CpServiceSPb .
2015-Dec-01 16:19 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
> If you run 'nmbd' with 'samba' i.e. on an AD DC, you are duplicatingthe code in the 'nmb' component of the 'samba' deamon, this is definitely> not recommended. You could turn off 'nmb', but again this isnot recommended, the rest of the 'samba' deamon relies on 'nmb' not the> external 'nmbd' .> Or to put it another way, if you are running 'nmbd' with an AD DC, Iwould suggest you stop, sooner or later, you are going to have problems. Unfortunatelly, may be you are right. :(( When I run Nmbd with Saba at AD mode, I don' t remember exactly now, but if Nmbd started first and then Samba daemon, error was or vice versa.> Well probably not any time soon, (unless you are prepared to come up withpatches), this appears to be one of those things that would be nice> to have, but not at the top of the list. It also seems to be disappearingfrom windows, so why waste valuable time doing something> that will possibly no longer be needed.It also seems to be disappearing from Windows - but hasn' t been disappeared and i think will not be disappeared form quite long time. More over many pc station are equipped Windows XP yet, not even Windows 7. As following, it can be necessary for a quite long time.>From mathias > Now VM usage + split of file servers => no need of nmbd on AD DC. Nmbdwill be run on file servers which serve files for Windows computers.> That's just my own point of view, built according to own understanding ofSamba. That means I can be really far from the original "why" : ) I know many people who has AD DC 2008R, even 2003R2 at working position. And people who is connected to its DCs or servered by it very active uses Windows analogue of nmb functionality (built-in in Windows of course) in their LANs. I will remember, that nmbd in addition makes server visible in Network Neighborhood, in some points takes part of accessing to it by NetBios name (additionally to IP) , maintains computers list for group, can acts as LMB and/or DMB that is in general makes possible Neighborhood Browsing. Quite a big function capacity in my oppinion. And it is more comfortable to get AD DC with fully working Neignborhood Browsing. And some of them people (mentioned above) stopped to migrate their Windows AD DCs to Samba4 one because of the reason - lack of discussion functionality. As following, I consider important working full nmb functional with AD DC at Samba4. May be I am wrong, but moving code from nmbd (s3) is necessary only to AD DC nmb code part (s4) , of course with some editions. But I may be wrong. *Rowland, *can you point me to files from AD DC sources where nmb code is presented ? May be I will be able to start "process" of working under it. :))
Rowland Penny
2015-Dec-01 16:39 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
On 01/12/15 16:19, CpServiceSPb . wrote:>> If you run 'nmbd' with 'samba' i.e. on an AD DC, you are duplicating > the code in the 'nmb' component of the 'samba' deamon, this is definitely >> not recommended. You could turn off 'nmb', but again this is > not recommended, the rest of the 'samba' deamon relies on 'nmb' not the >> external 'nmbd' . >> Or to put it another way, if you are running 'nmbd' with an AD DC, I > would suggest you stop, sooner or later, you are going to have problems. > Unfortunatelly, may be you are right. :(( > When I run Nmbd with Saba at AD mode, I don' t remember exactly now, but if > Nmbd started first and then Samba daemon, error was or vice versa. > > >> Well probably not any time soon, (unless you are prepared to come up with > patches), this appears to be one of those things that would be nice >> to have, but not at the top of the list. It also seems to be disappearing > from windows, so why waste valuable time doing something >> that will possibly no longer be needed. > It also seems to be disappearing from Windows - but hasn' t been > disappeared and i think will not be disappeared form quite long time. > More over many pc station are equipped Windows XP yet, not even Windows 7. > As following, it can be necessary for a quite long time.There is nothing stopping you connecting directly to your shares, or using a domain member as a fileserver In my personal opinion, you are risking trouble by still using XP, yes I know that sometimes you have to, but I would suggest that you start making plans to replace XP, I would not put it past microsoft coming up with something to stop later versions of windows connecting to XP PCs. You are also risking any unknown security holes (unknown to everybody but the black hats, that is) in XP, these holes will not be fixed.