inhibit startup of smbd/nmbd/winbindd when an AD DC (was Re: Releasing Samba 4.0 RC1?)

Mon Aug 20 04:52:16 MDT 2012

On Mon, Aug 20, 2012 at 4:26 AM, steve <steve at steve-ss.com> wrote:

> On 20/08/12 10:20, Gémes Géza wrote:
>
>> 2012-08-19 09:12 keltezéssel, steve írta:
>>
>>> On 18/08/12 23:50, Andrew Bartlett wrote:
>>>
>>>> On Sat, 2012-08-18 at 19:48 +0200, Michael Wood wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On 17 August 2012 23:52, Andrew Bartlett <abartlet at samba.org> wrote:
>>>>>
>>>>>> On Fri, 2012-08-17 at 13:46 -0300, Juan Pablo Lorier wrote:
>>>>>>
>>>>>
>>>>  I think it might help to make it extremely clear and explicit that
>>>>> Samba 4 can be run as a DC using the samba binary, or it can be run
>>>>> like a Samba 3 file/print server using the smbd/nmbd binaries, and any
>>>>> other modes it can be used in.  I know the release notes try to do
>>>>> this, but I think there's still a lot of confusion from users.
>>>>>
>>>>
>>>> I actually plan to do more than that.  It's a little tricky (which is
>>>> why it's not done yet), and I'll allow an override, but being a AD DC
>>>> puts 'server role = active directory domain controller' in the smb.conf.
>>>> I would like to have smbd/nmbd/winbindd check this value and then simply
>>>> fail to start up.
>>>>
>>>> Andrew Bartlett
>>>>
>>>>  Hi
>>> Oh dear. That sounds bad. Does that mean that we will no longer be
>>> able to use AD, s3fs and winbind on the same box as we can do
>>> (reliably) at the moment?
>>> Cheers,
>>> Steve
>>>
>>>  No, that would mean you won't be able to run conflicting binaries
>> simultaneously.
>> For clarity, samba4 (with s3fs) consist of two (server function
>> providing) binaries: samba and smbd. smbd listens on ports 139 and 445
>> providing file services (s3fs), samba listens on a plenty of ports
>> providing lots of services like a kerberos kdc, etc. It also provides
>> its internal nmbd and winbind services. On the other hand a samba3 lets
>> call it classic installation consist of three (server function
>> providing) binaries: smbd, nmbd and winbind. If you would start any of
>> those that would cause unpredictable conflicts.
>> In conclusion disallowing the start of smbd, nmbd and winbind daemons if
>> the samba binary is running would save the users from shooting
>> themselves on foot.
>>
>> Regards
>>
>> Geza Gemes
>>
>
> Hi Géza
> To summarize the conclusion could you give a [Y/N] on these?
>
> Either:
> 1. You run samba. It starts its own versions of smbd and winbind.
> or
> 2. You run smbd and winbind (and nmbd if you want browsing)
> 3. You do not, ever, start samba and then smbd
> 4. You do not, ever, start samba and then winbindd
> 5. You do not, ever, start samba and nmbd
> 6. Andrew wants to add code to physically stop you doing 3, 4 and 5.
>
> Cheers,
> Steve
>
>
Steve, the idea is that smbd,nmbd, and winbindd have conflicting ports with
samba, so they need to fail to start up if samba is running. That being
said, s3fs stands for Samba 3 File Server, so yes smbd MUST run for s3fs to
function properly, however, if the smbd that runs isn't aware that it
should be using the Samba 4 config, then you end up having more issues.
Basically look at it this way, if you have smbd from s3 running and you run
samba, and everything seems to startup fine, it won't run fine, because
smbd in this case is actually spawning a samba 3 server, and samba is
actually spawning a samba 4 server, so part of the request made to the
server is handled by samba 4 and part by samba 3, confused? So is your
windows/linux client. Basically, if you run smbd,nmbd,winbind, samba SHOULD
fail to start (they use the same ports, also slapd and kerberos and
probably various other programs will conflict with samba), or if you run
samba then smbd,nmbd, and winbind should fail to start (again they use the
same ports). For more of a real life example on this, set slapd to use port
389 and then start samba, then start slapd, does slapd fail to run? Why?

Hope this makes it a little more clear,
Ricky

--