[Samba] Using separate packages for a DC
Michael Tokarev
mjt at tls.msk.ru
Mon Jan 30 13:44:32 UTC 2023
After realizing that people don't realize (heh) samba DC is
not a regular fileserver, an idea come to me.
How about building two different samba packages (on a distribution
such as debian), one being a regular file server and another is
just for an AD DC, and make them *co-installable*, so each has
its own set of config/library/cache/runtime files?
When installed together, it will be two separate instances, built
in a way so that they don't share anything. One only have to specify
different IP addresses for the two (and different names),
and that's about it.
I'm not yet sure about all the details, - for example, there can
only be one libnss_winbind, but in this case it looks like the
regular instance don't need winbinidd, single winbind can be used.
There's a question about DNS too. That all needs to be thought
about for *sure*.
If that works, the two might be built with different kerberos
implementations as well: the regular fileserver (and client)
is built with MIT kerberos which is more featureful, and the
AD-DC one is built with heimdal (using their own set of libraries
and helper executables).
What do you think?
/mjt
More information about the samba
mailing list