An interview with Andrew Tridgell, creator of Samba

Slaying an 800 Pound Guerilla: An interview with Andrew Tridgell, creater of Samba

by Joe Royall
Linux Resource Kit

December 1997

For years Microsoft only provided the client systems on corporate LANs leaving UNIX and IBM to supply all services necessary to using PCs on a network. With the introduction of Windows NT, Microsoft has taken out a full assault on UNIX and IBM's marketplace, first by providing file and print services to its existing client base and then by leveraging that installed base to supply a variety of enterprise applications.

On the heels of Microsoft's success, Linux has begun to supplant NT in its core market place, providing file and print services to Microsoft client systems via the Samba application suite.

Like Linus Torvalds, whose interest in how the Intel 386 worked, turned into the development of Linux. Andrew Tridgell wanted to learn how Microsoft performed file and print sharing. The result is Samba. Samba is licensed freely under the GNU Public license and is available on almost any platform, especially Linux.

Joe: How did you get started on Samba?

Andrew: It originally started in December 1991. I was a PhD student in the Computer Sciences Laboratory at ANU and had a Windows PC on my desk. I wanted access to X windows apps on a Sun workstation so I offered to beta test a PC X server from Digital called WindX (now called Xcursion I believe). When it arrived I discovered that it didn't work with the PC-NFS TCP stack that I was using at the time, it required the Pathworks TCP stack. This meant I had to abandon NFS on my PC.

Being a PhD student prone to procrastination I decided to work out the protocol that Pathworks used by sniffing the packets and staring at them in emacs. I then implemented this on a Sun workstation. That was "server-0.1" which was the predecessor to Samba. It wasn't till years later that I found out the protocol was actually called SMB and is (partly) documented.

Joe: So where did the name Samba come from?

Andrew: A commercial competitor to Samba called Syntax wrote to me one day saying they had the trademark on the name "SMB server", which was what Samba was then called. I needed to come up with a new name quickly so I ran "egrep '^s.*m.*b' /usr/dict/words' and the name Samba was the obvious choice. Salmonberry just didn't have the same ring to it :-)

Joe: Has Microsoft given you any flack?

Generally Microsoft has been quite supportive of Samba. They have sent us loads of free software (NT, Win95, Office etc) to help us debug Samba and even paid for a couple of people in the Samba team to fly to the US for the first CIFS conference. We've formed quite a good working relationship with several Microsoft programmers which has really helped.

There have been some notable incidents where Samba has (incorrectly) come under fire from the Microsoft PR people but the technical people have been good. They even sent me an apology for one of the PR announcements.

There is also the problem that some parts of the protocol are still considered proprietary by Microsoft (such as the NT domain protocols). This doesn't sit very well with their standardization efforts. Hopefully these areas of contention will become less important as we work out how things work for ourselves.

I also think it's a mistake to think of Microsoft as a single entity. It is a large company and like all large companies there are lots of different opinions and attitudes.

Joe: How about a job offer from Microsoft?

Andrew: A few members of the Samba team have had job offers of one sort or another from Microsoft. That's not really very surprising. I don't want to work for them because of the restrictions it would place on the work I do on free software. I program because I enjoy it, whether I get paid is secondary.

Joe: A lot of people have concerns about using SMB/NetBIOS on the Internet. Is there a safe way to use Samba on the Internet?

Andrew: It depends what you mean by "on the internet" and "safe"! Samba is in use at many sites to provide public SMB access to various resources. It is not inherently any less safe than many other file distribution systems. There was one nasty buffer overflow bug in versions of Samba prior to 1.9.17p2 but as long as you keep uptodate then using Samba in this way is not unreasonable. It just depends on how strict your local security policy is.

I would not generally recommend allowing external SMB (ie. TCP/139) access to your users PCs though. It is too easy for users to compromise the security of their files and there have been too many security holes found in the Microsoft SMB servers. It is interesting that Microsoft no longer run a public SMB server themselves, possibly because of some nasty experiences.

At ANU we block all external access to ports 137-139. Most internet connected sites should probably do the same unless they have special requirements.

Joe: What are you major development concerns? What is your "to do" list? Any thoughts for version 2 and 3?

Andrew: There are lots of things going on at the moment in Samba. We are close to a 1.9.18 release which adds some very nice WINS functionality and opportunistic locking.

Beyond that the next major thing will be the full domain controller support that Luke is working on. He has made great progress with that. Version 2 will probably be the version where we get this working properly.

If you look at the Samba cvs logs then you'll get some idea of the pace of Samba development. There have been about 400 commits to the cvs tree in the last month.

Joe: How is development on replication between BDCs and PDCs going?

Andrew: Once the domain controller support is working well we can look at replication. I haven't looked at the replication protocols in much detail so I don't really know if there are any major issues with
providing that functionality. Luke may know more.

Joe: Any luck on getting the specifications for replication out of Microsoft?

Andrew: Microsoft consider the whole NT domain protocol proprietary. It seems unlikely that they would help us with that. Once we have a implementation in place they may be more forthcoming.

Joe: The user based for Samba is growing fast, how about development support?

Andrew: If you mean vendors supporting the further development of Samba then that is starting to happen. SGI, Digital, Sun and NEC have all donated workstations to Samba team members to help in the development of Samba. We're also starting to see interest from major Unix vendors in shipping Samba as standard on some platforms, with full 24 hour support from the vendors. That would be nice as is sure to lead to useful code contributions from the vendors.

It also great that Jeremy now works full time for a company (Whistle Communications) that uses Samba in one of its products. Jeremy can now spend all his time working on Samba. Whistle is a very free software friendly company.

Joe: Any thoughts on requirements for supporting NT 5.0?

Andrew: I haven't tried NT 5.0 myself but I think the basic SMB functionality won't be a problem. It looks like there will be some issues regarding the new kerberos authentication stuff and LDAP but it's really too soon to say what will happen with those. You can be sure that whatever modifications are needed to Samba to integrate well with NT 5.0 will happen fairly quickly.