[Samba] Questions for minimal AD DC, DNS setup and Posix use

Dewayne Geraghty dewayne.geraghty at heuristicsystems.com.au
Thu Jan 31 13:45:01 MST 2013 

 

> -----Original Message-----
> From: Michael Wood [mailto:esiotrot at gmail.com] 
> Sent: Friday, 1 February 2013 12:22 AM
> To: Andrew Bartlett
> Cc: Dewayne; samba at lists.samba.org
> Subject: Re: [Samba] Questions for minimal AD DC, DNS setup 
> and Posix use
> 
> Hi
> 
> On 31 January 2013 13:56, Andrew Bartlett <abartlet at samba.org> wrote:
> > On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote:
> >> Our plan is to have one AD DC running in Head Office, RODC's at 
> >> Branches and a second writeable DC at a contingency site. 
> Fileshares 
> >> will run on separate servers.  The Windows 2003/2008 
> Servers use authentication services from samba4 and run 
> applications.  Our current environment is Samba-3.6.9 
> PDC,BDCs & fileshares, openldap stores samba, posix and acts 
> as heimdal backend - for SSO.
> >>
> >> My questions are:
> >>
> >> AD DC
> >> Are smbd and winbindd necessary on the AD DC.  I would prefer to 
> >> start samba with only what it needs to function. When I 
> kill the smbd and winbindd processes, the kerberos, ldap & 
> dns functionality remain. How can I produce a minimal AD DC:
> >>
> >> 1) Do I need smbd to parse the smb.conf for samba4 to 
> start correctly?
> >
> > on the AD DC, you start only 'samba'.  We may start other 
> binaries or 
> > provide services via plugins, but you only have to start 'samba'.
> >
> >> 2) If not, is there a better way than "kill -9" to achieve 
> the result of samba4 without smbd, winbindd?
> >
> > You should just kill the parent 'samba' process and any child 
> > processes will notice this and go away.  As you know, in 
> general don't 
> > generally kill -9 stuff, as something may be in progress.  
> I think tdb 
> > is safe for kill -9 these days, but it has always been best 
> not to do 
> > this as a first choice.
> 
> I think for the above two questions he's asking how to run the "samba"
> binary without it spawning irrelevant (to him) things like 
> smbd and winbindd.
> 
> --
> Michael Wood <esiotrot at gmail.com>

Thanks Michael, I am looking for an AD DC (authentication) server, 
which as I observe doesn't require smbd and winbindd. These will
run on a separate (fileserving) server(s).

Andrew, I would like to avoid killing processes by not asking 
for them to start. :)
Regards, Dewayne.

More information about the samba mailing list