Confused about samba4 & s3fs

Rowland Penny repenny at f2s.com
Sun Aug 19 02:48:58 MDT 2012


On 19/08/12 08:51, Andrew Bartlett wrote:
> On Sun, 2012-08-19 at 07:45 +0100, Rowland Penny wrote:
>> On 18/08/12 22:31, Gémes Géza wrote:
>>> 2012-08-18 16:33 keltezéssel, steve írta:
>>>> On 18/08/12 15:16, Andrew Bartlett wrote:
>>>>> On Sat, 2012-08-18 at 14:09 +0100, Rowland Penny wrote:
>>>>>> On 18/08/12 13:34, Andrew Bartlett wrote:
>>>>>>> On Sat, 2012-08-18 at 10:46 +0100, Rowland Penny wrote:
>>>>>>>> On 18/08/12 09:06, Andrew Bartlett wrote:
>>>>> These different components perform different roles in the Samba system.
>>>>> The AD DC has only one daemon binary you need to interact with,
>>>>> 'samba'.
>>>>> Users wishing to have a file server or a domain member server need to
>>>>> use 'nmbd, smbd and winbindd' as they have done with Samba 3.x
>>>>>
>>>> Hi Andrew
>>>>
>>>> I think that this thread is finally getting end users like me nearer
>>>> the mark. Plain English answers are a must for folk like us.
>>>>
>>>> When I type samba I seem to get smbd whether I like it or not. It
>>>> works fine as a file server.
>>>> Is this what we call s3fs?
>>>> Is that different from the smbd I get with running smbd on s S3.6 box?
>>>>
>>>> What does nmbd do? Does it get started when I call samba?
>>>>
>>>> Does winbindd get started along with smbd when I call samba too? it
>>>> seems to be because nsswitch with winbind (with the correct links)
>>>> allows getent paswd/group to work.
>>>>
>>>> As I say, simple, short yes/no answers would be most welcome.
>>>>
>>>> Cheers,
>>>> Steve
>>>>
>>>>
>>> Ok I'll try to give a sum up answer to all this
>>> samba/smbd/nmbd/winbind questions.
>>>
>>> 1. On a samba3 box member of an Active Directory domain (Samba4 or
>>> Windows doesn't matter) the following daemons must be started (your
>>> distribution could start more than one of the from the same init script):
>>> 1A. smbd: This provides the file and printer shares
>>> 1B. nmbd: This provides the network browsing, wins client or server
>>> functions
>>> 1C. winbind: This maps between Active Directory users/groups and Unix
>>> users/groups (needed only if member of a domain)
>>> If you run a netstat -lpn on a samba3 box you will see all the three
>>> daemons running (- perhaps winbind if it is not a domain member), if
>>> any is missing you should start it.
>>>
>>> 2. On samba4 the intention was to simplify this for users, so they
>>> wouldn't need three daemons, and all the functionality mentioned
>>> before was planed to be integrated into a single binary: samba.
>>> Unfortunately this implementation still misses a few user visible
>>> points (like network browsing, or ability to retrieve user
>>> homedirectory or shell from AD). In order to be on par with samba3
>>> regarding file and printer sharing capabilities the ntvfs fileserver
>>> (integrated into the samba binary) got "replaced" by smbd from samba3
>>> (s3fs). smbd gets started by the samba binary if configured to use
>>> s3fs (the default from the betas). So you need to start one binary:
>>> samba which takes care of everything else.
>>> So on a modern samba4 installation netstat -lpn should reveal binary
>>> called samba listening on quite many ports and a smbd binary listen on
>>> the ports which it would listen on a samba3 installation as well. But
>>> keep in mind this smbd instance was started with special configuration
>>> to turn to the samba binary for most of the rpc operations. On the
>>> other hand no such integration effort for the nmbd binary from the
>>> samba3 suite had happened, and thus simply running nmbd on a samba4
>>> box could have unpleasant consequences.
>>>
>>> Hope that clarified the situation
>>>
>>> Regards
>>>
>>> Geza Gemes
>>>
>>>
>> Yes it does, thanks but raises a few more questions.
>>
>> Is the 'winbind' that runs internally in the samba daemon as capable as
>> the samba3 winbind daemon?
> No, it is not as capable.  Changing this is a task for after the 4.0
> release however, we depend on other things that it does do.

ok, I can wait.

>
>> Will the things that don't work in smbd at present, such as create mask,
>> be made to work?
> If you refer to in the AD DC configuration, I suspect 'create mask'
> doesn't apply because of the way we handle ACLs for AD comparability.

Seems like I am going to have to do some more reading on ACLs

>
>> Will nmbd be checked and altered so it doesn't have unpleasant
>> consequences?, though I must say it does just seem to work at present.
> As I mentioned elsewhere, I plan to make it refuse to start when we are
> configured as an AD DC.
>
> Andrew Bartlett

If you do this, will nmbd be built into samba? If not, how will network 
browsing work?

Rowland


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba-technical mailing list