambaXP-2010/sambaxp-2010-tutorial-ctdb-handout.pdf"
https://wiki.samba.org/index.php/CTDB_Setup"

29. Beolink.org!CTDB: Performance
Froscon 2013"
29"
GPFS file system!
32 client smbtorture NBENCH test!
"
1 node: 109 MBytes/sec"
2 nodes: 210 MBytes/sec"
3 nodes: 278 MBytes/sec"
4 nodes: 308 MBytes/sec"
"
"
By Andrew Tridgell and Ronnie Sahlberg, Linux Conf Australia 2009"
"

30. Beolink.org!Samba4: Open platform
Froscon 2013"
30"
Samba"
RPC
Library "
VFS" Wrapper"
3rd
parties"
http://www.samba.org/samba/vendors/"

31. Beolink.org!Samba4: VFS
Froscon 2013"
31"
Stackable VFS (Virtual File System)!
Samba passes each request to access the UNIX file system through
the loaded VFS modules. This chapter covers the modules that come
with the Samba source and provides references to some external
modules."
q Disk/share/fs operations"
q Directory operations"
q File operations"
q NT ACL operations"
q POSIX ACL operations"
q EA operations"
q AIO operations "
q Offline operations"

32. Beolink.org!Samba4: VFS
Froscon 2013"
32"
http://sambaxp.org/fileadmin/user_upload/SambaXP2012-DATA/
thu/track2/Richard-Sharpe-Developing-Samba-VFS-Modules.pdf"

33. Beolink.org!
33"
Base on VFSX
VFSX is a transparent Samba
Virtual File System (VFS) module
which forwards operations to a
process on the same machine for
handing outside of the Samba
daemon process…!
SambaXP 2012"
Python Server!
"
… "
while True:"
msg = self.request.recv(512)"
if not msg: break"
log.debug(msg)"
# Handle message-parsing and operation execution error here."
# Socket communication errors should be propagated."
try:"
"(operation, user, origpath, args) = self.__parseMessage(msg)"
"result = self.__callOperation(operation, user, origpath, args)"
except Exception, e:"
"result = VFSOperationResult(FAIL_ERROR)"
"log.exception(e)"
self.request.send("%d" % result.status)"
"
# The client probably closed the connection."
self.request.close()"
log.debug("Close Connection”)"
"
def __parseMessage(self, msg):"
parts = msg.split(":")"
(operation, user, origpath) = parts[0:3]"
log.debug(" operation = '%s' user = '%s' origpath = '%s'" %"
" " "(operation, user, origpath))"
args = []"
if len(parts) > 3:"
"args = parts[3].split(",")"
"log.debug(" args = '%s'" % parts[3])"
return (operation, user, origpath, args)"
Example available to :"
http://sambaxp.org/fileadmin/user_upload/
SambaXP2012-DATA/thu/track2/Richard-Sharpe-
Developing-Samba-VFS-Modules.pdf"

34. Beolink.org!OpenChange
Froscon 2013"
34"
OpenChange is a portable Open Source
implementation of Microsoft Exchange server and
Exchange protocols. It provides a complete
solution to interoperate with Microsoft Outlook
clients or Microsoft Exchange servers. "
q Drop-In replacement"
q Interoperability with Microsoft Exchange Protocols"
q Native and transparent Microsoft Outlook support"
q Work on top of Samba Active Directory technology"
q Interface existing data storage backend"
"

35. Beolink.org!Linux Kernel module
Froscon 2013"
35"
"
Main Goals :!
q Local/Remote Transparency"
q Most applications shouldn't notice or care if on remote mount vs. ext4"
q Near perfect POSIX semantics to Samba servers (and those which "
q implement POSIX extensions) and best effort semantics to Windows and "
q other NAS filers"
q Fast, efficient, full function, secure method for accessing (from Linux) data "
q which lives on Windows servers or other NAS"
q As reliable as reasonably possible over bad networks"
q Be able to read and set not just file data but also all reasonably important "
q Windows metadata (for backup, archive, gateways and to help server "
q migration)"
"

36. Beolink.org!Linux Kernel module
Froscon 2013"
36"
Simple test:!
"
$ dd if=./ddtest.out of=/dev/null bs=1M"
"
Results: "
"
Unpatched 3.4-rc2 kernel -- rsize is always capped at 16k here: "
1073741824 bytes (1.1 GB) copied, 97.6394 s, 11.0 MB/s"
"
Patched 3.4-rc2 kernel – rsize=1M:"
1073741824 bytes (1.1 GB) copied, 9.89869 s, 108 MB/s"
"
Patched 3.4-rc2 – rsize=61440:"
1073741824 bytes (1.1 GB) copied, 13.4146 s, 80.0 MB/s"
"
"
"
*cifs_iovec_read now collects/issues (larger) asynchronous reads. Primarily of use when a "
share is mounted with forcedirectio, or strictcache and the client doesn't have an oplock for "
the file being (in 3.5. From Jeff Layton)"
"
"
"

37. Beolink.org!
37"
What is the future ?
SambaXP 2012"
It is difficult to make predictions,!
especially about the future….!

38. Beolink.org!Samba4: Result
Froscon 2013"
38"
Samba 4 integrates fully with
Active Directory, and you can
migrate an Active Directory
domain to Samba 4"

39. Beolink.org!Samba4: Warning
Froscon 2013"
39"
The use of older documentation
or mail list archives, especially
those that reference Samba4
“test” and “alpha” releases, is
strongly discouraged. "

40. Beolink.org!Samba4: Warning
Froscon 2013"
40"
If you are using an ext3 or ext4 filesystem on
Linux, you should ensure that the filesystem is
mounted with the user_xattr,acl,barrier=1
option. ."

41. Beolink.org!Samba4: SambaXP
Froscon 2013"
41"
The Samba eXPerience is the
international Samba conference for users and
developers. Meet the Samba Team and discuss
requirements, new features and get an update
on current developments! !
"
Göttingen, Germany "
www.sambaxp.org"
"

42. Beolink.org!!
Thank you
http://www.beolink.org
manfred.furuholmen@gmail.com
"