Single binary to rule them all!

Andrew Bartlett abartlet at
Mon Feb 18 20:13:06 MST 2013

On Mon, 2013-02-18 at 20:41 -0600, Ricky Nance wrote:
> Christopher, I think you are missing what I am trying to accomplish here,
> right now if 'server role = active_directory_domain_controller' all the s4
> stuff is spawned (including smbd if you have the s3fs file server backend
> running, which is default). I am simply proposing that we shutdown all S4
> related things if we only want a fileserver, or a nt4 style pdc, or member
> server, or..., then tell samba to run only the binaries needed (as it does
> now with s3fs and smbd). I am not wanting to start conflicts with other
> services within samba, but rather keep the conflicts from happening and
> hopefully gain some more popularity with the package maintainers, along
> with having a single init script (instead of multiple inits one for AD DC
> and one for 'other' or having to modify it). I think the devs understand
> the problem and likely have a good solution in mind already, I am simply
> asking for some documentation to be made defining 'what is a role'.

Indeed, just as we already have rules that stop these services starting
in the wrong role, taking this to the next step and having it just start
the right thing is entirely practical.

It is just a matter of coding - spawing a different service really only
relies on taking the existing code in file_server/ and applying it to a
different binary. 

In terms of nmbd, my hope is that we can sort out the last details
missing from the source4 nbt server (given we went to the effort to
write a new, clean nbt server), but even then we can start nmbd for

Clearly winbindd will be a key part of all server roles in the future,
and having it launched automatically will mean an easier transition when
we drop the internal winbind for the AD DC. 

Finally, to stop the other things launching, you just need to put a
non-fatal (final argument false) server_service_terminate() call in
based on the server role in each server, or we write a wrapping routine
that filters the 'lpcfg_server_service()' call based on server role. 

This would have this aspect of Samba follow the rule of 'if we know what
the right thing to do is, just do it' that much of the rest of the AD DC
tries to do. 

The corner-case we need to handle is the ntvfs CIFS proxy, the rpc proxy
and whatever is needed to support openchange.  These details are encoded
in the existing 'incorrect mode' checks anyway. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list