[Samba] Questions for minimal AD DC, DNS setup and Posix use

Rowland Penny rpenny at f2s.com
Thu Jan 31 14:26:32 MST 2013

On 31/01/13 20:45, Dewayne Geraghty wrote:
>> -----Original Message-----
>> From: Michael Wood [mailto:esiotrot at gmail.com]
>> Sent: Friday, 1 February 2013 12:22 AM
>> To: Andrew Bartlett
>> Cc: Dewayne; samba at lists.samba.org
>> Subject: Re: [Samba] Questions for minimal AD DC, DNS setup
>> and Posix use
>> Hi
>> On 31 January 2013 13:56, Andrew Bartlett <abartlet at samba.org> wrote:
>>> On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote:
>>>> Our plan is to have one AD DC running in Head Office, RODC's at
>>>> Branches and a second writeable DC at a contingency site.
>> Fileshares
>>>> will run on separate servers.  The Windows 2003/2008
>> Servers use authentication services from samba4 and run
>> applications.  Our current environment is Samba-3.6.9
>> PDC,BDCs & fileshares, openldap stores samba, posix and acts
>> as heimdal backend - for SSO.
>>>> My questions are:
>>>> AD DC
>>>> Are smbd and winbindd necessary on the AD DC.  I would prefer to
>>>> start samba with only what it needs to function. When I
>> kill the smbd and winbindd processes, the kerberos, ldap &
>> dns functionality remain. How can I produce a minimal AD DC:
>>>> 1) Do I need smbd to parse the smb.conf for samba4 to
>> start correctly?
>>> on the AD DC, you start only 'samba'.  We may start other
>> binaries or
>>> provide services via plugins, but you only have to start 'samba'.
>>>> 2) If not, is there a better way than "kill -9" to achieve
>> the result of samba4 without smbd, winbindd?
>>> You should just kill the parent 'samba' process and any child
>>> processes will notice this and go away.  As you know, in
>> general don't
>>> generally kill -9 stuff, as something may be in progress.
>> I think tdb
>>> is safe for kill -9 these days, but it has always been best
>> not to do
>>> this as a first choice.
>> I think for the above two questions he's asking how to run the "samba"
>> binary without it spawning irrelevant (to him) things like
>> smbd and winbindd.
>> --
>> Michael Wood <esiotrot at gmail.com>
> Thanks Michael, I am looking for an AD DC (authentication) server,
> which as I observe doesn't require smbd and winbindd. These will
> run on a separate (fileserving) server(s).
> Andrew, I would like to avoid killing processes by not asking
> for them to start. :)
> Regards, Dewayne.
Just setup a Samba 4 AD DC and use another Linux computer running Samba 
3.6.* as a fileserver. Use Samba 4 for authentication and the Samba 3 
fileserver for everything else.

If you run Samba 4 as a DC, you run the samba daemon which starts the 
smbd daemon, you cannot stop the smbd daemon running ( feel free to 
chime in here if I am wrong), also winbindd is built into Samba 4, there 
is no separate Daemon.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list