Single binary to rule them all!

Ricky Nance ricky.nance at
Mon Feb 18 19:41:02 MST 2013

Christopher, I think you are missing what I am trying to accomplish here,
right now if 'server role = active_directory_domain_controller' all the s4
stuff is spawned (including smbd if you have the s3fs file server backend
running, which is default). I am simply proposing that we shutdown all S4
related things if we only want a fileserver, or a nt4 style pdc, or member
server, or..., then tell samba to run only the binaries needed (as it does
now with s3fs and smbd). I am not wanting to start conflicts with other
services within samba, but rather keep the conflicts from happening and
hopefully gain some more popularity with the package maintainers, along
with having a single init script (instead of multiple inits one for AD DC
and one for 'other' or having to modify it). I think the devs understand
the problem and likely have a good solution in mind already, I am simply
asking for some documentation to be made defining 'what is a role'.


On Mon, Feb 18, 2013 at 8:23 PM, Christopher Chan <
christopher.chan at> wrote:

> On Tuesday, February 19, 2013 10:13 AM, Ricky Nance wrote:
>> Not exactly, however I suppose a role could define what services are used.
>> I was thinking more along the lines of older style configs, member
>> servers,
>> NT4 Style PDC's, and similar other setups. I am not opposed to
>> samba_upgradeprovision or samba-tool testparm (and some option)
>> determining
>> what role should be used based on what config options. Then when a user
>> runs 'samba' it can tell quickly what to use based on the role.
> samba and the smbd/nmbd/winbindd combination are not "compatible".
> From what I gather, samba daemon's internal winbind is different from the
> winbindd daemon. I am not sure that having both running is supported unless
> they have separate sockets and they would definitely have different
> backends.
> In short, it is a case of either samba or the smbd/nmbd/winbindd
> combination. So this one binary to rule them all is a misunderstanding of
> how things work in samba4.
>> Ricky
>> On Mon, Feb 18, 2013 at 7:49 PM, Dewayne Geraghty <
>> dewayne.geraghty@**<dewayne.geraghty at>>
>> wrote:
>>  -----Original Message-----
>>>> From: samba-technical-bounces at lists.**<samba-technical-bounces at>
>>>> [mailto:samba-technical-**bounces at<samba-technical-bounces at>]
>>>> On Behalf Of
>>>> Ricky Nance
>>>> Sent: Tuesday, 19 February 2013 11:49 AM
>>>> To: Samba Technical
>>>> Subject: Single binary to rule them all!
>>>> As the subject says, I (along with a few others that I have
>>>> spoken with) think that it would make sense that the 'samba'
>>>> binary would take the lead and start the other binaries as
>>>> needed (smbd, nmbd, and winbindd). So what I am looking for
>>>> is possibly starting on something in writing about the
>>>> 'server role' directive. I know there are a few supported
>>>> right now, but would like to have a list that says, if
>>>> directive A, directive B, and directive C exist in a config,
>>>> then it MUST be server role A. I think this would be the
>>>> first essential step in a single binary startup, and that ,I
>>>> feel, would make package maintainers much happier.
>>>> Thanks for your feedback,
>>>> Ricky
>>>> --
>>> Ricky,
>>> Doesn't the samba executable already perform this functionality.  I'm
>>> able
>>> to turn on/off most AD DC functionality through the
>>> smb.conf "server services = " parameter.
>>> For example a kerberos/ldap authentication engine with
>>> smb.conf
>>>    server services = rpc, ldap, kdc
>>> I believe the full suite of services is:
>>>    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>>> winbind, ntp_signd, kcc, dnsupdate
>>> A problem occurs when I only need a samba4 fileserver, so I add to
>>> configure:
>>> --without-ad-dc
>>> Of course the samba-tool must then be told the --server-role.
>>> I haven't tried building an Samba4 AD-DC, and only turning on the
>>> services
>>> for a member.
>>> So, are you proposing that the full AD-DC be built and through
>>> manipulating smb.conf, the character of the machine is defined by
>>> moving some of the functionality from samba-tool into what processes
>>> smb.conf?
>>> Regards, Dewayne.
>> --


More information about the samba-technical mailing list