[Samba] It is secure to transfer roles and demote DC?

Rowland Penny rowlandpenny at googlemail.com
Sun Nov 9 07:28:35 MST 2014

On 09/11/14 14:12, Marc Muehlfeld wrote:
> Hello Federico,
> Am 07.11.2014 um 12:53 schrieb Federico Alberto Sayd:
>> 1st - Docs says that isn't recommended run a File Server as DC ("Even if
>> the Domain Controller can act as a File Server as well, it's not a
>> recommendation" [1])
>> [1] https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
> I'm not sure, if this is still valid, with the winbindd changes in 4.2.
Hi Marc, 'winbindd' at the moment seems to operate just like 'winbind', 
the only rfc2307 attributes that get pulled are the uidNumber & gidNumber.


> But in general it's not best practice to host other services on DCs. But
> it would work.
>> 2nd - The file server is experiencing hig load (I think, because to high
>> I/O) and DNS resolution goes low and clients using this DC lose
>> connectivity
> What about moving the content to a member server, remove the shares from
> the DC and let the host continue to be just a DC?
> I don't know the size of your installation and how many DCs you have.
> But 2 DCs are the recommended minimum anyway for failover reasons in a
> domain. If you have different sites, this number would increase.
> Regards,
> Marc

More information about the samba mailing list