[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !

[mathias dufresne]

2015-12-05 12:45 GMT+01:00 CpServiceSPb . <cpservicespb at gmail.com>:

>
>
> *For mathia *
>  > I worked for years for a small company building planes: Airbus. They do
> have lot of DC, lot of file servers, they use ADAM intensively too. I don't
> > remember they were using WINS service. DC are > meant to authenticate
> clients. That specific process is based on DNS to guess where to
> authenticate.
> > In fact having DC in network neighborhood is good for mini-parks only. If
> you have 2 files
> > server and 2 DC, 50 clients, at worst you will have 54 entries in network
> neighborhood. Now think about same network neighborhood when you have 50
> > DC, 250 file servers and tenths of
> > thousands clients. Wouldn't be easier for your users to have only these
> file servers in their network neighborhood rather than all clients + all DC
> +
> > somewhere in the middle some lost file servers?
> As I mentionrd above, there are different situation in different
> organizations, commercial/non commercial/edicational/military/peaceful. :)
> Mostly using of NetBios abilities is applicable for home/small/medium
> business.
> But even in big business companiest it can be used via Wins.
>

What gives you Wins? The ability to use short names I believe.

Active Directory uses DNS to store hosts names. Yes they are stored in a
long form called FQDN which is boring to type but MS Windows systems comes
with domains search options, as are UNIXes boxes. Filling some searched
domain you should be able to use short names, as if you were having Wins.



> No, for conditions I touched with, wouldn' t.
>

I did not understand anything.



> It would easy for users (first of all and then for lazy admins :)) ) to
> have choise to make possibility to see computers at list (including file
> servers) or not to see.
>

As explained, users don't have to access DC. DC are meant to discuss with
others systems (OSes) to authentication.

No access means no need to put them into Network Neighborhood. Admins can
access DC with short names as explained earlier.


> Users who can/wants to use accss to servers/computers by name they are
> wellcome, users who can /want to access internal resources by IP or by
> other way (DNS or other which is used at your organization) , they are
> wellcome.
> Society of freedom choise. Is it ?
>

Again, I don't understand why you write that: we can access DC using
\\<ip_adress>
or \\<fqdn>
or \\<hostname without DNS domain if you are able to configure your Windows>

So it seems to me you shout against something which is working as
expected...


>
> By the way, why is it good for miniparks only ? You may not answer to this
> question. It can well working for quite big parks also.
> If you meant broadcast, I may partially agree with you, but modern netcards
> as communication lines have big broadband. :))
>

No I did not meant broadcast issue but organizational issue. I give (again)
the example:
You have 10 DC.
You have 50 servers (files servers)
You have 2000 workstations.

Files servers are in network neighborhood, so 50 entries in there.
Workstations are in network neighborhood, 2050 entries in there.
You add your 10 DC in network neighborhood and you have 2060 entries in
your network neighborhood.

I can't see how it simpler to look for into a list of 2000+ entries
manually to find one server when you can access it by IP, FQDN or shortname
(again, short name is accessible only for admin who know how to configure a
MS Windows system).


>
> > I'm lacking knowledge about MS AD but I was believing AD was coming with
> its own replacement of that election process.
>

We saw : )


> > If I'm wrong the fact DC are not part of that process does not seems to
> be a too big issue if they are not file server.
>

That's it, no issue if they are not files server.


>
> I don' t know any replacement of such operation, there are two choises: use
> or not (be or not to be :)) ).
> And also I heard about MS policy declares one server for each role.:)))
> But .....
> As I said there are different orgs in or with different conditions.
>
> > For lazy admins on small park, it could be. For DC with short names in a
> big park, you lose time opening the network
> > neighborhood, waiting it fill up, dig into declared machines to find the
> one you was looking for rather than just typing "\\my_dc_name" in windows
> > explorer address bar.
>

Once more, learn how to configure searched domains on MS Windows systems.


>
> For first two statements see above. :))
> About losing time, in my oppinion not always, because list is builded for
> some time (not zerod after 1 minute) .
> Regarding typing of \\DC_name, your users and admis have to be equiped with
> big memory. :)))
> Sometimes is quite difficult to remember of 2 DCs names (even one DC name)
> , but if you talked about 50+ DCs or many DCs + some fileservers ...
> You are a monster. :))
>
> > "lack of discussion" functionality: what did you meant?
>
> I meant that absence of functionality we duscussed about. Not else.
>
> > They really stopped digging into Samba AD because they didn't find their
> DC in the network neighborhood? No they must have better reasons I think.
>
>  Please take in mind, that Samba3/4 Nmbd functionality is not limited of
> showing/hiding Samba3/4 server itself at Net list, it can (or often is) be
> as LMB (local master) and/or DMB (domain master) that means quite more,
> means maintaining and providing Nethood list to other DCs, servers,
> clients.
>
> > Good luck! Always a good idea to help opensource :)
>
> Thanks. Do you want to join me at this beginning ? :)
>

No. As explained I can't see any interest in that. For me network
neighborhood is THE place to avoid. Perhaps because I work for big company
for too much time.
And something else: I'm currently working for a big company, trying to
design a (very) big domain. We are already trying to find financial
resources to help Samba team to develop what we need for scalability. In
others words, we have already enough to do with our own issues.


>
> P. S.: I offer to stop this duscussion.If Samba development team will addso
> to the code it is will be very nice.
> If you, mathias or others want to make it in your/their own or take part in
> it, it will benice also. :)
> If you or others want to help me in it, you are wellcome.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>