SerNet. Samba Status Update. SNIA SDC 2011 Santa Clara, CA. Volker Lendecke SerNet Samba Team

Similar documents
SerNet. Async Programming in Samba. Linuxkongress Oktober Volker Lendecke SerNet Samba Team. Network Service in a Service Network

SDC EMEA 2019 Tel Aviv

The State of Samba (June 2011) Jeremy Allison Samba Team/Google Open Source Programs Office

SNIA SDC 2018 Santa Clara

CTDB + Samba: Scalable Network Storage For The Cloud. Storage Networking World Europe 2011

Clustered Samba Challenges and Directions. SDC 2016 Santa Clara

SDC 2015 Santa Clara

Samba. OpenLDAP Developer s Day. Volker Lendecke, Günther Deschner Samba Team

SMB2 and SMB3 in Samba: Durable File Handles and Beyond. sambaxp 2012

Implementing SMB2 in Samba. Opening Windows to a Wider. Jeremy Allison Samba Team/Google Open Source Programs Office

Samba 4 Status Report

FreeIPA Cross Forest Trusts

Clustering Samba With CTDB A Tutorial At sambaxp 2010

Clustering Samba With CTDB A Tutorial At sambaxp 2010

Gerald Carter Samba Team/HP

Clustered NAS For Everyone Clustering Samba With CTDB A Tutorial At sambaxp 2009

Samba4 Progress - March Andrew Tridgell Samba Team

Clustered NAS For Everyone Clustering Samba With CTDB. NLUUG Spring Conference 2009 File Systems and Storage

Samba in a cross protocol environment

The workstation account, netlogon schannel and credentials. SambaXP Volker Lendecke Samba Team / SerNet

DCERPC and Endpoint Mapper

Samba in Business. John H Terpstra

Samba4 Status - April Andrew Tridgell Samba Team

The CephFS Gateways Samba and NFS-Ganesha. David Disseldorp Supriti Singh

SMB3 Multi-Channel in Samba

Beyond the Horizon. What's after Samba 3.0? (Or is the earth really flat?)

HANDLING PERSISTENT PROBLEMS: PERSISTENT HANDLES IN SAMBA. Ira Cooper Tech Lead / Red Hat Storage SMB Team May 20, 2015 SambaXP

The Samba-3: Overview, Authentication, Integration

The Samba-3 Enchilada: Overview, Authentication, Integration

From an open storage solution to a clustered NAS appliance

PLAYING NICE WITH OTHERS: Samba HA with Pacemaker

Cross-realm trusts with FreeIPA v3

NFSv4.1 Using pnfs PRESENTATION TITLE GOES HERE. Presented by: Alex McDonald CTO Office, NetApp

IdMap and Nss Info Interface Changes in Samba

Clustered Samba Not just a hack any more

AutoRID module extensions to control ID generation

Running And Troubleshooting A Samba/CTDB Cluster. A Tutorial At sambaxp 2011

Developing Management Strategies and Tools for Samba. Jeffrey Bianchine

CIFS ON OPENVMS. Tips and Hints. Paul Bakker, Hans Hosang. Platform Integration Competency Center.

Linux CIFS client year in review: From Nocturnal Monster Puppies to Funky Weasels

Badlock. One Year In Security Hell. Stefan Metzmacher Samba Team / SerNet

Using samba base libraries SSSD as an example application

Windows Authentication With Multiple Domains and Forests

CTDB Remix - Dreaming the Fantasy

Scale-out Storage Solution and Challenges Mahadev Gaonkar igate

Keeping Up With The Linux Kernel. Marc Dionne AFS and Kerberos Workshop Pittsburgh

HP OpenVMS CIFS File Security and Management

Migration of NT4 to Samba-3

Simo Sorce Samba Team.

SUSE. High Performance Computing. Eduardo Diaz. Alberto Esteban. PreSales SUSE Linux Enterprise

IO110: Open Enterprise Server 2. Hardware you can hit with a hammer, software you can only curse at...

