samba4 introduction
DESCRIPTION
s the culmination of ten years' work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. LDAP, Kerberos, DNS, and all other essential services that are required for Active Directory are natively supported by Samba4. Samba4 doesn't have only Active Directory functions, but it has also many other incredible features like smb3 protocol implementation, ctdb (cluster) functionality and much more. The presentation will describe the supported scenarios of Samba 4 as an Active Directory DC and also, discusses the developments in the File Server, in particular the components of SMB2, SMB3 and CTDB.TRANSCRIPT
Beolink.org!
SAMBA 4 Fabrizio Manfredi Furuholmen"
Beolink.org!
Froscon 2013"2"
Agenda
§ Introduction
§ Samba 4 § Goals § Active Directory § SMB 2.X/3
§ CTDB § Overview
§ Samba § ecosystem
Beolink.org!Introduction
Froscon 2013"3"
What is Samba ?!
Beolink.org!Introduction
Froscon 2013"4"
Beolink.org!Introduction
Froscon 2013"5"
Samba provide secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others…"
Beolink.org!Introduction
Froscon 2013"6"
q Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992"
q Tridgell released "netbios for unix", nbserver, version 1.5 in December 1993."
q Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. "
q May 1996 to mark the birth of the Samba Team"
q Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001."
q Version 3.0.0, released on 23 September 2003,"q Version 4.0.0, started in November 2003,"q Version 3.1.0 released September 2004""q Version 3.2.0 was released on 1 July 2008"q Version 3.3.0 was released on 1 January 2009"q Version 3.4.0 was released on 3 july 2009"q Version 3.5.0 was released 1 March 2010."q Version 3.6.0 was released on 9 August 2011. """
Samba Release Planning from 2008"• nine months fully supported,"• another nine months in the maintenance mode,"• nine months in the security fixes only mode. ""In total, each series is maintained for a period of approximately 27 months. "
Beolink.org!Introduction
Froscon 2013"7"
Is Samba a dead project ?!"Some stats:"q 4801 commits last year " (7286 in 2011, and 10290 in 2010)""q 72 unique contributors"
q 550K lines changed (down from 770K)"
q 1602 patches were reviewed""
Beolink.org!Introduction
Froscon 2013"8"
Beolink.org!Introduction: Samba usage
Froscon 2013"9"
Domestic Storage NAS"All in one Appliance"
No i386 hw"Heterogeneous env"High performance "
Fanatic"No money..""Few small business"Few installation for office automation "
Small/ embedded"
XXL Env"
$"
Beolink.org!Samba4: Goals
Froscon 2013"10"
“The basic goals of Samba4 are quite ambitious, but achievable: "protocol completeness "extreme testability "non-POSIXbackends "fully asynchronous internals "flexible process models "auto-generated RPC infrastructure "flexible database architecture"“""Andrew Tridgell From sambaxp 2004!
Beolink.org!Samba4
Froscon 2013"11"
…and Version 4.0 was released on December 11, 2012…"
Beolink.org!Samba4
Froscon 2013"12"
AD!
SMB2.x/3!
Highly asynchronous!
Simplicity!
Security (Coverity) !
Many other improvements!
Beolink.org!
9/4/13"13"
Powerful Identity Management (for Free)"
Introduction: Samba4 AD
Identity"
Users"
Authentications"
Systems"Groups"
Policies"
LDAP storage (extensibile)!
Kerberos!
DNS (update)"Group Policies!
Beolink.org!Samba4: Simple
Froscon 2013"14"
Everything is inside" Only a few steps"
Migration scripts/ python lib" MMC interoperation"
Simple to deploy!
Beolink.org!Samba4: demo
Froscon 2013"15"
Are you sure … do you want to see a demo ?"
Beolink.org!Samba4: AD features
Froscon 2013"16"
AD:!• forests: 1, domains: 1, domain
controllers: 1"• Trusts: Samba can be trusted"• Samba can not trust"
Replication:!• directory replication works"• sysvol replication :Not implemented yet"• multiple Samba DCs possible (sysvol
replicated externally)"
Sam
ba 4
.1 c
omin
g so
on!
Beolink.org!SMB 2.x
Froscon 2013"17"
SMB (Server Message Block) is a remote file protocol!In the 2007 was released the smb 2.x, it was the first major redesign of SMB since 1997 (or 1987)!
q Reduced complexity, going from over 100 commands and subcommands to just"q Request compounding, which allows multiple SMB requests to be sent as a single
network request "q Larger reads and writes make better use of faster networks, even with high latency "q Caching of folder and file properties, where clients keeps local copy of information on
folders and files "q Durable handles allow an SMB2 connection to transparently reconnect to the server if
there is a temporary loss of network connectivity "q Message signing improved (HMAC SHA-256 replaces MD5 as hashing algorithm) and
configuration/interoperability issues simplified"q Improved scalability for file sharing (number of users, shares and open files per server
greatly increased)"q Extension mechanism (for instance, create context or variable offsets)"q Support for symbolic links!q …!
