[Samba] samba4 best practices questions

Joe Maloney jmaloney at pcbsd.org
Wed Feb 12 21:09:38 MST 2014 

Directory Service.  http://doc.freenas.org/index.php/Directory_Services

Thank you very much for the answers.  It makes sense why you would want to
separate the two especially concerning upgrades and so on in a production
environment.

Also thanks for the confirmation about S3FS being the best option.

Joe Maloney


On Wed, Feb 12, 2014 at 10:03 PM, Andrew Bartlett <abartlet at samba.org>wrote:

> On Wed, 2014-02-12 at 21:51 -0600, Joe Maloney wrote:
> > Thanks for your replies.  I am currently also testing samba4 on FreeNAS
> > 9.2.1 based on FreeBSD with ZFS which provides graphical management of
> > Samba4.  I've noticed FreeNAS uses the Directory Service Role and CIFS
> > shares roles on the same box by default.  These roles are not in isolated
> > like they could be in jails with virtual networking support and so on.
>
> First up, is this an AD Directory service, or the 'classic' samba domain
> controller?
>
> > I would like to be able to maybe suggest the separation to the FreeNAS
> > developers for stability to improve their software but I would need to
> know
> > the technical reasons why the separation is important to be able to do
> so.
>
> The reasons are more philosophical than technical.  For an appliance
> like FreeNAS, if you were ever to use that as an AD DC, then perhaps the
> organisation is so small that there is only one machine, and that would
> be fine.  But if the organisation was running multiple servers, I would
> suggest running two as the AD DC, and provisioning file servers
> separately.
>
> > I'm curious can anyone elaborate some more on why Directory Services and
> > File Sharing roles should be spread across two servers and why file
> sharing
> > should be run on a member server?  Is it because of winbind?  Is it known
> > to cause lockups to have them on the same server?
>
> No, it shouldn't lock up.
>
> > Another thing I might like to suggest to the FreeNAS developers.  I've
> > noticed they also provision with NTVFS.  I've also noticed I can turn on
> > S3FS in FreeBSD with ZFS after provision and it seems to fix smbstatus.
> >  It's just that provision is still broken with FreeBSD + ZFS as we all
> > know.  From my research it appears S3FS a better option?  Is it pretty
> > stable at this point?  Can anyone see any harm in enabling it after the
> > fact if samba was originally provisioned with NTVFS?
>
> Nobody should be using the NTVFS server in new installations without a
> very, very good reason.  However, changing over is just a matter of
> using the 'samba-tool ntacl sysvolreset' tool, assuming only the sysvol
> share is in use.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
>

More information about the samba mailing list