GLOBAL CATALOG SERVICE IMPLEMENTATION IN FREEIPA. Alexander Bokovoy Red Hat Inc. May 4th, 2017

Lorikeet Integrated Authentication

HPE Common Internet File System (CIFS) Server Release Notes Version B for HP-UX 11i v3

Setting Up SAMBA. And the response was: salmonberry samba sawtimber scramble. Thus, the name Samba was born.

Experiences in Clustering CIFS for IBM Scale Out Network Attached Storage (SONAS)

An NFS Replication Hierarchy

Microsoft SMB Looking Forward. Tom Talpey Microsoft

Implementing Persistent Handles in Samba. Ralph Böhme, Samba Team, SerNet

Centralized configuration management using registry tdb in a CTDB cluster

State of the Linux Kernel

Emulating Windows file serving on POSIX. Jeremy Allison Samba Team

Lustre A Platform for Intelligent Scale-Out Storage

The return of the vampires

COMMON INTERNET FILE SYSTEM PROXY

Andrew Bartlett Hawker College

Distributed Filesystem

Towards full NTFS semantics in Samba. Andrew Tridgell

Network-based File Sharing (1)

Stories of battles fought and won - SambaXP 2016

NFS around the world Tigran Mkrtchyan for dcache Team dcache User Workshop, Umeå, Sweden

Development Using Samba 4

Windows Authentication With Multiple Domains and Forests

HP CIFS Server Administrator's Guide Version A.03.01

Windows Authentication With Multiple Domains and Forests

HP CIFS Server Administrator Guide version A

How Scalable is your SMB?

SMB3: Bringing High Performance File Access to Linux: A Status Update. How do you use it? What works? What is coming soon?

Distributed Systems. Hajussüsteemid MTAT Distributed File Systems. (slides: adopted from Meelis Roos DS12 course) 1/25

Identity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect

SMB 2.1 & SMB 3 Protocol features, Status, Architecture, Implementation. Gordon Ross Nexenta Systems, Inc.

4. Note: This example has NFS version 3, but other settings such as NFS version 4 may also work better in some environments.

Samba-3: Integration and Cost Reduction

Building a Highly Scalable and Performant SMB Protocol Server

Open Source Storage. Ric Wheeler Architect & Senior Manager April 30, 2012

File Services. File Services at a Glance

Attempt To Configure Dhcp Server Failed With Error Code The Rpc Server Is Unavailable

70-647: Windows Server Enterprise Administration Course 01 Planning for Active Directory

Advances in the Samba Testsuite

System that permanently stores data Usually layered on top of a lower-level physical storage medium Divided into logical units called files

Change Schema Active Directory Password Mac Users Can't

Samba and Ceph. Release the Kraken! David Disseldorp

EMC Celerra CNS with CLARiiON Storage

SMB3 and Linux Seamless POSIX file serving. Jeremy Allison Samba Team.

Discover CephFS TECHNICAL REPORT SPONSORED BY. image vlastas, 123RF.com

BMC Remedyforce Discovery and Client Management. Frequently asked questions

GlusterFS and RHS for SysAdmins

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

Solving Linux File System Pain Points. Steve French Samba Team & Linux Kernel CIFS VFS maintainer Principal Software Engineer Azure Storage

ClearCase and Samba. A Supported Configuration. Lonnie Roscillo and Sue Meany. December 12, ClearCase Support Whitepaper

Transcription:

Samba Status Update SNIA SDC 2011 Santa Clara, CA Volker Lendecke SerNet Samba Team 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 1

Volker Lendecke Co-founder SerNet - Service Network GmbH Free Software as a successful business model Network Security for the industry and the public sector Samba-Support/Development in Germany Free Software for >20 years First patches to Samba in 1994 Consultant for industry in IT questions Co-founder emlix GmbH (Embedded Systems) 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 2

SerNet SLA based support for more than 650 customers network security for industrial and public customers firewalls, VPN, certificates, audits based on open standards wherever possible Support for many OS: Linux, Cisco IOS, Windows etc. Compliant with BSI Grundschutz and ISO 27001 and other international regulations 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 3

