hi: I want to setup a small samba4 server with AD and file server function. I know that samba4 AD DC has no netbios browsing support. are there other missing functions, like winbindd or something else? and if I install two samba4 instance, one to "/usr/local/samba"(for file server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate ip to bind. will it work better? thanks a lot for suggestion!! Regards, tbskyd
On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:> hi: > I want to setup a small samba4 server with AD and file server function. > I know that samba4 AD DC has no netbios browsing support. are there other > missing functions, like winbindd or something else?The next release will include this patch, which avoids mistakenly creating world-writeable files in additional file shares.> and if I install two samba4 instance, one to "/usr/local/samba"(for file > server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate > ip to bind. will it work better?No, it would need to be a different virtual machine (you can only have one winbind per machine, and the different winbind is most important difference between the operating modes). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-param-Remove-incorrectly-added-defaults-in-AD-DC-all.patch Type: text/x-patch Size: 1684 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20130312/c76e5a94/attachment.bin>
On 03/11/2013 06:34 PM, Andrew Bartlett wrote:> On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote: >> hi: >> I want to setup a small samba4 server with AD and file server function. >> I know that samba4 AD DC has no netbios browsing support. are there other >> missing functions, like winbindd or something else? > The next release will include this patch, which avoids mistakenly > creating world-writeable files in additional file shares. > >> and if I install two samba4 instance, one to "/usr/local/samba"(for file >> server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate >> ip to bind. will it work better? > No, it would need to be a different virtual machine (you can only have > one winbind per machine, and the different winbind is most important > difference between the operating modes). > > Andrew Bartlett > >Are you saying that it is not possible to use a Samba 4 AD DC as a file server?
Dear all,
I do a lot of testing with samba4 at this time. Set up a samba 4 server on
centos 6.3 working just fine.
Now tried to join a second samba4 to the existing domain by : samba-tool domain
join tplechler DC -Uadministrator --realm=tplechler.kkh --dns-backend=BIND9_DLZ
This worked without any errors.
But samba_dnsupdate --verbose --all-names ends up with errors:
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 20 entries
The dns-keytab file was generated on domain joining!?
samba-tool drs showrepl is ok:
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: 9ed1322c-6044-4e17-b109-ce2809a52487
DSA invocationId: c2a9094f-afa6-4904-a5d3-b341be2b919d
==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=ForestDnsZones,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
CN=Configuration,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=DomainDnsZones,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 7dcfeeaa-a228-4275-bce6-bba8f787a350
Enabled : TRUE
Server DNS name : linux2.tplechler.kkh
Server DN name : CN=NTDS
Settings,CN=LINUX2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tplechler,DC=kkh
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im Auftrag von Andrew Bartlett
Gesendet: Montag, 11. M?rz 2013 23:34
An: d tbsky
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 AD DC as file server?
On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:> hi:
> I want to setup a small samba4 server with AD and file server function.
> I know that samba4 AD DC has no netbios browsing support. are there
> other missing functions, like winbindd or something else?
The next release will include this patch, which avoids mistakenly creating
world-writeable files in additional file shares.
> and if I install two samba4 instance, one to
"/usr/local/samba"(for
> file server), one to "/usr/local/samba-ad"(for AD DC). and give
them
> two seprate ip to bind. will it work better?
No, it would need to be a different virtual machine (you can only have one
winbind per machine, and the different winbind is most important difference
between the operating modes).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
On 12/03/13 00:02, Gerry Reno wrote:> On 03/11/2013 06:34 PM, Andrew Bartlett wrote: >> On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote: >>> hi: >>> I want to setup a small samba4 server with AD and file server function. >>> I know that samba4 AD DC has no netbios browsing support. are there other >>> missing functions, like winbindd or something else? >> The next release will include this patch, which avoids mistakenly >> creating world-writeable files in additional file shares. >> >>> and if I install two samba4 instance, one to "/usr/local/samba"(for file >>> server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate >>> ip to bind. will it work better? >> No, it would need to be a different virtual machine (you can only have >> one winbind per machine, and the different winbind is most important >> difference between the operating modes). >> >> Andrew Bartlett >> >> > Are you saying that it is not possible to use a Samba 4 AD DC as a file server? > >You can create shares on samba4 and connect to them from the cli, via smbclient for instance, you just cannot browse to them. The accepted practice seems to be, set up Samba 4 for authorisation and then set up a separate Samba3 fileserver. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Mon, 2013-03-11 at 20:02 -0400, Gerry Reno wrote:> On 03/11/2013 06:34 PM, Andrew Bartlett wrote: > > On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote: > >> hi: > >> I want to setup a small samba4 server with AD and file server function. > >> I know that samba4 AD DC has no netbios browsing support. are there other > >> missing functions, like winbindd or something else? > > The next release will include this patch, which avoids mistakenly > > creating world-writeable files in additional file shares. > > > >> and if I install two samba4 instance, one to "/usr/local/samba"(for file > >> server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate > >> ip to bind. will it work better? > > No, it would need to be a different virtual machine (you can only have > > one winbind per machine, and the different winbind is most important > > difference between the operating modes). > > > > Andrew Bartlett > > > > > > Are you saying that it is not possible to use a Samba 4 AD DC as a file server?It is fully supported, but please use the patch I e-mailed while we wait for the wheels to turn on a security release with it in. We have generally suggested separating the roles, but that is because we think that users of our AD DC might wish to have different redundancy, life cycle and other requirements between the two modes of operation. This applies particularly on larger sites. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org