[PATCH] Remove 'server role' lines from default smb.conf
abartlet at samba.org
Thu Aug 20 21:45:07 UTC 2015
On Thu, 2015-08-20 at 10:12 +0100, Rowland Penny wrote:
> On 19/08/15 22:51, Andrew Bartlett wrote:
> > On Wed, 2015-08-19 at 19:45 +0100, Rowland Penny wrote:
> > > HI, Samba ships a default smb.conf, this contains lines referring
> > > to
> > > the
> > > server role and a default line 'server role = standalone server'.
> > >
> > > In 'man smb.conf', there is this about 'server role':
> > >
> > > This option determines the basic operating mode of a
> > >
> > > Samba
> > > server
> > > and is one of the most important settings in the
> > > smb.conf
> > > file.
> > >
> > > The default is server role = auto, as causes Samba to
> > >
> > > operate
> > > according to the security setting, or if not
> > > specified as
> > > a
> > > simple
> > > file server that is not connected to any domain.
> > >
> > > I do not think 'server role' should be set anywhere except on an
> > > AD
> > > DC,
> > > the attached patch removes the lines.
> > The behaviour described is there to ensure that we work with old
> > smb.conf files before this was specified.
> > This new parameter was added to make it easier to set up all types
> > of
> > servers, including standalone servers, and that is why we give it
> > as
> > the suggested starting point in the example.
> > The old system is just an insane matrix of boolens that have no
> > meaning
> > in themselves. Parameters like 'security', 'domain master', and
> > 'domain logons' have a meaning, but I added 'server role' so
> > administrators specify the desired outcome, not the method.
> > Thanks,
> > Andrew Bartlett
> In which case it is at odds with the smb.conf manpage.
> As you say, administrators should specify the desired outcome, but
> the manpage gives these as possible values:
> standalone server
> member server
> classic primary domain controller
> classic backup domain controller
> If you run 'samba-tool domain provision --help' amongst the output is
> --server-role=ROLE The server role (domain controller | dc |
> server | member | standalone). Default is dc.
> Hmm, two from the first list are also in the output from samba-tool
> and if you read the Samba wikipage:
> You will find this:
> Server Role: 'dc' for Domain Controller, do not use anything else,
> none of the other options are working at present.
> Now, as is well known, people either don't read the wiki or only read
> it after something goes wrong, I do not think that Samba should ship
> a default smb.conf that could potentially lead to problems.
Correct, server role in the 'provision' should be set to DC, the other
roles are for very special cases that we will be eliminating when
possible. That is, the reasonable server role options in provision are
a subset of the options in the smb.conf setting.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba-technical