SerNet and Samba technological leadership of SerNet worldwide involved in almost every big European Samba project 5 out of 6 European developers work for SerNet SerNet distributes up-to-date Samba packages samba experience The international Samba conference > 150 developers & users from > 15 countries 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 4

What is Samba? Interoperability between Windows and Unix systems Most protocols Windows speaks today SMB (File Sharing), Printing, Browsing, Authentication Samba makes unix machines show up in Network Neighborhood Samba runs on most Unixes these days Main development platform is Linux Solaris, AIX, HP/UX, Stratus V/OS, Tru64, etc... 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 5

Samba 3 Stable version of Samba, production code Solid file and print server NT and Active Directory domain member NT4-compatible Domain Controller Security and access control model based on Unix Flexible posix-based VFS modules to change file access semantics Current version: 3.6.0 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 6

Samba 4 Started in 2003 by Andrew Tridgell as a new VFS system with the goal to support cluster file systems Complete re-write of Samba Target: 100% semantics of Windows Main feature today: Active Directory Domain controller Samba 4.0 will merge Samba 3 and Samba 4 code bases 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 7

Samba 3.6.0 Released Aug 9, 2011 SMB2 support Tighten security defaults (client uses ntlmv2 by default) Printer subsystem overhauled Internal use of RPC interfaces Winbind idmap configuration changed (again :-() Tons of bugfixes 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 8

Cluster support Clustering is still hot, several solutions being presented every year Several Posix-level cluster file systems available: GFS, OCFS2 GPFS, Panasas, CXFS, Isilon and many more NFS clustering is relatively easy on top of those SMB clustering puts very heavy demands on the cluster lock manager 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 9

CTDB None of the existing lock managers provided the semantics needed for CIFS clustering Samba requires locks with associated data, a big share of Samba is to implement the correct locking Many lock managers are much too slow Ctdb is the clustered tdb lock manager So ctdb is more like a complete HA solution Recent developments remove HA aspects for cooperation with existing HA suites 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 10

Cluster support Samba 3.2: First version with cluster support Fedora has ctdb and Samba cluster-aware To be shipped as part RHEL on top of GFS2 SUSE ships ctdb and Samba as part of SLES HA Ctdb.samba.org has all Samba-related component More cluster file system vendors working on it Make ping_pong.c work! 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 11

Current development CTDB is a full HA solution IP address management, service monitoring Service monitoring is moved out for cooperation with other HA solutions CTDB readonly locks / records Reading a huge file from different nodes sucks Brlock checks make records bounce on every read Multiple copies of brlock records will be available, pulled back on locking&x calls 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 12

SMB2 New protocol introduced with Windows Vista Basic SMB2 is semantically very similar to SMB1 Main call CreateFile is almost the same New protocol features added only to SMB2 Main advantage: Huge MS client improvements SMB1 abandoned 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 13

SMB2 in Samba First prototype implementation in Samba4 No docs available back then, so the client library and torture suite was done first to discover the protocol Samba 3.6 fully supports SMB2.0 Enabled with max protocol = smb2 Next: Durable file handles SMB2.1 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 14

RPC servers Samba has a home-grown RPC implementation All RPC servers are in-process and single threaded Large file servers suffer from memory footprint LSA, SAMR, WINREG etc take space in every smbd SPOOLSS possibly the worst memory hog Samba 3.6 can offload RPC traffic via Unix sockets Samba master can offload RPC to central daemons Smbd workers only do file and RPC transport 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 15

Printer subsystem overhauled Windows stores printer data in the registry Printer drivers assume the Registry data model ntprinters.tdb etc presented as registry Some printer drivers break because ntprinters can't store / and \ (yes, this is a bug :-)) Printer subsystem now uses the registry instead of faking it 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 16

Antivirus support samba-vscan not really supported Not in-tree due to GPL concerns (linking with proprietary libraries Scannedonly: Only show scanned files, external daemon: http://olivier.sessink.nl/scannedonly/ Open questions: Scan on read/write, scan on close after write? Asynchronous scanning? Standardized interface for GPL compliance 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 17

Async echo responder Some file system operations can be very slow Single threaded smbd sits in syscalls unlink(100gb file) can take ages Windows clients start to send SMBEcho async smb echo handler = yes Forks a process that responds to SMBEchos when the main worker smbd hangs Not required for SMB2, According to MS clients use TCP keepalives 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 18

Idmap autorid Idmap tdb: 1 tdb entry for each SID winbindd_idmap.tdb is a persistent tdb (slow!) Idmap rid: No tdb entries, static configuration Idmap hash: No config, but risk of collision Idmap autorid: Like idmap rid with dynamic domain prefix allocation Just 1 tdb entry per domain No configuration, as fast as idmap rid 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 19

Performance monitoring No statistics from inside Samba so far: SMB requests per second? Latency? Data transfer rates per share/user/connection? Performance collection must be cheap Intended design: Mmap area per smbd writing data without mutexes Single monitor process consolidates data Little inaccuracies (no mutex) acceptable? 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 20

Samba 3/4 Samba 3: Good file/print server/domain client, working NT4 PDC Samba 4: Starts to become an AD/DC, file server lacks a lot, domain client barely existing Samba 4.0 will contain Samba 3 file/print server and winbind, Samba 4 AD components Subsystems shared between 3 and 4 (tdb, talloc, etc) 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 21

Active Directory Domain Controller The main services beyond NT4: LDAP and Kerberos Kerberos is almost standard, Samba4 ships heimdal LDAP has been extended extensively for AD DRSUAPI for multi-master replication Many improvements for scalability and consistency Samba4's LDAP/DRSUAPI server is right now under heavy development Corporate interests by many vendors 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 22

Current work in Samba4 Single Domain DCs work fine LDAP, Kerberos, Directory Replication works Replication with W2k3/W2k8 works fine Migration scenarios: Replicate to and from Windows Build system: A normal Samba4 build will build S3 as well to enable cooperating processes Upgrade S3 to S4 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 23

Read Only Domain Controller New Windows 2008 feature Branch offices get selected data sets Read Only In 2010, the RODC was developed in Samba4 Safe alternative to fully replicating Dcs Samba 4 is a full AD replication member Bugs in Samba4 could destroy the AD database Windows DCs don't accept changes from Samba 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 24

S3FS S3FS: Embedded fileserver Starts Samba3 smbd inside Samba4 Named pipe bridge IPC$ \\pipe\<pipename> is forwarded to Samba4 Forwarding completely asynchronous Aims to replace the unfinished Samba4 VFS S3FS enables the existing S3 VFS modules to continue working 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 25

S3 utilities smbpasswd -a <username> MUST continue to work Access to AD user database: pdb_ads ( Franky approach): Independent implementation, requires running Samba4 pdb_samba4 ( s3compat approach): Direct access to ldb net, smbclient, smbstatus used from Samba3 samba-tool for AD-specific things 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 26

winbind Filesystem access requires unix users Winbind is used for AD members and trusting Dcs S4 winbind has very rudimentary id mapping Samba4 AD can work without local unix users Services for Unix (SFU) schema will be used for winbind running on S4 Dcs Unix ID allocation requires something like the RID allocator 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 27

Naming things: What will Samba4 be? SerNet Samba 4.0 will contain both Samba4 as well as Samba3 components Basic S3 will continue to work as today Support for exotic platforms File/Print/Domain Member will continue to work without any S4 involvement AD support will require a slightly advanced Platform For example Python will be required for both building and running it 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 28

Questions/comments? Volker Lendecke, VL@SerNet.DE SerNet Service Network GmbH Bahnhofsallee 1b 37081 Göttingen Tel: +49 551 370000 0 Fax: +49 551 370000 9 http://www.sernet.de http://samba.sernet.de 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 29

Questions/comments? Volker Lendecke, VL@SerNet.DE SerNet Service Network GmbH Bahnhofsallee 1b 37081 Göttingen Tel: +49 551 370000 0 Fax: +49 551 370000 9 http://www.sernet.de http://samba.sernet.de 05/2011, Volker Lendecke, SerNet Service Network GmbH, Seite 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback