[Samba] Questions for minimal AD DC, DNS setup and Posix use
abartlet at samba.org
Thu Jan 31 19:18:51 MST 2013
On Fri, 2013-02-01 at 07:45 +1100, Dewayne Geraghty wrote:
> > -----Original Message-----
> > From: Michael Wood [mailto:esiotrot at gmail.com]
> > Sent: Friday, 1 February 2013 12:22 AM
> > To: Andrew Bartlett
> > Cc: Dewayne; samba at lists.samba.org
> > Subject: Re: [Samba] Questions for minimal AD DC, DNS setup
> > and Posix use
> > Hi
> > On 31 January 2013 13:56, Andrew Bartlett <abartlet at samba.org> wrote:
> > > On Thu, 2013-01-31 at 16:55 +1100, Dewayne wrote:
> > >> Our plan is to have one AD DC running in Head Office, RODC's at
> > >> Branches and a second writeable DC at a contingency site.
> > Fileshares
> > >> will run on separate servers. The Windows 2003/2008
> > Servers use authentication services from samba4 and run
> > applications. Our current environment is Samba-3.6.9
> > PDC,BDCs & fileshares, openldap stores samba, posix and acts
> > as heimdal backend - for SSO.
> > >>
> > >> My questions are:
> > >>
> > >> AD DC
> > >> Are smbd and winbindd necessary on the AD DC. I would prefer to
> > >> start samba with only what it needs to function. When I
> > kill the smbd and winbindd processes, the kerberos, ldap &
> > dns functionality remain. How can I produce a minimal AD DC:
> > >>
> > >> 1) Do I need smbd to parse the smb.conf for samba4 to
> > start correctly?
> > >
> > > on the AD DC, you start only 'samba'. We may start other
> > binaries or
> > > provide services via plugins, but you only have to start 'samba'.
> > >
> > >> 2) If not, is there a better way than "kill -9" to achieve
> > the result of samba4 without smbd, winbindd?
> > >
> > > You should just kill the parent 'samba' process and any child
> > > processes will notice this and go away. As you know, in
> > general don't
> > > generally kill -9 stuff, as something may be in progress.
> > I think tdb
> > > is safe for kill -9 these days, but it has always been best
> > not to do
> > > this as a first choice.
> > I think for the above two questions he's asking how to run the "samba"
> > binary without it spawning irrelevant (to him) things like
> > smbd and winbindd.
> > --
> > Michael Wood <esiotrot at gmail.com>
> Thanks Michael, I am looking for an AD DC (authentication) server,
> which as I observe doesn't require smbd and winbindd. These will
> run on a separate (fileserving) server(s).
> Andrew, I would like to avoid killing processes by not asking
> for them to start. :)
> Regards, Dewayne.
Just start and stop 'samba' and ignore any other processes it may create
as children, no matter what they may be named now and in the future.
Currently those child processes are called 'samba' and 'smbd', but that
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba