Server Role questions

Andrew Bartlett abartlet at
Fri Jun 14 18:09:48 MDT 2013

On Fri, 2013-06-14 at 09:47 -0500, Ricky Nance wrote:
> Ok, so I am back to the issue of trying to get the samba binary to 'do the
> right thing' and only start the needed services (instead of just warning
> the user about it not being an AD DC).
> Currently samba has 5 different server roles defined:
> } srv_role_tab [] = {
>         { 0, NULL }
> so if its not defined it falls into the NULL role. In my continuing efforts
> to make things 'easier' I would like to know what all can fall under the
> NULL (what kind of setups don't match the above). Obviously things like a
> standalone NMBD server or WINBINDD server, but are there others? If so can
> anyone explain what needs to be spawned and why?
> Is there a need to add new roles? Can the 'server services =' be taken into
> account when the above roles aren't matched? Is there documentation on how
> the roles are supposed to act when they are used (and if not, can we start
> there)? Sorry for all the questions, but I am really needing some developer
> feedback here.

We don't ever fall into a 'null' role, we always have a role.  

The default for 'server role' is 'auto', which then works it out by
looking at the security, domain logons and domain master parameters.

The reverse is also true - the security, domain logons and domain master
parameters derive from the server role.  We can't set 'security=domain'
this way, but I would love to see if we could auto-detect this in
winbind and at join time enough to eliminate this parameter (keeping the
winbind rpc only = yes).

The issue is that currently, due to exceptions like the ntvfs cifs
proxy, dcerpc services such as openchange and the rpc proxy, the server
role isn't quite enough.  But I can handle these exceptions.  If you
were to make 'samba' launch all the right services (start with the code
in file_server), and not launch all the others for the normal meanings
of the roles above, that would be a great start.

I would recommend having the un-needed services just not start in the
same way the ldap server does, with task_server_terminate(), when not
required.  We can improve this in the future, but this will at least get
us a first working patch.


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list