Beolink.org!SMB 2
Froscon 2013"18"
File Copy performance seen in the"real world much faster than SMB1""q Up to ~45x throughput
for WAN"
q Up to 2-10x throughput for LAN"
Transparent caching!
LAN!
Beolink.org!SMB 2
Froscon 2013"19"
Beolink.org!SMB 3
Froscon 2013"20"
SMB3!!!With windows server 2012 and windows 8, the smb reached the version 3 (aka 2.2)"
q Availability "q SMB Transparent Failover"q SMB Multichannel"q …."
q Scale Out"q SMB Direct (RDMA)"q Directory Leasing"q BranchCache™ V2"
q Backup"q VSS for SMB File Shares"
q Security "q SMB Encryption –AES-CCM"q Signing -AES-CMAC"
q Management"
Beolink.org!SMB 3
Froscon 2013"21"
Ethe
rnet
10G
b"In
finib
and
32G
b"In
finib
and
54G
b"
http://Smb3.info"
The new futures are for:!
q Central storage "
q Virtualization infrastructure""
Beolink.org!Samba4: SMB 2.2/3
Froscon 2013"22"
"SMB2 is superfast, increases security, and improves Windows compatibility.” by Apple"
Beolink.org!Samba4: I forgot to tell you…
Froscon 2013"23"
"
Samba4:"• Active Directory Compatible
Sever (AD/DC)"• daemon "samba”"• integrated LDAP server"• integrated Kerberos server
(heimdal)"• intergrated DNS server (or
external bind)"
Samba3"• Standalone and domain member
Iaemons smbd, nmbd, winbindd(4)"
• SMB 2.0 now complete with durable hanldes"
• partial SMB 2.1 support with Multi-Credit"
• basic SMB 3.0 support"
Franky(Samba4)!
Beolink.org!Samba4: Fileserver
Froscon 2013"24"
S3fs is the name that has been given to a development effort to make possible the agreed default file server configuration for Samba 4.0 as an AD Domain controller."
q Samba 3 file server "q SMB 3 implementation"
"Ntvfs, used Samba 4.x alpha series"
q Early SMB2 support."q Native filesystem"
"
To communicate between the smbd process that handles file sharing and the DCE/RPC server, all the SMB named pipe operations are converted into operations on a unix domain socket. (Franky Project)"
Beolink.org!CTDB
25"
SambaXP 2013"
Samba Server "
Do
You
thin
k is
it e
noug
h !
one
Sam
ba?!
Cluster Filesystem!
Beolink.org!Samba4: Cluster problem
Froscon 2013"26"
Sharing the data!"Session!q IPC: messaging (messages.tdb and signals)"q IPC: share volatile session data:"q SMB sessions (sessionid.tdb)"q share connections (connections.tdb)"q share modes (locking.tdb)"q byte range locks (brlock.tdb)"
Persistent!q user database (passdb.tdb)"q domain join information (secrets.tdb)"q id mapping tables (winbindd idmap.tdb)"q registry (registry.tdb)"
Beolink.org!CTDB
27"
SambaXP 2013"
Beolink.org!CTDB
Froscon 2013"28"
High Availability!Each CTDB node is assigned two ip addresses, one private that is tied to a physical node and is dedicated to inter-CTDB traffic only and a second "public" ip address which is the address where clustered services such as SMB will bind to.""The CTDB cluster will ensure that when physical nodes fail, the remaining nodes will temporarily take over the public ip addresses of the failed nodes. ""
Load distribution!Load between the nodes base on round-robin DNS!
When a physical node takes over the public ip address of a failed node it will first send out a few Gratious, secondly the new node will also send a few "tcp tickles" to ensure that all clients that have established tcp connections to the failed node immediately detects that the tcp connections have terminated and needs to be recovered. "
http://www.samba.org/~obnox/presentations/sambaXP-2010/sambaxp-2010-tutorial-ctdb-handout.pdf"https://wiki.samba.org/index.php/CTDB_Setup"
Beolink.org!CTDB: Performance
Froscon 2013"29"
GPFS file system!32 client smbtorture NBENCH test!"1 node: 109 MBytes/sec"2 nodes: 210 MBytes/sec"3 nodes: 278 MBytes/sec"4 nodes: 308 MBytes/sec"""By Andrew Tridgell and Ronnie Sahlberg, Linux Conf Australia 2009""
Beolink.org!Samba4: Open platform
Froscon 2013"30"
Samba"
RPC Library "
VFS" Wrapper"
3rd parties"
http://www.samba.org/samba/vendors/"
Beolink.org!Samba4: VFS
Froscon 2013"31"
Stackable VFS (Virtual File System)!Samba passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the modules that come with the Samba source and provides references to some external modules."
q Disk/share/fs operations"q Directory operations"q File operations"q NT ACL operations"q POSIX ACL operations"q EA operations"q AIO operations "q Offline operations"
Beolink.org!Samba4: VFS
Froscon 2013"32"
http://sambaxp.org/fileadmin/user_upload/SambaXP2012-DATA/thu/track2/Richard-Sharpe-Developing-Samba-VFS-Modules.pdf"
Beolink.org!
