Announcement

Collapse
No announcement yet.

Samba 4.11 Aims To Be Scalable To 100,000+ Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Samba 4.11 Aims To Be Scalable To 100,000+ Users

    Phoronix: Samba 4.11 Aims To Be Scalable To 100,000+ Users

    For those using Samba for better Windows interoperability with SMB/CIFS/AD, the forthcoming Samba 4.11 will be a lot more scalable so it can be used within massive organizations...

    http://www.phoronix.com/scan.php?pag...-4.11-Features

  • #2
    Since lots of talented Open Source engineers read Phoronix, I'm gonna ask this question: what options need to be enabled for Samba to be accessible both for old clients (say Windows [strike]XP[/strike], 7) and Windows 10 LTSC in light of this new feature/requirement?

    Currently for all Windows 10 clients I have to enable Computer configuration\administrative templates\network\Lanman Workstation ->"Enable insecure guest logons" in GPO but I don't like it.

    My Samba configuration looks like this:

    Code:
    [global]
        security = user
        guest account = nobody
        map to guest = Bad User
    Last edited by birdie; 07-04-2019, 11:31 AM.

    Comment


    • #3
      Originally posted by birdie View Post
      Since lots of talented Open Source engineers read Phoronix, I'm gonna ask this question: what options need to be enabled for Samba to be accessible both for old clients (say Windows XP, 7) and Windows 10 LTSC in light of this new feature/requirement?

      Currently for all Windows 10 clients I have to enable Computer configuration\administrative templates\network\Lanman Workstation ->"Enable insecure guest logons" in GPO but I don't like it.

      My Samba configuration looks like this:

      Code:
      [global]
      security = user
      guest account = nobody
      map to guest = Bad User
      Have you tried setting the min protocol to SMB1?
      https://www.samba.org/samba/docs/cur...ENTMINPROTOCOL

      Comment


      • #4
        Originally posted by schmidtbag View Post
        Have you tried setting the min protocol to SMB1?
        https://www.samba.org/samba/docs/cur...ENTMINPROTOCOL
        please don't do that... SMB1 should not be enabled in any way shape or form

        Comment


        • #5
          Originally posted by schmidtbag View Post
          Have you tried setting the min protocol to SMB1?
          https://www.samba.org/samba/docs/cur...ENTMINPROTOCOL
          I don't want to degrade security that much. Of course it works. And SMB1 is dead for all intents and purposes.

          Also, discard my requirement about Windows XP. I stopped using it years ago. So, I need compatibility only with Windows 7 - 10LTSC.

          Comment


          • #6
            Win7 = smb2.1
            Me thinks Sun/Oracle's have better approach: don't invent, just strictly follow MS.
            Solaris 11.4's SMB server (3.1=win 2016) is a blazing fast.

            Comment


            • #7
              I'll start by noting that "man 5 smb.conf" is your friend, but to cut a long story short, I'd try with:

              Code:
              server min protocol = SMB2
              and ensure that auth and smb protocol negotiation logging is enabled with something like:

              Code:
              log level = 1 auth:3 smb:3 smb2:3
              Then just keep an eye on the logs for the connecting host to see what's going on?

              Comment


              • #8
                Originally posted by ermo View Post
                I'll start by noting that "man 5 smb.conf" is your friend, but to cut a long story short, I'd try with:

                Code:
                server min protocol = SMB2
                and ensure that auth and smb protocol negotiation logging is enabled with something like:

                Code:
                log level = 1 auth:3 smb:3 smb2:3
                Then just keep an eye on the logs for the connecting host to see what's going on?
                This doesn't work. I'm not an expert in Samba and also Samba developers in the their mailing list offer the same GPO workaround. StackExchange offers the same.

                Don't assume you're f*cking smart and I'm stupid just because you can
                Code:
                man smb.conf
                .

                You can download Windows 10 LTSC in less than an hour and offer your insight.

                Comment


                • #9
                  Originally posted by boxie View Post
                  please don't do that... SMB1 should not be enabled in any way shape or form
                  Originally posted by birdie View Post
                  I don't want to degrade security that much. Of course it works. And SMB1 is dead for all intents and purposes.

                  Also, discard my requirement about Windows XP. I stopped using it years ago. So, I need compatibility only with Windows 7 - 10LTSC.
                  I said minimum protocol. You can set the maximum protocol to SMB3 or whatever too. If you want XP support, you need to degrade the protocol. But, since you said you don't need XP support, you can use something higher.

                  You people need to learn how to read.

                  Comment


                  • #10
                    Originally posted by birdie View Post

                    This doesn't work. I'm not an expert in Samba and also Samba developers in the their mailing list offer the same GPO workaround. StackExchange offers the same.

                    Don't assume you're f*cking smart and I'm stupid just because you can
                    Code:
                    man smb.conf
                    .

                    You can download Windows 10 LTSC in less than an hour and offer your insight.
                    Odd response to people attempting to respond to your request for help.

                    The Long-Term Servicing Channel (LTSC) is designed for Windows 10 devices and use cases where the key requirement is that functionality and features don’t change over time. Examples include medical systems (such as those used for MRI and CAT scans), industrial process controllers, and air traffic control devices. These devices share characteristics of embedded systems: they are typically designed for a specific purpose and are developed, tested, and certified before use. They are treated as a whole system and are, therefore, commonly “upgraded” by building and validating a new system, turning off the old device, and replacing it with the new, certified device.

                    We designed the LTSC with these types of use cases in mind, offering the promise that we will support each LTSC release for 10 years--and that features, and functionality will not change over the course of that 10-year lifecycle.

                    Comment

                    Working...
                    X