Le 17/03/2015 15:40, Peter Serbe a ?crit :> Hi S?bastien, > > S?bastien Le Ray schrieb am 17.03.2015 14:15: > >> So even with two interfaces and bind interfaces only you cannot do it? Sad > I am by no means an *nix epert. Maybe it is possible - but I don't know > anyone how ever talked about doing something like that. And given the > _very_ limited resources, You had mentioned, I think it just won't work.Yes, RAM upgrade is mandatory, whichever solution is used anyway, I agree>> Well? Having a VM just to split the DC from the file server seems a >> little overkill, > It might seem like that. However this is exactly what is typically done. > Once You got Your first VM up and running, basically You can spawn as > many VMs as You want. More or less.I use VMs when I need them. Emulating a whole system just to isolate network interfaces /is/ overkill, no matter how you look at it. But anyway I guess I'll have to use some kind of container system to avoid whole stack emulation> >> so I guess I'll have to switch to Samba 4.2 in order to >> have a usable winbindd on the DC > If I understood the discussion right, then the implementation of the > protocols, that are forming the base on which winbind(d) is running, > still is incomplete - without hope of a quick change. And therefore > You will need separate DCs and file servers still for a long time. > I remember however, that for really small installations the use of > the DC as file server had been regarded as adequate, though not being > an optimum solution. You might also want to reconsider, whether You > really want a separate file server.What I really want is have something homogeneous, that is consistent UIDs, GIDs, homedir & so on (RFC2307) among dedicated file servers and mixed DC/file servers which seem to be impossible right now.
S?bastien Le Ray schrieb am 17.03.2015 15:49:> I use VMs when I need them. Emulating a whole system just to isolate > network interfaces /is/ overkill, no matter how you look at it. But > anyway I guess I'll have to use some kind of container system to avoid > whole stack emulationI am pretty interested in hearing, what Your solution will look like in the end. :-)> What I really want is have something homogeneous, that is consistent > UIDs, GIDs, homedir & so on (RFC2307) among dedicated file servers and > mixed DC/file servers which seem to be impossible right now.Yes, that would really be nice. Especially as IMHO mixed Windows/*nix environments will become more common even for the use @home...>From what I do see, the UID works pretty reliably. For the other things...well, the defaults seem to work at least for me. - Peter.
On Tue, 17 Mar 2015, S?bastien Le Ray wrote:> What I really want is have something homogeneous, that is consistent UIDs, > GIDs, homedir & so on (RFC2307) among dedicated file servers and mixed > DC/file servers which seem to be impossible right now.As long as you are using RFC2307 attributes for UID/GID, you can sidestep the windbind problem entirely by using SSSD: https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd I will admit that I haven't tested running a DC and fileserver on the same machine using this method, but I don't see any reason it shouldn't work. My understanding of the issue is just that the DC's internal winbind is incomplete, so the file permissions will not work properly. Using SSSD should avoid that problem.
Beside your low RAM issue have you seen this? https://wiki.samba.org/index.php/Multiple_Server_Instances If it is still a test environment than you could try this. Am 17. M?rz 2015 15:49:43 MEZ, schrieb "S?bastien Le Ray" <sebastien-samba at orniz.org>:>Le 17/03/2015 15:40, Peter Serbe a ?crit : >> Hi S?bastien, >> >> S?bastien Le Ray schrieb am 17.03.2015 14:15: >> >>> So even with two interfaces and bind interfaces only you cannot do >it? Sad >> I am by no means an *nix epert. Maybe it is possible - but I don't >know >> anyone how ever talked about doing something like that. And given the >> _very_ limited resources, You had mentioned, I think it just won't >work. > >Yes, RAM upgrade is mandatory, whichever solution is used anyway, I >agree > >>> Well? Having a VM just to split the DC from the file server seems a >>> little overkill, >> It might seem like that. However this is exactly what is typically >done. >> Once You got Your first VM up and running, basically You can spawn as >> many VMs as You want. More or less. > >I use VMs when I need them. Emulating a whole system just to isolate >network interfaces /is/ overkill, no matter how you look at it. But >anyway I guess I'll have to use some kind of container system to avoid >whole stack emulation > >> >>> so I guess I'll have to switch to Samba 4.2 in order to >>> have a usable winbindd on the DC >> If I understood the discussion right, then the implementation of the >> protocols, that are forming the base on which winbind(d) is running, >> still is incomplete - without hope of a quick change. And therefore >> You will need separate DCs and file servers still for a long time. >> I remember however, that for really small installations the use of >> the DC as file server had been regarded as adequate, though not being >> an optimum solution. You might also want to reconsider, whether You >> really want a separate file server. >What I really want is have something homogeneous, that is consistent >UIDs, GIDs, homedir & so on (RFC2307) among dedicated file servers and >mixed DC/file servers which seem to be impossible right now. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Great! I guess similar principles apply to a chroot. Will try this. Thanks! Le 17/03/2015 22:38, Tim a ?crit :> Beside your low RAM issue have you seen this? > https://wiki.samba.org/index.php/Multiple_Server_Instances > > If it is still a test environment than you could try this. >