[Samba] samba4 AD DC as file server?

Jim Potter jimchuffff at googlemail.com
Tue Mar 12 15:10:38 MDT 2013

Hi all,

I've been wondering about the separate Dc and fileserver setup (and the 2
winbinds) too.

In my current setup (samba3/openLDAP) all my fileservers are DCs because
then I don't have to worry about idmaps and winbind at all.

This DC/fileserver samba4 separation can't be the recommended setup purely
because the DCs don't do network browsing, surely. In my environment (a
school) a browseable network neighbourhood is trouble and disabled for
everyone. Except me.

Am I right in thinking that a Samba3 fileserver is recommended because its
more tried and tested at fileserving, and separating out the DC'ing onto a
samba4 box just separates everything nicely and avoids complications? Or
does a samba4 DC also acting as a fileserver have limitations of some kind?



On 12 March 2013 09:43, Rowland Penny <rpenny at f2s.com> wrote:

> On 12/03/13 00:02, Gerry Reno wrote:
>> On 03/11/2013 06:34 PM, Andrew Bartlett wrote:
>>> On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:
>>>> hi:
>>>>     I want to setup a small samba4 server with AD and file server
>>>> function.
>>>> I know that samba4 AD DC has no netbios browsing support. are there
>>>> other
>>>> missing functions, like winbindd or something else?
>>> The next release will include this patch, which avoids mistakenly
>>> creating world-writeable files in additional file shares.
>>>     and if I install two samba4 instance, one to "/usr/local/samba"(for
>>>> file
>>>> server), one to "/usr/local/samba-ad"(for AD DC). and give them two
>>>> seprate
>>>> ip to bind. will it work better?
>>> No, it would need to be a different virtual machine (you can only have
>>> one winbind per machine, and the different winbind is most important
>>> difference between the operating modes).
>>> Andrew Bartlett
>>>  Are you saying that it is not possible to use a Samba 4 AD DC as a file
>> server?
> You can create shares on samba4 and connect to them from the cli, via
> smbclient for instance, you just cannot browse to them.
> The accepted practice seems to be, set up Samba 4 for authorisation and
> then set up a separate Samba3 fileserver.
> Rowland
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list