Confused about samba4 & s3fs

Andrew Bartlett abartlet at samba.org
Sun Aug 19 01:51:08 MDT 2012 

On Sun, 2012-08-19 at 07:45 +0100, Rowland Penny wrote:
> On 18/08/12 22:31, Gémes Géza wrote:
> > 2012-08-18 16:33 keltezéssel, steve írta:
> >> On 18/08/12 15:16, Andrew Bartlett wrote:
> >>> On Sat, 2012-08-18 at 14:09 +0100, Rowland Penny wrote:
> >>>> On 18/08/12 13:34, Andrew Bartlett wrote:
> >>>>> On Sat, 2012-08-18 at 10:46 +0100, Rowland Penny wrote:
> >>>>>> On 18/08/12 09:06, Andrew Bartlett wrote:
> >>
> >>>
> >>> These different components perform different roles in the Samba system.
> >>> The AD DC has only one daemon binary you need to interact with, 
> >>> 'samba'.
> >>> Users wishing to have a file server or a domain member server need to
> >>> use 'nmbd, smbd and winbindd' as they have done with Samba 3.x
> >>>
> >> Hi Andrew
> >>
> >> I think that this thread is finally getting end users like me nearer 
> >> the mark. Plain English answers are a must for folk like us.
> >>
> >> When I type samba I seem to get smbd whether I like it or not. It 
> >> works fine as a file server.
> >> Is this what we call s3fs?
> >> Is that different from the smbd I get with running smbd on s S3.6 box?
> >>
> >> What does nmbd do? Does it get started when I call samba?
> >>
> >> Does winbindd get started along with smbd when I call samba too? it 
> >> seems to be because nsswitch with winbind (with the correct links) 
> >> allows getent paswd/group to work.
> >>
> >> As I say, simple, short yes/no answers would be most welcome.
> >>
> >> Cheers,
> >> Steve
> >>
> >>
> > Ok I'll try to give a sum up answer to all this 
> > samba/smbd/nmbd/winbind questions.
> >
> > 1. On a samba3 box member of an Active Directory domain (Samba4 or 
> > Windows doesn't matter) the following daemons must be started (your 
> > distribution could start more than one of the from the same init script):
> > 1A. smbd: This provides the file and printer shares
> > 1B. nmbd: This provides the network browsing, wins client or server 
> > functions
> > 1C. winbind: This maps between Active Directory users/groups and Unix 
> > users/groups (needed only if member of a domain)
> > If you run a netstat -lpn on a samba3 box you will see all the three 
> > daemons running (- perhaps winbind if it is not a domain member), if 
> > any is missing you should start it.
> >
> > 2. On samba4 the intention was to simplify this for users, so they 
> > wouldn't need three daemons, and all the functionality mentioned 
> > before was planed to be integrated into a single binary: samba. 
> > Unfortunately this implementation still misses a few user visible 
> > points (like network browsing, or ability to retrieve user 
> > homedirectory or shell from AD). In order to be on par with samba3 
> > regarding file and printer sharing capabilities the ntvfs fileserver 
> > (integrated into the samba binary) got "replaced" by smbd from samba3 
> > (s3fs). smbd gets started by the samba binary if configured to use 
> > s3fs (the default from the betas). So you need to start one binary: 
> > samba which takes care of everything else.
> > So on a modern samba4 installation netstat -lpn should reveal binary 
> > called samba listening on quite many ports and a smbd binary listen on 
> > the ports which it would listen on a samba3 installation as well. But 
> > keep in mind this smbd instance was started with special configuration 
> > to turn to the samba binary for most of the rpc operations. On the 
> > other hand no such integration effort for the nmbd binary from the 
> > samba3 suite had happened, and thus simply running nmbd on a samba4 
> > box could have unpleasant consequences.
> >
> > Hope that clarified the situation
> >
> > Regards
> >
> > Geza Gemes
> >
> >
> Yes it does, thanks but raises a few more questions.
> 
> Is the 'winbind' that runs internally in the samba daemon as capable as 
> the samba3 winbind daemon?

No, it is not as capable.  Changing this is a task for after the 4.0
release however, we depend on other things that it does do. 

> Will the things that don't work in smbd at present, such as create mask, 
> be made to work?

If you refer to in the AD DC configuration, I suspect 'create mask'
doesn't apply because of the way we handle ACLs for AD comparability.  

> Will nmbd be checked and altered so it doesn't have unpleasant 
> consequences?, though I must say it does just seem to work at present.

As I mentioned elsewhere, I plan to make it refuse to start when we are
configured as an AD DC. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list