[Samba] File server and DC or just member

Rowland penny rpenny at samba.org
Tue Jul 14 16:13:20 UTC 2020 

On 14/07/2020 16:41, Gregory Sloop wrote:
> Re: [Samba] File server and DC or just member
>
>
> *Rpvs> On 14/07/2020 06:40, Gregory Sloop via samba wrote:
> >> Kind of a whole set of general questions - pardon for one more, please!
>
> >> I've read some of the thinking behind not having a DC also be a 
> file server.
> >> But it's not a "rule" - just a suggestion.
>
> >> But here's a wrinkle on things.
> >> In more than a few setups, I'll have DC's on VM's - and they won't 
> be serving files they'll be purely DC's.
> >> Then on dedicated hardware, I'll have a file-server.
>
> >> Obviously I can make that file server simply a domain member, or I 
> could make it an additional DC.
> >> Having an additional DC would probably be good, as we'd have an 
> additional replica of the AD repository. If we lost one or all of the 
> DC VM's we'd still have the DC on the file-server too.
>
> >> So, why not make it a full DC, and not just a member server? [Or 
> even a RODC]
> >> [File shares will be on separate volumes/disks, from any of the OS 
> or Samba/AD disks - so migrating data isn't also tangled with AD or OS 
> components.]
>
> >> -Greg
>
> Rpvs> I started out like you, 'it's a Samba machine, so it should be 
> able to
> Rpvs> serve files', but after reading all the problems that people 
> have had, I
> Rpvs> have come to the conclusion that using a DC as a fileserver is a 
> bad idea.
>
> Rpvs> Yes, if you are using a DC in a very small office (3 or 4 
> users), you
> Rpvs> might get away with using a DC as a fileserver, but in any 
> reasonably
> Rpvs> sized network, I wouldn't do it.
>
> Rpvs> Rowland
>
>
> *So, if I understand you correctly, you don't really have any specific 
> things that you believe go wrong, it's a diffuse "stuff breaks" reasoning?
> I'm not trying to be dismissive, but it isn't a lot to go on.
>
> The wiki has some specific issues it enumerates - OS upgrades, volume 
> permissions, etc. I think the setup I describe, having the OS on 
> completely separate disks/volumes from the shares, etc address many of 
> those concerns.
>
> I guess I was hoping for something more detailed.
>
> -Greg

A DC only allows you to use idmap.ldb, you cannot use the winbind 
backends, you must use vfs_xattr (it is actually built into the code), 
You cannot use the RFC2307 attributes (except uidNumber & gidNumber). 
There are other reasons, but they escape me at the moment ;-)

As I said, in a small office it is okay, but it seemingly doesn't scale 
well.

Rowland

More information about the samba mailing list