On 20/02/13 10:57, Andrew Bartlett wrote:
On Wed, 2013-02-20 at 08:29 +0000, Sebastian Arcus wrote:
On 20/02/13 03:24, Gregory Sloop wrote:
DS> On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
As most of you would have noticed, we have now had 3 CVE-nominated
security issues for SWAT in the past couple of years.
-SNIP-
Therefore, it was suggested on a private list that we just drop SWAT. I
want to start a public discussion on that point, prompted by
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
SWAT in the first place.
Thanks,
Andrew Bartlett
DS> I have yet to make the jump to Samba4, so I have not seen the version of
DS> SWAT designed for it.
DS> For me, the primary benefit of SWAT in Samba3 was the ability to use the
DS> help link for any parameter to see what that parameter did, what the
DS> default was, and what its proper syntax was. For reference, I ran "man
DS> smb.conf". Viewing full screen, I pressed the "Page Down" key 34 times
DS> and was still in the 1st third of the alphabetical listing of
DS> parameters. It's no small wonder that I never used "man smb.conf" to
DS> configure Samba. SWAT was my friend.
DS> So, if Samba4 has anywhere near the number of parameters as Samba3, I
DS> would be greatly disappointed to see SWAT go away entirely. An html
DS> version of the samba-doc package that contained all parameters with
DS> links to their definitions/descriptions would be a welcome and suitable
DS> replacement.
DS> Thanks,
DS> Dale
I'm working through smb.conf options now, and I see that the official
Samba docs for the smb.conf file are v3 only.
I've taken the liberty of cranking the smb.conf man file to html and
I've added a link in the wiki to it.
[I can't post full html to the Wiki and editing the smb.conf html
conversion to "wiki-eese" will be way too time consuming and
cumbersome. So, I've simply put it on my own web-server and linked to
it. My apologies if this violates some commonly accepted protocol, but
I needed it as much as anyone. I'm glad to send the file to whomever
needs it and once it's up at samba.org, change the link to point
there.]
However, for anyone looking for a web version of the smb.conf for
4.0.3 - see this wiki page.
http://wiki.samba.org/index.php/Documentation_Links/samba4-smb.conf
Just curious what is the source of the smb.conf manual above. The reason
I'm asking is that I just found out for example that "map to guest" is
not working yet in Samba 4 (see my other thread on this list). So I'm
just wondering what other features which used to work in Samba 3 are not
implemented in Samba 4 yet (or might never get implemented). Thus if the
Samba 4 smb.conf manual page lists them - wouldn't that cause more
confusion as people will expect them to work? Is there some way of
finding out which features are working already - and maybe adding some
notes next to the others to warn users that they are not available yet?
Also, the page above keeps on mentioning smbd - I was under the
impression that the Samba 4 binary is just "samba" - although maybe I am
getting mixed up about this.
In this new operating mode (being an AD DC) some parameters do not have
their expected effect.
This does not impact on the other operating modes.
The differences are due to divergence over years of development, and a
failure to fully converge again, and so at this time there is no
comprehensive list.
Please file bugs as you find these, and we hope to get things hooked up
or exceptions noted in the man page.
Andrew Bartlett
Thanks Andrew. Will do. Just for my own understanding - is it still
possible to run Samba 4 as (just) a workgroup? If yes - does one just
specify security=user in smb.conf and still uses the "samba" binary - or
the "smbd" binary has to be started/used for workgroup operation? Or the
smbd binary is actually still the Samba 3.x series and is not
technically part of Samba 4 although it compiles out of the same download?
Sorry if I'm asking what might be really basic stuff to others.
Sebastian
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
