[Samba] Samba 4.1.14 Domain Controller as file server and internal winbind

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 30 10:38:50 MST 2014

On 30/12/14 17:28, Miguel Medalha wrote:
>>> OK, winbind built into the samba daemon on the AD DC, is not the same
>>> as the separate winbind daemon you would use on a member server It
>>> does not have the same capabilities and is not setup in the same way,
> (...)
>>> There are other reasons why you should not use an AD DC as a
>>> fileserver, but the above reasons are the most obvious.
> I thought you should know that the Release Notes for Samba 4.2 RC3 contain
> the following:
> Winbindd use on the Samba AD DC
> ===============================
> Winbindd is now used on the Samba AD DC by default, replacing the
> partial rewrite used for winbind operations in Samba 4.0 and 4.1.
> This allows more code to be shared, more options to be honoured, and
> paves the way for support for trusted domains in the AD DC.
> If required the old internal winbind can be activated by setting
> 'server services = +winbind -winbindd'.  Upgrading users with a server
> services parameter specified should ensure they change 'winbind' to
> 'winbindd' to obtain the new functionality.
> The 'samba' binary still manages the starting of this service, there
> is no need to start the winbindd binary manually.
> So hang on there, solution is on the way!

Sorry, but no, as far as the Unix attributes etc are concerned, there is 
no change, you still have to use the templates. I know that this is far 
from ideal, but the main idea behind integrating the separate winbind 
daemon was to get trusts working correctly. We will just have to wait 
patiently until the devs get the time to sort out the Unix attributes, 
hopefully this will be sooner rather than later, but as I said, we will 
have to wait.

> (I am using a AD DC and file server on the same machine without problems.
> It is serving serving a Windows only network, though.)

More information about the samba mailing list