Server Role questions
Andrew Bartlett
abartlet at samba.org
Fri Jun 14 18:09:48 MDT 2013
On Fri, 2013-06-14 at 09:47 -0500, Ricky Nance wrote:
> Ok, so I am back to the issue of trying to get the samba binary to 'do the
> right thing' and only start the needed services (instead of just warning
> the user about it not being an AD DC).
>
> Currently samba has 5 different server roles defined:
>
> } srv_role_tab [] = {
> { ROLE_STANDALONE, "ROLE_STANDALONE" },
> { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
> { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
> { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
> { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" },
> { 0, NULL }
>
> so if its not defined it falls into the NULL role. In my continuing efforts
> to make things 'easier' I would like to know what all can fall under the
> NULL (what kind of setups don't match the above). Obviously things like a
> standalone NMBD server or WINBINDD server, but are there others? If so can
> anyone explain what needs to be spawned and why?
>
> Is there a need to add new roles? Can the 'server services =' be taken into
> account when the above roles aren't matched? Is there documentation on how
> the roles are supposed to act when they are used (and if not, can we start
> there)? Sorry for all the questions, but I am really needing some developer
> feedback here.
We don't ever fall into a 'null' role, we always have a role.
The default for 'server role' is 'auto', which then works it out by
looking at the security, domain logons and domain master parameters.
The reverse is also true - the security, domain logons and domain master
parameters derive from the server role. We can't set 'security=domain'
this way, but I would love to see if we could auto-detect this in
winbind and at join time enough to eliminate this parameter (keeping the
winbind rpc only = yes).
The issue is that currently, due to exceptions like the ntvfs cifs
proxy, dcerpc services such as openchange and the rpc proxy, the server
role isn't quite enough. But I can handle these exceptions. If you
were to make 'samba' launch all the right services (start with the code
in file_server), and not launch all the others for the normal meanings
of the roles above, that would be a great start.
I would recommend having the un-needed services just not start in the
same way the ldap server does, with task_server_terminate(), when not
required. We can improve this in the future, but this will at least get
us a first working patch.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list