[Samba] Domain controller in a chroot

Peter Serbe peter at serbe.ch
Tue Mar 17 08:40:06 MDT 2015 

Hi Sébastien, 

Sébastien Le Ray schrieb am 17.03.2015 14:15:

> So even with two interfaces and bind interfaces only you cannot do it? Sad

I am by no means an *nix epert. Maybe it is possible - but I don't know 
anyone how ever talked about doing something like that. And given the 
_very_ limited resources, You had mentioned, I think it just won't work. 

Below I attach a 'top' screen shot from my Raspi 1B+ with one user logged in
(namely me...). It acts as DC, uses the Bind DLZ-backend and runs VPN between 
my two sites. You'll notice, that RAM 512k RAM is extremely scarce. Thing 
will look better for the Raspi 2, but a cheap second hand PC is the better 
bet. 

A few days ago I saw an advertisment for a second hand Compaq PC with a 
3 GHz Core2Duo and 4 GB RAM in it for 99€. 
(see Yourself: http://www.softwarebilliger.de/pc-computer/ )
You have to spend a bit more, if You want something, which pulls less 
energy. But here the use case is important again: Is it really allways on? 
If You want a perfect fit for Your needs, then You need to invest in 
researching the relevant PC magazines (for example). 

> Well… Having a VM just to split the DC from the file server seems a 
> little overkill, 

It might seem like that. However this is exactly what is typically done. 
Once You got Your first VM up and running, basically You can spawn as 
many VMs as You want. More or less. 

> so I guess I'll have to switch to Samba 4.2 in order to 
> have a usable winbindd on the DC

If I understood the discussion right, then the implementation of the 
protocols, that are forming the base on which winbind(d) is running, 
still is incomplete - without hope of a quick change. And therefore 
You will need separate DCs and file servers still for a long time. 
I remember however, that for really small installations the use of 
the DC as file server had been regarded as adequate, though not being 
an optimum solution. You might also want to reconsider, whether You 
really want a separate file server. 

But hacking two instances of Samba onto one machine, will cost You so 
much time, that it would be better, earning a few extra bucks in the 
saved time and to buy some hardware...

- Peter.

More information about the samba mailing list