[Samba] Using separate packages for a DC
Rowland Penny
rpenny at samba.org
Mon Jan 30 14:34:42 UTC 2023
On 30/01/2023 13:44, Michael Tokarev via samba wrote:
> After realizing that people don't realize (heh) samba DC is
> not a regular fileserver,
Sorry, but it is a regular fileserver (sysvol), it just works
differently to a Unix domain member.
> an idea come to me.
>
> How about building two different samba packages (on a distribution
> such as debian), one being a regular file server and another is
> just for an AD DC, and make them *co-installable*, so each has
> its own set of config/library/cache/runtime files?
I think you just described running a DC on the bare metal and a Unix
domain member in a VM.
>
> When installed together, it will be two separate instances, built
> in a way so that they don't share anything. One only have to specify
> different IP addresses for the two (and different names),
> and that's about it.
>
> I'm not yet sure about all the details, - for example, there can
> only be one libnss_winbind, but in this case it looks like the
> regular instance don't need winbinidd, single winbind can be used.
> There's a question about DNS too. That all needs to be thought
> about for *sure*.
>
> If that works, the two might be built with different kerberos
> implementations as well: the regular fileserver (and client)
> is built with MIT kerberos which is more featureful, and the
> AD-DC one is built with heimdal (using their own set of libraries
> and helper executables).
>
> What do you think?
It sounds like far too much work for too little gain.
Rowland
More information about the samba
mailing list