[Samba] Books of Samba 4

Andrew Bartlett abartlet at samba.org
Mon Mar 3 02:17:58 MST 2014 

On Mon, 2014-03-03 at 02:49 +0000, Petros wrote:
> Quoting "Marc Muehlfeld" <samba at marc-muehlfeld.de>
> > To: "Tony Hain" <tony at tndh.net>, samba at lists.samba.org
> >
> >> In general there is a lack of documentation about how to turn off services
> >> that are not wanted on this instance, or if it does exist, it is not easily
> >> found.
> >
> > What services do you want to turn off?
> 
> After provisioning a DC I have:
> 
> server services = rpc, wrepl, ldap, cldap, kdc, drepl, winbind,  
> ntp_signd, kcc, dnsupdate, dns, smb
> 
> It is hard to find information about them, which are responsible for  
> what, which network ports they open etc.
> 
> It feels as browsing through a Windows Services list and guessing: "Do  
> I need this one?"

You need them all.  The main difference with Samba 4.0 as an AD DC is
that this list is exposed, with previous releases and in other modes, a
similarly large number of services are provided, but only spoolss can be
disabled. 

> On a FreeBSD server I disabled nbt to get it working. Will it cause  
> problems later on? I cannot say.

Yes, it will.  Most networks still need netbios name resolution at some
time or other.  If nbt is causing you problems, work out why.  Perhaps
you are trying to (as foolishly suggested elsewhere) also run nmbd at
the same time?

> There are still Unix admins who like manpages describing every  
> parameter, and knowing the background well. That gives them the power  
> to run the services effectively. Google and guessing isn't have as  
> good;-)

It wasn't ever intended that the 'server services' parameter would be
something that admins would even see, but a late change in development
(the final merge of the file severs) caused this to gain much more
prominence than was ever expected.  

> It makes nervous.. If I install a NFS server, LDAP, Kerberos and a DNS  
> server I know _exactly_ what they are doing. If I install Samba, it  
> may work. I have seen the same setup working in the lab - but not in  
> the "wild" facing a customer. There I need to debug it again..

If you install Samba per our HOWTOs, as an AD DC, it will very likely
'just work'.  I know it is disconcerting to expect that given the unix
history of 'here is a bag of lego, now build a car', but really, we have
built a product that does for the most part and for almost those who
deploy it in the recommended configurations 'just work'.  

> I can imagine some of the problems resulting from re-engineering a  
> Windows "BLOB" ;-) The Samba team is helful, the list is helpful, the  
> Wiki is and other stuff.
> 
> So please do not get frustrated.
> 
> It is just an explanation what would be "nice to know".
> 
> Honestly, I do not know enough about Windows inner workings. I am a  
> Unix admin providing some services to Windows networks. I just wonder  
> sometimes how many Windows admins know more;-) [duck]
> 
> BTW: Is there a good book describing _how_ Windows networks are  
> working these days? An updated "Samba-3 by example" book (apdated to  
> Samba-4) in the making?

Sadly nobody I know with any experience in this area is writing
anything.  We know the Samba-3 books are getting old, and we are looking
at removing them for this reason. 

I hope this clarifies things a little.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list