[Samba] Using separate packages for a DC

Rowland Penny rpenny at samba.org
Mon Jan 30 14:34:42 UTC 2023



On 30/01/2023 13:44, Michael Tokarev via samba wrote:
> After realizing that people don't realize (heh) samba DC is
> not a regular fileserver,

Sorry, but it is a regular fileserver (sysvol), it just works 
differently to a Unix domain member.

> an idea come to me.
> 
> How about building two different samba packages (on a distribution
> such as debian), one being a regular file server and another is
> just for an AD DC, and make them *co-installable*, so each has
> its own set of config/library/cache/runtime files?

I think you just described running a DC on the bare metal and a Unix 
domain member in a VM.

> 
> When installed together, it will be two separate instances, built
> in a way so that they don't share anything. One only have to specify
> different IP addresses for the two (and different names),
> and that's about it.
> 
> I'm not yet sure about all the details, - for example, there can
> only be one libnss_winbind, but in this case it looks like the
> regular instance don't need winbinidd, single winbind can be used.
> There's a question about DNS too.  That all needs to be thought
> about for *sure*.
> 
> If that works, the two might be built with different kerberos
> implementations as well: the regular fileserver (and client)
> is built with MIT kerberos which is more featureful, and the
> AD-DC one is built with heimdal (using their own set of libraries
> and helper executables).
> 
> What do you think?

It sounds like far too much work for too little gain.

Rowland





More information about the samba mailing list