Samba on FreeBSD
Andrea Venturoli
ml at netfence.it
Wed May 25 17:22:12 UTC 2016
On 05/25/16 18:58, James B. Byrne wrote:
>> AD: Yes, in a jail (mainly, but not only, because on an AD DC there
>> are some limitations WRT to NSS; that lets the base system or another
>> jail act as file server).
>>
>
>
> Could you explain this issue in greater detail? I am aware that the
> Samba team advise against having a SAMBA file-server act as a DC. I
> have not followed the reasoning very well however.
>
> What are the NSS issues to which you refer?
Suppose you want (for whatever reason) to see the Samba users as UNIX
users: you'll put something like "passwd: files winbind" in
/etc/nsswitch.conf.
AFAICT that's not going to work on the machine (phyisical, virtual,
jail, etc...) where Samba is configured to be an AD DC (*).
I'm not sure why, I think it has something to do with the way winbindd
works, which is different on the DC.
So I use a jail for the DC (where I'll have no need for UNIX users) and
configure any other instance be a domain member.
(*) Notice "AD DC"; it will work on an NT DC.
The only nuisance is the need to use that jail for DNS.
> What are the issues with Bhyve that make it not production ready?
I never investigated (yet), so I can't answer.
It's also possible I've fallen behind and bhyve now works well.
> Additionally, if the SAMBA DC was hosted on a Bhyve VM and another
> SAMBA file-share server for that domain was hosted in a different
> Bhyve VM would that be a problem in your opinion?
(Leaving aside bhyve specific problems, which, as I said earlier, I'm
not entitled to consider), I don't think there would be any problem:
that's what I'm doing with jails.
> Thank you for your response. I greatly appreciate it. I have kept my
> reply to you off-list since it is probably outside the scope of being
> FreeBSD related. However, I have no objection to anything I write
> herein showing up on the list should you deem it appropriate.
Why? I thinks the community might benefit from this... let them decide :)
bye
av.
More information about the freebsd-questions
mailing list