Samba on FreeBSD

Andrea Venturoli ml at netfence.it
Wed May 25 17:22:12 UTC 2016


On 05/25/16 18:58, James B. Byrne wrote:

>> AD: Yes, in a jail (mainly, but not only, because on an AD DC there
>> are some limitations WRT to NSS; that lets the base system or another
>> jail act as file server).
>>
>
>
> Could you explain this issue in greater detail?  I am aware that the
> Samba team advise against having a SAMBA file-server act as a DC.  I
> have not followed the reasoning very well however.
 >
 > What are the NSS issues to which you refer?

Suppose you want (for whatever reason) to see the Samba users as UNIX 
users: you'll put something like "passwd: files winbind" in 
/etc/nsswitch.conf.
AFAICT that's not going to work on the machine (phyisical, virtual, 
jail, etc...) where Samba is configured to be an AD DC (*).
I'm not sure why, I think it has something to do with the way winbindd 
works, which is different on the DC.

So I use a jail for the DC (where I'll have no need for UNIX users) and 
configure any other instance be a domain member.

(*) Notice "AD DC"; it will work on an NT DC.



The only nuisance is the need to use that jail for DNS.





> What are the issues with Bhyve that make it not production ready?

I never investigated (yet), so I can't answer.
It's also possible I've fallen behind and bhyve now works well.



> Additionally, if the SAMBA DC was hosted on a Bhyve VM and another
> SAMBA file-share server for that domain was hosted in a different
> Bhyve VM would that be a problem in your opinion?

(Leaving aside bhyve specific problems, which, as I said earlier, I'm 
not entitled to consider), I don't think there would be any problem: 
that's what I'm doing with jails.





> Thank you for your response.  I greatly appreciate it.  I have kept my
> reply to you off-list since it is probably outside the scope of being
> FreeBSD related.  However, I have no objection to anything I write
> herein showing up on the list should you deem it appropriate.

Why? I thinks the community might benefit from this... let them decide :)

  bye
	av.


More information about the freebsd-questions mailing list