"classinc primary domain controller" (was Re: New server roles: 'netbios primary domain controller', 'active directory domain controller')
abartlet at samba.org
Sat Jun 16 03:05:26 MDT 2012
On Thu, 2012-06-14 at 08:41 +1000, Andrew Bartlett wrote:
> On Thu, 2012-06-14 at 00:19 +0200, Jelmer Vernooij wrote:
> > On Tue, Jun 12, 2012 at 08:13:29AM +1000, Andrew Bartlett wrote:
> > > On Mon, 2012-06-11 at 14:44 -0400, simo wrote:
> > > > On Mon, 2012-06-11 at 11:28 +1000, Andrew Bartlett wrote:
> > > > > I've prepared a branch with new server role values, in a attempt to
> > > > > allow an smb.conf to distinguish between our major operating modes.
> > > > > This will in turn make it easier for us to stop folks running smbd when
> > > > > they mean samba, and vice versa. (This has already been a common
> > > > > mistake with Samba4 alpha users so far).
> > > > > https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3fs-improvements
> > > > > I chose 'netbios primary/backup domain controller' over 'nt4 domain
> > > > > controller' or 'samba3 domain controller', as it doesn't reference a
> > > > > long-gone and unsupported version of Microsoft's windows or a previous
> > > > > version of our Samba. The Samba 4.0 AD mode is described as 'active
> > > > > directory domain controller'. For compatibility with previous Samba4
> > > > > alphas, the term 'domain controller' is an alias of 'active directory
> > > > > domain controller'.
> > > > > The 'server role' parameter remains optional, but I think it is a
> > > > > clearer way to describing the intent of what the administrator is trying
> > > > > to build, rather than the way they are trying to build it.
> > > > > I do realise this puts FreeIPA in an odd spot (it would use the 'netbios
> > > > > backup domain controller'), but I'm happy for an alias to be added for
> > > > > that if required, and possibly for an extra role to be added for
> > > > > Novell's eDirectory.
> > > > 'classic primary/backup domain controller' sounds better, and avoid
> > > > 'netbios' which is not accurate in any case.
> > > What I'm searching for is a term that lasts over the next decade and
> > > still has meaning. That is why I tried to pick a term that mentioned a
> > > specific technology. In a few years time, what would the term 'classic'
> > > mean to our users? (As a counter-example, think of how meaningless it
> > > feels when Samba-TNG calls us 'samba classic').
> > NetBIOS might be one of the technologies that is different between AD
> > and NT4-style domains, but it isn't actually the bit that matters.
> > Also, even in AD DC mode, we (can) still support NetBIOS without problems.
> > How does Microsoft refer to pre-AD domains?
> I know they use 'downlevel' (at least when talking about trusts).
> > I generally talk
> > about "nt4-style domains" when talking about them, and most people
> > seem to know what I mean.
> "nt4-style primary domain controller" would work, but it is a little bit
> messy with:
> samba-tool domain nt4-style-upgrade
> given that we can't actually upgrade from NT4 (the samsync code for that
> is essentially untested these days). But it's not too bad. The main
> thing is that like "netbios", "nt4-style" doesn't describe what Simo has
> with FreeIPA very well, which does some AD-like things (but not full AD)
> using the smbd SAMR/LSA server.
> (Interestingly, Microsoft doesn't support NT4 domains any more - only
> Samba NT4-like domains, due to a crypto upgrade we did together!)
> It does have the advantage that all of us have generally referred to the
> code as an NT4-style DC for a long time.
For what it's worth, I chatted with Jelmer about this on IRC, and we
decided to go with Simo's choice of "classic domain controller".
If anybody feels strongly that they didn't get a chance to put their
idea in, please propose a replacement (with patches and rationale).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical