[Samba] Books of Samba 4

Rowland Penny rowlandpenny at googlemail.com
Wed Mar 5 00:37:26 MST 2014

On 04/03/14 23:06, Tony Hain wrote:
> Rowland Penny wrote:
>>> ... snip
>> Hi, your problem is that you tried to provision a member server, it doesn't
>> work, as you have found out. This is why I was querying just why that option
>> is there in 'samba-tool domain provision', it needs to be removed.
>> What you require is to use the smbd, nmbd and winbind daemons from
>> samba4 just like you would with the daemons from samba 3, see here:
> To a first order, there is no logic behind this statement. What the #$%^ does the 'process' of creating the .conf file have to do with which daemon is running? From comments on thread there is clearly some kind of unstated assumption that samba-tool is only for the samba daemon, but there is no obvious reason why it should be. From what little I have been able to gather from sorting through this, samba-tool is nothing more than a super-set of tools used to configure and operate samba 3 over the last 5 years or so. How does that end up being samba daemon specific?
Firstly, samba-tool was created for the samba4 AD setup and really has 
nothing to do with samba 3. If you want an AD DC, you use 'samba-tool 
domain provision', for anything else, it is NOT used.

Samba4 is actually two packages in one, one is the AD DC, the other is 
anything the old samba 3 was and no whinging or whining is going to 
change that.

You just require a member server, so forget samba-tool, read the page 
that people are pointing you to, read any samba 3.6 howtos that are 
relevant to what you are trying to do and then try again.

If/when you have problems, post again and people will try to help you, 
but only if you try to help yourself.


> Again, the generic term 'provision' has nothing to do with a specific micro-instance of creating a DC, it is about providing the environment for something else to happen. Please stop equating 'provision' with DC, and equate it with creating a .conf file.
>> https://wiki.samba.org/index.php/Samba/Domain_Member
>> Probably sometime in the future, running provision to get a member server
>> will work, but it will require an extremely large amount of work and the
>> acceptance of various standards and/or even more input from the person
>> running samba-tool.
> I am sorry, but I don't buy that. If pasting in:
> [global]
>     workgroup = SHORTDOMAINNAME
>     security = ADS
>     idmap config *:backend = tdb
>     idmap config *:range = 70001-80000
>     idmap config SHORTDOMAINNAME:backend = ad
>     idmap config SHORTDOMAINNAME:schema_mode = rfc2307
>     idmap config SHORTDOMAINNAME:range = 500-40000
>     winbind nss info = rfc2307
> creates an acceptable .conf file, then asking the user for realm & workgroup is all that is required, and both are already in samba-tool. If there is a large amount of work and additional questions, then the wiki is clearly lacking in detail about the real requirements. Either your claims about excessive work, or Marc's claims about the wiki HowTo being adequate, are wrong because they are in direct conflict.
>> Until that far off day comes, you will have to write your own smb.conf
> I believe it is a far off day, but only because those in position to do something about it believe that. I don't mind writing the smb.conf, but consistent guidance that indicates it is still appropriate for current releases would help.
> Tony
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list