[Samba] Setting up of Samba4 LDAP acting in standalone server mode

Rowland Penny rowlandpenny at googlemail.com
Tue Jul 29 06:44:52 MDT 2014

On 29/07/14 12:48, CpServiceSPb . wrote:
> Yes. I can explain.
> Firstly I would like to say that I can not use Samba4 as DC because of your
> statement that Samba4 in DC mode doesn't support neighborhood browsing
> officially.
> I was able to make working it together with "secret" parameter (I wrote
> about it to you) .
> But I need browsing.
Why?? everybody else can work round this restriction. Can you please 
explain why you MUST have network browsing.

> So, returning to necessarity of LDAP: I want to implement certificate
> authority service relying on LDAP with storing all in LDAP and distribution
> for example of CRLs "via" LDAP may be with Web UI in the future.

You could just use LDAP and Samba in 'classic' mode, as a side effect of 
this, you could run 'nmbd'

> And other useful using, I want to use Bind9 BIND9_DLZ DNS type of Bind9
> instead of BIND9_FLATFILE type.

If you did use samba4 in AD DC mode, this is the recommended way of 
running bind9.

> And may be using of some storing (for users for some services, for example
> for Asterisk Cdr Web UI) can be applied by me.

This is already possible with samba, whether you run it in 'classic' 
mode with LDAP or as an AD DC.

> I would recommend you to make possible running Nmbd in DC mode with Smbd,
> that is to make one more option during provisioning which would add
> neighborhood functionality to Samba4 acting in DC mode and to make
> 'special' mode - standalone fileserver with LDAP turned on.
> I suppose somebody will be interested it.

Cannot see this happening, Andrew said that the mode that you referred 
to is going to go away.

> By the way, for now, if I provision Samba4 as DC and then run it in
> standalone server mode, what backend do I have to specify and will It be
> possible to add and storing next users to LDAP ?
> For example I want add user Helen to access to shares after I made
> provisioning as DC and started as standalone server.

I wouldn't even think of going down that line, the last time Andrew 
Bartlett said that Samba shouldn't do something, it was only a few days 
before Samba couldn't do it!

> P. S.: I have made beta2 version of multi LMB/DMB version of neighborhood,
> at the moment without on/off via smd.conf (permanently on) , and will
> hardly test it.

You seem to want a lot from a group of people who are giving their work 
away, most of what you want, you can have NOW if you give up your demand 
for network browsing. The thing that you want most is the very thing 
that microsoft is moving away from, so I cannot see Samba rushing to 
implement this. There are other more important things that need looking 
at first, getting SYSVOL to replicate automatically for instance.

> 2014-07-29 14:19 GMT+04:00 Andrew Bartlett <abartlet at samba.org>:
>> On Sat, 2014-07-26 at 16:18 +0400, CpServiceSPb . wrote:
>>> Is somehow possible to run Samba4 built-in LDAP if Samba4 acts as
>>> standalone server or in some of non AD DC mode ?
>>> Functionaling in AD DC mode is not suitable for me because of necesarity
>> of
>>> neighborhood what officially is not supported at the moment for AD DC,
>> as I
>>> know.
>> Yes this does (or at least might) work if you provision like for the AD
>> DC, but set --server-role=standalone.
>> However, we don't expect to support this long-term, as we will want to
>> reduce the 'weird' combinations, and push folks to a supported set of
>> options.  For example, I would like to change our startup code to allow
>> you to start 'samba' and have it just 'do the right thing' starting just
>> smbd and winbindd if you are a standalone server, or the full AD DC if
>> you are that.  This would break what you propose, which is why I don't
>> recommend it.
>> Can you explain more why you want to use our internal LDAP as a
>> standalone server?
>> Thanks,
>> Andrew Bartlett
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba

More information about the samba mailing list