inhibit startup of smbd/nmbd/winbindd when an AD DC (was Re: Releasing Samba 4.0 RC1?)
steve
steve at steve-ss.com
Mon Aug 20 03:26:08 MDT 2012
On 20/08/12 10:20, Gémes Géza wrote:
> 2012-08-19 09:12 keltezéssel, steve írta:
>> On 18/08/12 23:50, Andrew Bartlett wrote:
>>> On Sat, 2012-08-18 at 19:48 +0200, Michael Wood wrote:
>>>> Hi
>>>>
>>>> On 17 August 2012 23:52, Andrew Bartlett <abartlet at samba.org> wrote:
>>>>> On Fri, 2012-08-17 at 13:46 -0300, Juan Pablo Lorier wrote:
>>>
>>>> I think it might help to make it extremely clear and explicit that
>>>> Samba 4 can be run as a DC using the samba binary, or it can be run
>>>> like a Samba 3 file/print server using the smbd/nmbd binaries, and any
>>>> other modes it can be used in. I know the release notes try to do
>>>> this, but I think there's still a lot of confusion from users.
>>>
>>> I actually plan to do more than that. It's a little tricky (which is
>>> why it's not done yet), and I'll allow an override, but being a AD DC
>>> puts 'server role = active directory domain controller' in the smb.conf.
>>> I would like to have smbd/nmbd/winbindd check this value and then simply
>>> fail to start up.
>>>
>>> Andrew Bartlett
>>>
>> Hi
>> Oh dear. That sounds bad. Does that mean that we will no longer be
>> able to use AD, s3fs and winbind on the same box as we can do
>> (reliably) at the moment?
>> Cheers,
>> Steve
>>
> No, that would mean you won't be able to run conflicting binaries
> simultaneously.
> For clarity, samba4 (with s3fs) consist of two (server function
> providing) binaries: samba and smbd. smbd listens on ports 139 and 445
> providing file services (s3fs), samba listens on a plenty of ports
> providing lots of services like a kerberos kdc, etc. It also provides
> its internal nmbd and winbind services. On the other hand a samba3 lets
> call it classic installation consist of three (server function
> providing) binaries: smbd, nmbd and winbind. If you would start any of
> those that would cause unpredictable conflicts.
> In conclusion disallowing the start of smbd, nmbd and winbind daemons if
> the samba binary is running would save the users from shooting
> themselves on foot.
>
> Regards
>
> Geza Gemes
Hi Géza
To summarize the conclusion could you give a [Y/N] on these?
Either:
1. You run samba. It starts its own versions of smbd and winbind.
or
2. You run smbd and winbind (and nmbd if you want browsing)
3. You do not, ever, start samba and then smbd
4. You do not, ever, start samba and then winbindd
5. You do not, ever, start samba and nmbd
6. Andrew wants to add code to physically stop you doing 3, 4 and 5.
Cheers,
Steve
More information about the samba-technical
mailing list