[Samba] samba4 best practices questions

Andrew Bartlett abartlet at samba.org
Wed Feb 12 21:03:44 MST 2014 

On Wed, 2014-02-12 at 21:51 -0600, Joe Maloney wrote:
> Thanks for your replies.  I am currently also testing samba4 on FreeNAS
> 9.2.1 based on FreeBSD with ZFS which provides graphical management of
> Samba4.  I've noticed FreeNAS uses the Directory Service Role and CIFS
> shares roles on the same box by default.  These roles are not in isolated
> like they could be in jails with virtual networking support and so on.

First up, is this an AD Directory service, or the 'classic' samba domain
controller?

> I would like to be able to maybe suggest the separation to the FreeNAS
> developers for stability to improve their software but I would need to know
> the technical reasons why the separation is important to be able to do so.

The reasons are more philosophical than technical.  For an appliance
like FreeNAS, if you were ever to use that as an AD DC, then perhaps the
organisation is so small that there is only one machine, and that would
be fine.  But if the organisation was running multiple servers, I would
suggest running two as the AD DC, and provisioning file servers
separately. 

> I'm curious can anyone elaborate some more on why Directory Services and
> File Sharing roles should be spread across two servers and why file sharing
> should be run on a member server?  Is it because of winbind?  Is it known
> to cause lockups to have them on the same server?

No, it shouldn't lock up. 

> Another thing I might like to suggest to the FreeNAS developers.  I've
> noticed they also provision with NTVFS.  I've also noticed I can turn on
> S3FS in FreeBSD with ZFS after provision and it seems to fix smbstatus.
>  It's just that provision is still broken with FreeBSD + ZFS as we all
> know.  From my research it appears S3FS a better option?  Is it pretty
> stable at this point?  Can anyone see any harm in enabling it after the
> fact if samba was originally provisioned with NTVFS?

Nobody should be using the NTVFS server in new installations without a
very, very good reason.  However, changing over is just a matter of
using the 'samba-tool ntacl sysvolreset' tool, assuming only the sysvol
share is in use. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list