hi guys, what would be an absolute minimum on the list of sevices one should have for NT style domain? (userdb in separate LDAP, dns too is in bind9) And maybe even less need for stand-alone server? many thanks, L.
Rowland penny
2019-Oct-09 08:35 UTC
[Samba] minimum of 'server services' for NT style domain ?
On 09/10/2019 09:14, lejeczek via samba wrote:> hi guys, > > what would be an absolute minimum on the list of sevices one should have > for NT style domain? (userdb in separate LDAP, dns too is in bind9) > > And maybe even less need for stand-alone server? > > many thanks, L. >I take it by 'services' you mean the 'smbd' , 'nmbd' and 'winbindd' binaries, if so, then you only need the 'smbd' & 'nmbd' binaries on both. You do not need dns with an NT4-style domain, it uses netbios instead. Can I stress how important it is that anyone who is still using an NT4-style domain upgrades to AD. From Samba 4.11.0, they will no longer work by default, though you can reconfigure smb.conf to keep them working. Rowland
On 09/10/2019 09:35, Rowland penny via samba wrote:> On 09/10/2019 09:14, lejeczek via samba wrote: >> hi guys, >> >> what would be an absolute minimum on the list of sevices one should have >> for NT style domain? (userdb in separate LDAP, dns too is in bind9) >> >> And maybe even less need for stand-alone server? >> >> many thanks, L. >> > I take it by 'services' you mean the 'smbd' , 'nmbd' and 'winbindd' > binaries, if so, then you only need the 'smbd' & 'nmbd' binaries on both. > > You do not need dns with an NT4-style domain, it uses netbios instead.I meant it as I wrote it 'server services' - as a param in smb.conf> > Can I stress how important it is that anyone who is still using an > NT4-style domain upgrades to AD. From Samba 4.11.0, they will no > longer work by default, though you can reconfigure smb.conf to keep > them working. > > Rowland > >Do not stress it, don't bother, save yourself time & energy. I assume everybodyyy! knows it only some of us can't do so. many thanks, L.
L.P.H. van Belle
2019-Oct-09 09:01 UTC
[Samba] minimum of 'server services' for NT style domain ?
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: woensdag 9 oktober 2019 10:35 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] minimum of 'server services' for NT > style domain ? > > On 09/10/2019 09:14, lejeczek via samba wrote: > > hi guys, > > > > what would be an absolute minimum on the list of sevices > one should have for NT style domain? (userdb in separate LDAP, dns too is in bind9)The minimal "needed" services depends on how you use your server.> > > > And maybe even less need for stand-alone server?Then most probely only smbd and winbind.> > > > many thanks, L. > > > I take it by 'services' you mean the 'smbd' , 'nmbd' and 'winbindd' > binaries, if so, then you only need the 'smbd' & 'nmbd' > binaries on both. > > You do not need dns with an NT4-style domain, it uses netbios instead.^^^^^ not totaly wrong/right, but .. Yes, you dont need dns for NT4 Style, because of netbios. No, you do needs DNS since, netbios is more and more disabled. Chicken and the egg problem... ;-) And because of that, a correct setup with A-PTR and dnsdomainnames is a must. Note, A-PTR + DNSdomain setup, without dns server can work also, if your hosts and resolv.conf files are setup correctly. But he is running bind so i assume that its setup correctly.> > Can I stress how important it is that anyone who is still using an > NT4-style domain upgrades to AD. From Samba 4.11.0, they will > no longer > work by default, though you can reconfigure smb.conf to keep > them working.I think, he wants an stand alone samba server + ldap users for the system. Basicly, im guessing he want to know thse. ( in debian ) https://wiki.debian.org/LDAP/OpenLDAPSetup + https://wiki.debian.org/LDAP/PAM + https://packages.debian.org/buster/ldapscripts And/or https://wiki.debian.org/PhpLdapAdmin And the samba part. https://wiki.debian.org/SAMBAServerSetup Greetz, Louis
Andrew Bartlett
2019-Oct-09 22:28 UTC
[Samba] minimum of 'server services' for NT style domain ?
On Wed, 2019-10-09 at 09:14 +0100, lejeczek via samba wrote:> hi guys, > > what would be an absolute minimum on the list of sevices one should > have > for NT style domain? (userdb in separate LDAP, dns too is in bind9) > > And maybe even less need for stand-alone server? > > many thanks, L.Sadly this parameter (server services) is a left-over from the Samba3/Samba4 split that we haven't papered over. I'm sorry for any confusion. It is possible to turn off some RPC services in the smbd file server, but it isn't clearly documented and certainly isn't tested. The notable exception is 'disable spoolss'. This disables all the printing code and if you are not using it would therefore reduce the attack surface that I presume you are worried about. I hope this helps a little. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba