Building an embedded Samba4

Tomasz Chmielewski mangoo at wpkg.org
Wed Feb 1 10:40:06 GMT 2006 

Andrew Bartlett schrieb:
> Tomasz,
> 
> In your search for an 'embeddable' Samba PDC, I would strongly urge you
> to consider building this on Samba4. 

Actually, I built the thing already (well, almost, but only the details 
are missing).

It is based on OpenLDAP 2.3.18 (working as a slave, but can be a master, 
too) and Samba 3.0.21a, and basically, provides everything a Samba from 
a "normal" distro provides (CUPS, acls [1], users in LDAP, etc.).

It works on an ASUS WL-500g Deluxe router (it costs about 90 USD/euro, 
there are other models, too[2]): 32 MB RAM, 200 MHz mipsel CPU, 5 
ethernet ports, wireless, but can be installed on much more - so after 
connecting a DSL modem to it, it can be a router + domain controller for 
a small office (4 ethernet ports are left after connecting a DSL modem, 
so it would be perfect for an office of 4 workers).
Of course you can have more users, just use a switch, but I wouldn't 
recommend keeping too many user profiles...

It is based on Linux / OpenWRT distribution.

It works as a PDC right now, stores user profiles etc.

If you wonder how an embedded device can store user profiles, the 
answers is simple - it has a USB-stick attached :)
As typical USB-sticks can take 100.000 - 1.000.000 writes, depending on 
the model, I assume it will be able to live for a couple of years.

If anyone has an idea how to estimate a number of writes when a user 
logs off (for an average user that logs in, uses email, browses the web, 
edits some documents etc). - it would be nice.
I think it can be easily read from the logs, but I didn't really try.

Of course, I try to write to it as little as possible - so all logs, 
pidfiles etc. are either in tmpfs, or disabled.


> I think you will find this has a lower footprint, and more flexibility
> to the embedded space.  I would love to hold an AD DC in the palm of my
> hand. :-)

Right now, it uses about 15-20 MB of RAM (out of 32 MB), although it 
runs quite a bit of things:

1) slapd + smbd + nmbd + cups for a "normal" Samba file+print server 
experience
2) ssh server for administration
3) pppd to use ADSL
4) openvpn to securely communicate with other branches (i.e. headquarter)
5) LZOlayer_fs [3] filesystem for keeping compressed Windows + software 
installation - when the Windows workstation breaks, it can be easily 
reinstalled using Unattended [4] - because you can't use jffs2 on an 
external USB stick (it's for mtd devices only)
6) tftp server for making PXE/network Windows installations

So quite many things; it has a USB-stick attached, because otherwise 
user profiles + Windows + software wouldn't fit.

The only thing I don't like about it is that Samba needs to fetch users 
not only from LDAP, but also from the system.
As this tiny system doesn't have NSS (it's uClibc), I have to generate 
/etc/passwd and /etc/group from the LDAP, which is a bit ugly.


> I honestly think this is the best way forward, and would love to help
> you build such a device.

Can Samba4 use LDAP-only users, without consulting the system (NSS, 
/etc/passwd, /etc/group etc.)?

I guess not (yet?), but it would be great if it could authenticate users 
this way, and to use files on a DC using UID/GID numbers only (if Samba 
has a user in LDAP only).


#######
Notes:

[1] actually, I still need to patch the kernel, as 2.4.x ones don't have 
acls in; Samba has support for it compiled

[2] You will be interested in models having 32 MB RAM, and USB 2.0 
ports; in some of them you can put a HDD inside (some models with 300 
MHz CPU), they are still small (book-sized): 
http://wiki.openwrt.org/TableOfHardware

[3] Compressed filesystem: http://north.one.pl/~kazik/pub/LZOlayer/

[4] Unattended Windows + software installation: http://unattended.sf.net


-- 
Tomasz Chmielewski
http://wpkg.org

More information about the samba-technical mailing list