[Samba] samba4 AD DC as file server?

Tran Tien Hung hungctt at gmail.com
Thu Mar 14 02:30:01 MDT 2013

Samba4 AD can be config to be File Server is very easy.

Follow check:
File System Support

To use the advanced features of Samba4 you need a filesystem that supports
both the "user" and "system" xattr namespaces.
ext3/ext4 File System

If you are using either ext3 or ext4 for your file system you will need to
include the options "user_xattr","acl" and "barrier=1" in your /etc/fstab.
For example:

/dev/hda3               /home                   ext3
user_xattr,acl,barrier=1     1 1

Simply change ext3 to ext4 if you are using it. Normally you will want to
just modify the existing line to add those options. Please use caution when
modifying your fstab as it can lead to an un-bootable system if the wrong
thing is modified.

The *barrier=1* option ensures that tdb transactions are safe against
unexpected power loss. A number of sites have corrupted their AD database
in sam.ldb by not having this option enabled.

You also need to compile your kernel with the XATTR, SECURITY, and
POSIX_ACL options for your filesystem. For ext3 (change the 3 to a 4 for
ext4) that means you need:


Step 12: Setup a File Share

The provisioning will create a very simple /usr/local/samba/etc/smb.conf file
with no non-system shares by default. For the server to be useful you, will
need to update it to have at least one share. For example:

      path = /data/test
      comment = Test Share
      read only = no

After File System & set Share File is ok. We can use Share File in Windows
to set permissions (using userdatabase in AD)  for that share.


On Wed, Mar 13, 2013 at 11:48 AM, Andrew Bartlett <abartlet at samba.org>wrote:

> On Tue, 2013-03-12 at 21:10 +0000, Jim Potter wrote:
> > Hi all,
> >
> > I've been wondering about the separate Dc and fileserver setup (and the 2
> > winbinds) too.
> >
> > In my current setup (samba3/openLDAP) all my fileservers are DCs because
> > then I don't have to worry about idmaps and winbind at all.
> >
> > This DC/fileserver samba4 separation can't be the recommended setup
> purely
> > because the DCs don't do network browsing, surely. In my environment (a
> > school) a browseable network neighbourhood is trouble and disabled for
> > everyone. Except me.
> >
> > Am I right in thinking that a Samba3 fileserver is recommended because
> its
> > more tried and tested at fileserving, and separating out the DC'ing onto
> a
> > samba4 box just separates everything nicely and avoids complications? Or
> > does a samba4 DC also acting as a fileserver have limitations of some
> kind?
> The default file server in Samba 4.0 is our smbd file server from Samba
> 3.x, simply updated with the latest work from that line of
> development.
> No matter if you are running an AD DC, or a file server as a member
> server, we use the same code for file server operations.  However, some
> support infrastructure varies between the operating modes, and some
> options are forced on in the AD DC, so as to emulate NT ACLs in the way
> we must for the SYSVOL share.  We also use a different winbind
> implementation.
> For smaller sites, where there is just one server, using the AD DC as
> the file server is perfectly fine and supported.  It will work well.
> For other (generally larger) sites, the knowledge that the file server
> and DC can be configured, upgraded and replicated independently will be
> far more important, and so follow our advise to separate these roles.
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list