[Samba] Setting up of Samba4 LDAP acting in standalone server mode

CpServiceSPb . cpservicespb at gmail.com
Tue Jul 29 05:48:18 MDT 2014

Yes. I can explain.
Firstly I would like to say that I can not use Samba4 as DC because of your
statement that Samba4 in DC mode doesn't support neighborhood browsing
I was able to make working it together with "secret" parameter (I wrote
about it to you) .
But I need browsing.
So, returning to necessarity of LDAP: I want to implement certificate
authority service relying on LDAP with storing all in LDAP and distribution
for example of CRLs "via" LDAP may be with Web UI in the future.
And other useful using, I want to use Bind9 BIND9_DLZ DNS type of Bind9
instead of BIND9_FLATFILE type.
And may be using of some storing (for users for some services, for example
for Asterisk Cdr Web UI) can be applied by me.
I would recommend you to make possible running Nmbd in DC mode with Smbd,
that is to make one more option during provisioning which would add
neighborhood functionality to Samba4 acting in DC mode and to make
'special' mode - standalone fileserver with LDAP turned on.
I suppose somebody will be interested it.
By the way, for now, if I provision Samba4 as DC and then run it in
standalone server mode, what backend do I have to specify and will It be
possible to add and storing next users to LDAP ?
For example I want add user Helen to access to shares after I made
provisioning as DC and started as standalone server.

P. S.: I have made beta2 version of multi LMB/DMB version of neighborhood,
at the moment without on/off via smd.conf (permanently on) , and will
hardly test it.

2014-07-29 14:19 GMT+04:00 Andrew Bartlett <abartlet at samba.org>:

> On Sat, 2014-07-26 at 16:18 +0400, CpServiceSPb . wrote:
> > Is somehow possible to run Samba4 built-in LDAP if Samba4 acts as
> > standalone server or in some of non AD DC mode ?
> >
> > Functionaling in AD DC mode is not suitable for me because of necesarity
> of
> > neighborhood what officially is not supported at the moment for AD DC,
> as I
> > know.
> Yes this does (or at least might) work if you provision like for the AD
> DC, but set --server-role=standalone.
> However, we don't expect to support this long-term, as we will want to
> reduce the 'weird' combinations, and push folks to a supported set of
> options.  For example, I would like to change our startup code to allow
> you to start 'samba' and have it just 'do the right thing' starting just
> smbd and winbindd if you are a standalone server, or the full AD DC if
> you are that.  This would break what you propose, which is why I don't
> recommend it.
> Can you explain more why you want to use our internal LDAP as a
> standalone server?
> Thanks,
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba

More information about the samba mailing list