Building an embedded Samba4
Tomasz Chmielewski
mangoo at wpkg.org
Wed Feb 1 10:40:06 GMT 2006
Andrew Bartlett schrieb:
> Tomasz,
>
> In your search for an 'embeddable' Samba PDC, I would strongly urge you
> to consider building this on Samba4.
Actually, I built the thing already (well, almost, but only the details
are missing).
It is based on OpenLDAP 2.3.18 (working as a slave, but can be a master,
too) and Samba 3.0.21a, and basically, provides everything a Samba from
a "normal" distro provides (CUPS, acls [1], users in LDAP, etc.).
It works on an ASUS WL-500g Deluxe router (it costs about 90 USD/euro,
there are other models, too[2]): 32 MB RAM, 200 MHz mipsel CPU, 5
ethernet ports, wireless, but can be installed on much more - so after
connecting a DSL modem to it, it can be a router + domain controller for
a small office (4 ethernet ports are left after connecting a DSL modem,
so it would be perfect for an office of 4 workers).
Of course you can have more users, just use a switch, but I wouldn't
recommend keeping too many user profiles...
It is based on Linux / OpenWRT distribution.
It works as a PDC right now, stores user profiles etc.
If you wonder how an embedded device can store user profiles, the
answers is simple - it has a USB-stick attached :)
As typical USB-sticks can take 100.000 - 1.000.000 writes, depending on
the model, I assume it will be able to live for a couple of years.
If anyone has an idea how to estimate a number of writes when a user
logs off (for an average user that logs in, uses email, browses the web,
edits some documents etc). - it would be nice.
I think it can be easily read from the logs, but I didn't really try.
Of course, I try to write to it as little as possible - so all logs,
pidfiles etc. are either in tmpfs, or disabled.
> I think you will find this has a lower footprint, and more flexibility
> to the embedded space. I would love to hold an AD DC in the palm of my
> hand. :-)
Right now, it uses about 15-20 MB of RAM (out of 32 MB), although it
runs quite a bit of things:
1) slapd + smbd + nmbd + cups for a "normal" Samba file+print server
experience
2) ssh server for administration
3) pppd to use ADSL
4) openvpn to securely communicate with other branches (i.e. headquarter)
5) LZOlayer_fs [3] filesystem for keeping compressed Windows + software
installation - when the Windows workstation breaks, it can be easily
reinstalled using Unattended [4] - because you can't use jffs2 on an
external USB stick (it's for mtd devices only)
6) tftp server for making PXE/network Windows installations
So quite many things; it has a USB-stick attached, because otherwise
user profiles + Windows + software wouldn't fit.
The only thing I don't like about it is that Samba needs to fetch users
not only from LDAP, but also from the system.
As this tiny system doesn't have NSS (it's uClibc), I have to generate
/etc/passwd and /etc/group from the LDAP, which is a bit ugly.
> I honestly think this is the best way forward, and would love to help
> you build such a device.
Can Samba4 use LDAP-only users, without consulting the system (NSS,
/etc/passwd, /etc/group etc.)?
I guess not (yet?), but it would be great if it could authenticate users
this way, and to use files on a DC using UID/GID numbers only (if Samba
has a user in LDAP only).
#######
Notes:
[1] actually, I still need to patch the kernel, as 2.4.x ones don't have
acls in; Samba has support for it compiled
[2] You will be interested in models having 32 MB RAM, and USB 2.0
ports; in some of them you can put a HDD inside (some models with 300
MHz CPU), they are still small (book-sized):
http://wiki.openwrt.org/TableOfHardware
[3] Compressed filesystem: http://north.one.pl/~kazik/pub/LZOlayer/
[4] Unattended Windows + software installation: http://unattended.sf.net
--
Tomasz Chmielewski
http://wpkg.org
More information about the samba-technical
mailing list