[Samba] Questions for minimal AD DC, DNS setup and Posix use

Rowland Penny rpenny at f2s.com
Thu Jan 31 14:26:32 MST 2013


On 31/01/13 20:45, Dewayne Geraghty wrote:
>   
>
>> -----Original Message-----
>> From: Michael Wood [mailto:esiotrot at gmail.com]
>> Sent: Friday, 1 February 2013 12:22 AM
>> To: Andrew Bartlett
>> Cc: Dewayne; samba at lists.samba.org
>> Subject: Re: [Samba] Questions for minimal AD DC, DNS setup
>> and Posix use
>>
>> Hi
>>
>> On 31 January 2013 13:56, Andrew Bartlett <abartlet at samba.org> wrote:
>>> On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote:
>>>> Our plan is to have one AD DC running in Head Office, RODC's at
>>>> Branches and a second writeable DC at a contingency site.
>> Fileshares
>>>> will run on separate servers.  The Windows 2003/2008
>> Servers use authentication services from samba4 and run
>> applications.  Our current environment is Samba-3.6.9
>> PDC,BDCs & fileshares, openldap stores samba, posix and acts
>> as heimdal backend - for SSO.
>>>> My questions are:
>>>>
>>>> AD DC
>>>> Are smbd and winbindd necessary on the AD DC.  I would prefer to
>>>> start samba with only what it needs to function. When I
>> kill the smbd and winbindd processes, the kerberos, ldap &
>> dns functionality remain. How can I produce a minimal AD DC:
>>>> 1) Do I need smbd to parse the smb.conf for samba4 to
>> start correctly?
>>> on the AD DC, you start only 'samba'.  We may start other
>> binaries or
>>> provide services via plugins, but you only have to start 'samba'.
>>>
>>>> 2) If not, is there a better way than "kill -9" to achieve
>> the result of samba4 without smbd, winbindd?
>>> You should just kill the parent 'samba' process and any child
>>> processes will notice this and go away.  As you know, in
>> general don't
>>> generally kill -9 stuff, as something may be in progress.
>> I think tdb
>>> is safe for kill -9 these days, but it has always been best
>> not to do
>>> this as a first choice.
>> I think for the above two questions he's asking how to run the "samba"
>> binary without it spawning irrelevant (to him) things like
>> smbd and winbindd.
>>
>> --
>> Michael Wood <esiotrot at gmail.com>
> Thanks Michael, I am looking for an AD DC (authentication) server,
> which as I observe doesn't require smbd and winbindd. These will
> run on a separate (fileserving) server(s).
>
> Andrew, I would like to avoid killing processes by not asking
> for them to start. :)
> Regards, Dewayne.
>
Just setup a Samba 4 AD DC and use another Linux computer running Samba 
3.6.* as a fileserver. Use Samba 4 for authentication and the Samba 3 
fileserver for everything else.

If you run Samba 4 as a DC, you run the samba daemon which starts the 
smbd daemon, you cannot stop the smbd daemon running ( feel free to 
chime in here if I am wrong), also winbindd is built into Samba 4, there 
is no separate Daemon.

Rowland


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list