[Samba] Questions for minimal AD DC, DNS setup and Posix use
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Thu Jan 31 13:45:01 MST 2013
> -----Original Message-----
> From: Michael Wood [mailto:esiotrot at gmail.com]
> Sent: Friday, 1 February 2013 12:22 AM
> To: Andrew Bartlett
> Cc: Dewayne; samba at lists.samba.org
> Subject: Re: [Samba] Questions for minimal AD DC, DNS setup
> and Posix use
>
> Hi
>
> On 31 January 2013 13:56, Andrew Bartlett <abartlet at samba.org> wrote:
> > On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote:
> >> Our plan is to have one AD DC running in Head Office, RODC's at
> >> Branches and a second writeable DC at a contingency site.
> Fileshares
> >> will run on separate servers. The Windows 2003/2008
> Servers use authentication services from samba4 and run
> applications. Our current environment is Samba-3.6.9
> PDC,BDCs & fileshares, openldap stores samba, posix and acts
> as heimdal backend - for SSO.
> >>
> >> My questions are:
> >>
> >> AD DC
> >> Are smbd and winbindd necessary on the AD DC. I would prefer to
> >> start samba with only what it needs to function. When I
> kill the smbd and winbindd processes, the kerberos, ldap &
> dns functionality remain. How can I produce a minimal AD DC:
> >>
> >> 1) Do I need smbd to parse the smb.conf for samba4 to
> start correctly?
> >
> > on the AD DC, you start only 'samba'. We may start other
> binaries or
> > provide services via plugins, but you only have to start 'samba'.
> >
> >> 2) If not, is there a better way than "kill -9" to achieve
> the result of samba4 without smbd, winbindd?
> >
> > You should just kill the parent 'samba' process and any child
> > processes will notice this and go away. As you know, in
> general don't
> > generally kill -9 stuff, as something may be in progress.
> I think tdb
> > is safe for kill -9 these days, but it has always been best
> not to do
> > this as a first choice.
>
> I think for the above two questions he's asking how to run the "samba"
> binary without it spawning irrelevant (to him) things like
> smbd and winbindd.
>
> --
> Michael Wood <esiotrot at gmail.com>
Thanks Michael, I am looking for an AD DC (authentication) server,
which as I observe doesn't require smbd and winbindd. These will
run on a separate (fileserving) server(s).
Andrew, I would like to avoid killing processes by not asking
for them to start. :)
Regards, Dewayne.
More information about the samba
mailing list