[Samba] ntp_signd/socket multiple samba dcs on a single box

Tue Jul 24 09:37:24 UTC 2018

Hello Andrew,

* Andrew Bartlett <abartlet at samba.org> [2018-07-24 09:55]:
> I would use distinct containers or VMs for this, as otherwise you also
> can't use nss_winbindd for each domain.

I'm not using nss_winbindd and don't plan to do so.

> However if you must, then you would have to set up multiple ntpd
> instances bound to each IP and pointing to the correct Samba.

I see. I thought so, so this is what I'm going to do.

> Finally, in general I suggest avoiding 'neat hacks' because while it
> is amazing to create a special snowfake, it is also delicate and more
> likely to get broken by some upstream change that never expected your
> environment. 

I get the idea. But on the other hand I'm quiet amazed how fast I now
can setup an active directory. This week runs the first class with 13
people on SAMBA AD. And so far everything is working and stable. I'm
even integrating with a third party product (vRealize Automation).
The only real issue that I have is that sysprep domain join does not
work as soon as I go dual stack. But with IPv4 only everything is fine.
When I have some spare time to kill, I'll track it down.

> You are saved a little by the fact that Samba's selftest system does
> essentially this (but uses nss_wrapper to get around the one
> nsswitch.conf issue). 

That's good to know. But I'll simply follow the upstream release cycle
closely and start screaming if it breaks. If all goes wrong I still can
setup a windows ad in a VM in 10 minutes. But setting up an AD in 10
seconds is really neat. And I'm very happy with the work you have done
to make this possible. Thank you very much.

Cheers,
        Thomas