[Samba] several offices: home dirs, local resources, ...
Rowland Penny
rpenny at samba.org
Tue Nov 22 14:00:49 UTC 2022
On 22/11/2022 13:46, Michael Tokarev via samba wrote:
> 22.11.2022 16:42, Kees van Vloten via samba wrote:
> ..
>>> Maybe this limited/probematic functionality is sufficient to host just
>>> a DFS-root share, to be used to locate local user profiles?
>>>
>> I have no clue, after I read the disclaimer, I thought that I would
>> better stick to the advice on the wiki.
>>
>> I have set up lxc privileged containers (samba does not work in
>> unprivileged containers) to separate the functionalities of DC and
>> file-server. That prevents running into issues you have been warned
>> about...
>
> I use containers (systemd-nspawn) for this, - exactly because
> people suggest not to use DC as a file server. Systemd-nspawn
> works fine, including spawning just the samba service in a new
> namespace (not requiring to install whole separate OS).
>
> But the thing is: it is the Samba DC who registers domain-wide
> *file* services in DNS. The ones I mentioned already, \\domain.tld\ -
> which are essential for the domain functionality as far as I can see.
> If it doesn't work, maybe samba should not do that?
>
> /mjt
>
In another post, you mentioned 'unbound', are you aware that your
choices for a dns server in relation to a Samba AD DC are just two ?
Samba's internal dns server or the Bind9 dns server. Yes you can use a
different dns server, but only as a forwarder, anything for the AD dns
domain must be forwarded to an AD DC, any AD DC, they are all
authoritative for the AD dns domain.
You also mention above 'maybe samba should not do that', well you could
write that as 'maybe Active Directory should not do that'.
Active directory is built on three things, DNS, Kerberos and LDAP. The
last two depend on the first.
I have never used systemd containers, do they allow 'root' to operate
exactly as if it was a full blown computer ? If they don't, then that
could be your problem.
Have you investigated using a GPO for your profiles problem ?
Rowland
More information about the samba
mailing list