33"
Base on VFSX
VFSX is a transparent Samba Virtual File System (VFS) module which forwards operations to a process on the same machine for handing outside of the Samba daemon process…!
SambaXP 2012"
Python Server!"… " while True:" msg = self.request.recv(512)" if not msg: break" log.debug(msg)" # Handle message-parsing and operation execution error here." # Socket communication errors should be propagated." try:"
"(operation, user, origpath, args) = self.__parseMessage(msg)""result = self.__callOperation(operation, user, origpath, args)"
except Exception, e:""result = VFSOperationResult(FAIL_ERROR)""log.exception(e)"
self.request.send("%d" % result.status)"" # The client probably closed the connection." self.request.close()" log.debug("Close Connection”)""def __parseMessage(self, msg):" parts = msg.split(":")" (operation, user, origpath) = parts[0:3]" log.debug(" operation = '%s' user = '%s' origpath = '%s'" %"
" " "(operation, user, origpath))" args = []" if len(parts) > 3:"
"args = parts[3].split(",")""log.debug(" args = '%s'" % parts[3])"
return (operation, user, origpath, args)"Example available to :"http://sambaxp.org/fileadmin/user_upload/SambaXP2012-DATA/thu/track2/Richard-Sharpe-Developing-Samba-VFS-Modules.pdf"
Beolink.org!OpenChange
Froscon 2013"34"
OpenChange is a portable Open Source implementation of Microsoft Exchange server and Exchange protocols. It provides a complete solution to interoperate with Microsoft Outlook clients or Microsoft Exchange servers. "
q Drop-In replacement"
q Interoperability with Microsoft Exchange Protocols"
q Native and transparent Microsoft Outlook support"
q Work on top of Samba Active Directory technology"
q Interface existing data storage backend""
Beolink.org!Linux Kernel module
Froscon 2013"35"
"Main Goals :!q Local/Remote Transparency"
q Most applications shouldn't notice or care if on remote mount vs. ext4"
q Near perfect POSIX semantics to Samba servers (and those which "q implement POSIX extensions) and best effort semantics to Windows and "q other NAS filers"
q Fast, efficient, full function, secure method for accessing (from Linux) data "q which lives on Windows servers or other NAS"
q As reliable as reasonably possible over bad networks"
q Be able to read and set not just file data but also all reasonably important "q Windows metadata (for backup, archive, gateways and to help server "q migration)""
Beolink.org!Linux Kernel module
Froscon 2013"36"
Simple test:!"$ dd if=./ddtest.out of=/dev/null bs=1M""Results: ""Unpatched 3.4-rc2 kernel -- rsize is always capped at 16k here: "1073741824 bytes (1.1 GB) copied, 97.6394 s, 11.0 MB/s""Patched 3.4-rc2 kernel – rsize=1M:"1073741824 bytes (1.1 GB) copied, 9.89869 s, 108 MB/s""Patched 3.4-rc2 – rsize=61440:"1073741824 bytes (1.1 GB) copied, 13.4146 s, 80.0 MB/s""""*cifs_iovec_read now collects/issues (larger) asynchronous reads. Primarily of use when a "share is mounted with forcedirectio, or strictcache and the client doesn't have an oplock for "the file being (in 3.5. From Jeff Layton)""
""
Beolink.org!
37"
What is the future ?
SambaXP 2012"
It is difficult to make predictions,! especially about the future….!
Beolink.org!Samba4: Result
Froscon 2013"38"
Samba 4 integrates fully with Active Directory, and you can migrate an Active Directory domain to Samba 4"
Beolink.org!Samba4: Warning
Froscon 2013"39"
The use of older documentation or mail list archives, especially those that reference Samba4 “test” and “alpha” releases, is strongly discouraged. "
Beolink.org!Samba4: Warning
Froscon 2013"40"
If you are using an ext3 or ext4 filesystem on Linux, you should ensure that the filesystem is mounted with the user_xattr,acl,barrier=1 option. ."
Beolink.org!Samba4: SambaXP
Froscon 2013"41"
The Samba eXPerience is the international Samba conference for users and developers. Meet the Samba Team and discuss requirements, new features and get an update on current developments! !"Göttingen, Germany "www.sambaxp.org""
