New server roles: 'netbios primary domain controller', 'active directory domain controller'
Andrew Bartlett
abartlet at samba.org
Wed Jun 13 16:41:03 MDT 2012
On Thu, 2012-06-14 at 00:19 +0200, Jelmer Vernooij wrote:
> On Tue, Jun 12, 2012 at 08:13:29AM +1000, Andrew Bartlett wrote:
> > On Mon, 2012-06-11 at 14:44 -0400, simo wrote:
> > > On Mon, 2012-06-11 at 11:28 +1000, Andrew Bartlett wrote:
> > > > I've prepared a branch with new server role values, in a attempt to
> > > > allow an smb.conf to distinguish between our major operating modes.
> > > > This will in turn make it easier for us to stop folks running smbd when
> > > > they mean samba, and vice versa. (This has already been a common
> > > > mistake with Samba4 alpha users so far).
>
> > > > https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3fs-improvements
>
> > > > I chose 'netbios primary/backup domain controller' over 'nt4 domain
> > > > controller' or 'samba3 domain controller', as it doesn't reference a
> > > > long-gone and unsupported version of Microsoft's windows or a previous
> > > > version of our Samba. The Samba 4.0 AD mode is described as 'active
> > > > directory domain controller'. For compatibility with previous Samba4
> > > > alphas, the term 'domain controller' is an alias of 'active directory
> > > > domain controller'.
>
> > > > The 'server role' parameter remains optional, but I think it is a
> > > > clearer way to describing the intent of what the administrator is trying
> > > > to build, rather than the way they are trying to build it.
>
> > > > I do realise this puts FreeIPA in an odd spot (it would use the 'netbios
> > > > backup domain controller'), but I'm happy for an alias to be added for
> > > > that if required, and possibly for an extra role to be added for
> > > > Novell's eDirectory.
>
> > > 'classic primary/backup domain controller' sounds better, and avoid
> > > 'netbios' which is not accurate in any case.
>
> > What I'm searching for is a term that lasts over the next decade and
> > still has meaning. That is why I tried to pick a term that mentioned a
> > specific technology. In a few years time, what would the term 'classic'
> > mean to our users? (As a counter-example, think of how meaningless it
> > feels when Samba-TNG calls us 'samba classic').
>
> NetBIOS might be one of the technologies that is different between AD
> and NT4-style domains, but it isn't actually the bit that matters.
> Also, even in AD DC mode, we (can) still support NetBIOS without problems.
>
> How does Microsoft refer to pre-AD domains?
I know they use 'downlevel' (at least when talking about trusts).
> I generally talk
> about "nt4-style domains" when talking about them, and most people
> seem to know what I mean.
"nt4-style primary domain controller" would work, but it is a little bit
messy with:
samba-tool domain nt4-style-upgrade
given that we can't actually upgrade from NT4 (the samsync code for that
is essentially untested these days). But it's not too bad. The main
thing is that like "netbios", "nt4-style" doesn't describe what Simo has
with FreeIPA very well, which does some AD-like things (but not full AD)
using the smbd SAMR/LSA server.
(Interestingly, Microsoft doesn't support NT4 domains any more - only
Samba NT4-like domains, due to a crypto upgrade we did together!)
It does have the advantage that all of us have generally referred to the
code as an NT4-style DC for a long time.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list