[Samba] Samba 4.1.14 Domain Controller as file server and internal winbind

[Rowland Penny]

On 30/12/14 12:27, Bruno Andrade wrote:
> Hi,
>
> Im running a domain controller (AD DC) and file server, on the same
> machine, with sernet-samba 4.1.14.
>
> Right now, I have a process using almost 100% CPU all the time. After
> 'samba-tool processes' I found that the process is winbind_server.
>
> On samba wiki page, they don't recommend using domain controller as file
> server because winbind issues.
>
> I already have other domain controller and file server, running without
> problem.
>
> Why is not recommended using domain controller as file server?
> What issues exists in winbind in this kind of environment?
>
> Regards,
> Bruno Andrade.

OK, winbind built into the samba daemon on the AD DC, is not the same as 
the separate winbind daemon you would use on a member server It does not 
have the same capabilities and is not setup in the same way, it cannot 
pull the Unix attributes from AD and these have to be set in smb.conf 
via templates. These templates mean that you cannot have different home 
directories based on the user. The UID & GID numbers on the AD DC are 
all in the 3000000 range, these numbers only exist on the DC, they will 
be different on any member server (and any other DC's).

There are other reasons why you should not use an AD DC as a fileserver, 
but the above reasons are the most obvious.

Rowland