[Samba] Samba 4 Restrict User Create

Rowland Penny rowlandpenny at googlemail.com
Mon Nov 17 13:49:50 MST 2014

On 17/11/14 20:38, Greg Zartman wrote:
> On Mon, Nov 17, 2014 at 12:32 PM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>     Well Bind (or Named as you probably call it) is rock solid and you
>     definitely need to consider resolving DNS, without it, samba4 will
>     not work!
> Perhaps.  We have a working step that looks like this:
> dnscache->sambsdns->dnscache.forwarder.
> The initial dnscache instance provides primary DNS to the LAN, 
> deligating the samba domain zone to samba dns, and as appropriate to 
> the dnscache.forwarder instance for resolving DNS.
> We are throwing around the idea of trying out BIND so we've covered 
> all of the bases from a testing standpoint, but for our purposed it 
> probably isn't needed.
> It's a pitty the Samba team didn't look at dnscache/tinydns instead of 
> dnsmasq when they were looking to build a DNS backend for Samba.   
>  dnscache/tinydns are very solid, lightweight, and simple.   They 
> would have provided the DNS functions Samba needed with a footprint 
> similar to dnsmasq.  BIND could have been left completely out of the 
> picture.

Samba does not use dnsmasq, the internal dns server does not have 
anything to do with dnsmasq. There are only two DNS servers supported by 
samba, the internal DNS server and Bind 9. You need to use the 
'nsupdate' command to create and update client dns records, will this 
work with dnscache/tinydns ??
When anybody has DNS problems, it usually turns out to be them trying to 
use an unsupported DNS setup. I will repeat, in case you haven't got it 
yet, without a proper DNS server, Active Directory will not work 
correctly, if at all.

> -- 
> Greg J. Zartman
> Board Member
> Koozali SME Server
> SME Server user and community member since 2000

More information about the samba mailing list