[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: silug: IP address? -- don't confuse DC functionality with SMB

To: Casey Boone <caseyboone@gmail.com>
Subject: Re: silug: IP address? -- don't confuse DC functionality with SMB
From: "Bryan J. Smith" <b.j.smith@ieee.org>
Date: Sat, 01 Jan 2005 18:13:16 -0800
Cc: silug-discuss@silug.org
In-Reply-To: <c5632741041231202763b2d7a8@mail.gmail.com>
Organization: Southern Illinois Linux Users Group
References: <E6A8B86C-5837-11D9-9B39-000A95880F88@alum.calberkeley.org> <41D08F21.5070002@gmail.com> <1104418265.2700.16.camel@localhost.oviedo.smithconcepts.com> <20041231005750.GB27559@SDF.LONESTAR.ORG> <c563274104123021326fa005cd@mail.gmail.com> <1104496822.2688.50.camel@localhost.oviedo.smithconcepts.com> <c5632741041231202763b2d7a8@mail.gmail.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

On Fri, 2004-12-31 at 20:27, Casey Boone wrote:
> actually i am talking AD and file sharing.

And as I've pointed out, the endless variants of the SMB clients are
generally problematic with pre-NT5.1 (XP/2003) clients.  As long as you
are doing basic filesystem access, don't care about performance, don't
enable various features, and don't have an issue when the NT5.1 (2003)
server auto-disables them due to incompatibility, then you won't notice.

But if you run engineering applications and need performance, you can't
have connects bomb out 2 weeks into a regression test, or have it take
twice as long.  Or if you have bank servers and require SMB signing and
IPSec, then pre-NT5.1 is definitely a major issue, especially when it
silently fails, but the native SMB clients just blindly keep accepting
unencrypted blocks.  ;->

> i honestly was expecting a problem with the nt4 clients pulling from
> the 2k3 file servers,

The _basic_ defaults in NT5.1 (2003) are designed to work with most
NT5.0 (2000) and even most NT4 clients.  It gets a bit more complicated
for DOS7 (95/98/ME) implementations, but most DOS7 clients are unstable
in general.

But make no mistake, the NT5.1 implementation is a "clean slate." 
Microsoft doesn't guarantee performance or full feature support with
pre-NT5.1 clients.  Samba 3 has been shown to have better pre-NT5.1
client performance and feature support.

> but didnt see one while i was there.

Of course not.  If you get a disconnect or other general issue, we blame
it on the application.  But typically its an issue with the stateless
features of the SMB protocol -- especially when 

> now it could be due to policies being handed down from above on the AD
> tree i admit,

Policies are still delivered via ADS/CIFS, and not SMB (other than maybe
a few, small files to send scripts or MSI information).  And ADS is
improved in NT5.1 (2003), especially various limitations from ADS in
NT5.0 (2000) for legacy CIFS support have been eliminated.

> but i still witnessed it happening.

As have I.  As I've said, I've worked in 100,000 and 25,000 node Windows
networks.  It typically works well, even for pre-NT5.1 clients, as long
as you don't start changing default features, or trying to enforce
security policies that are violated by native SMB servers/clients
auto-disabling them.  ;->

Of course, it takes careful planning to design a good ADS network.  If
you screw up the initial design, you're re-installing.  That is in stark
contrast to Samba, which lets you completely change the controller or
browser functionality on-a-dime.  And that's just looking at ADS.

When you start talking SMB, native Windows Servers are completely
inflexible.  From OpLocks to Security, it's one huge reality check for
anyone who has read through the MCSE Marketing--er, Technical,
information.  People often confuse plug'n play with proper
configuration.

Especially when you are being audited over the increasingly stringent
requirements for customer privacy.  In general, university environments
have often been wide-open.  Fortune 100 companies are completely
different.  Especially when you're one of the few departments that isn't
down for 3 days due to SQL Slammer, because you know how to configure
your SMB facilities proper.

-- 
Bryan J. Smith                                    b.j.smith@ieee.org 
-------------------------------------------------------------------- 
Subtotal Cost of Ownership (SCO) for Windows being less than Linux
Total Cost of Ownership (TCO) assumes experts for the former, costly
retraining for the latter, omitted "software assurance" costs in 
compatible desktop OS/apps for the former, no free/legacy reuse for
latter, and no basic security, patch or downtime comparison at all.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Re: silug: IP address? -- don't confuse DC functionality with SMB
  - From: Casey Boone <caseyboone@gmail.com>

Prev by Date: Re: NFS + Win XP
Next by Date: Re: NFS + Win XP -- NFS for UNIX/Linux clients, SMB for Windows
Prev by thread: Re: silug: IP address? -- don't confuse DC functionality with SMB
Next by thread: Re: BitTorrent away (or not)!
Index(es):
- Date
- Thread