> > From mathias >> Now VM usage + split of file servers => no need of nmbd on AD DC. Nmbd > will be run on file servers which serve files for Windows computers. >> That's just my own point of view, built according to own understanding of > Samba. That means I can be really far from the original "why" : ) > > I know many people who has AD DC 2008R, even 2003R2 at working position. > And people who is connected to its DCs or servered by it very active uses > Windows analogue of nmb functionality (built-in in Windows of course) in > their LANs. > I will remember, that nmbd in addition makes server visible in Network > Neighborhood, in some points takes part of accessing to it by NetBios name > (additionally to IP) , > maintains computers list for group, can acts as LMB and/or DMB that is in > general makes possible Neighborhood Browsing. > Quite a big function capacity in my oppinion. > > And it is more comfortable to get AD DC with fully working Neignborhood > Browsing. > And some of them people (mentioned above) stopped to migrate their Windows > AD DCs to Samba4 one because of the reason - lack of discussion > functionality. > As following, I consider important working full nmb functional with AD DC > at Samba4. > > > May be I am wrong, but moving code from nmbd (s3) is necessary only to AD > DC nmb code part (s4) , of course with some editions. > But I may be wrong. > > *Rowland, *can you point me to files from AD DC sources where nmb code is > presented ? > > > May be I will be able to start "process" of working under it. :))All I can suggest is you get hold of 'samba-master' from samba git and see if you can work out how to do this. To me 'C' comes between 'B' & 'D' :-D i.e. I haven't a clue Rowland
mathias dufresne
2015-Dec-02 10:40 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
2015-12-01 17:19 GMT+01:00 CpServiceSPb . <cpservicespb at gmail.com>:> > If you run 'nmbd' with 'samba' i.e. on an AD DC, you are duplicating > the code in the 'nmb' component of the 'samba' deamon, this is definitely > > not recommended. You could turn off 'nmb', but again this is > not recommended, the rest of the 'samba' deamon relies on 'nmb' not the > > external 'nmbd' . > > > Or to put it another way, if you are running 'nmbd' with an AD DC, I > would suggest you stop, sooner or later, you are going to have problems. > Unfortunatelly, may be you are right. :(( > When I run Nmbd with Saba at AD mode, I don' t remember exactly now, but if > Nmbd started first and then Samba daemon, error was or vice versa. > > > > Well probably not any time soon, (unless you are prepared to come up with > patches), this appears to be one of those things that would be nice > > to have, but not at the top of the list. It also seems to be disappearing > from windows, so why waste valuable time doing something > > that will possibly no longer be needed. > It also seems to be disappearing from Windows - but hasn' t been > disappeared and i think will not be disappeared form quite long time. > More over many pc station are equipped Windows XP yet, not even Windows 7. > As following, it can be necessary for a quite long time. > > From mathias > > Now VM usage + split of file servers => no need of nmbd on AD DC. Nmbd > will be run on file servers which serve files for Windows computers. > > That's just my own point of view, built according to own understanding of > Samba. That means I can be really far from the original "why" : ) > > I know many people who has AD DC 2008R, even 2003R2 at working position. > And people who is connected to its DCs or servered by it very active uses > Windows analogue of nmb functionality (built-in in Windows of course) in > their LANs. >I worked for years for a small company building planes: Airbus. They do have lot of DC, lot of file servers, they use ADAM intensively too. I don't remember they were using WINS service. DC are meant to authenticate clients. That specific process is based on DNS to guess where to authenticate. In fact having DC in network neighborhood is good for mini-parks only. If you have 2 files server and 2 DC, 50 clients, at worst you will have 54 entries in network neighborhood. Now think about same network neighborhood when you have 50 DC, 250 file servers and tenths of thousands clients. Wouldn't be easier for your users to have only these file servers in their network neighborhood rather than all clients + all DC + somewhere in the middle some lost file servers?> I will remember, that nmbd in addition makes server visible in Network > Neighborhood, in some points takes part of accessing to it by NetBios name > (additionally to IP) , > maintains computers list for group, can acts as LMB and/or DMB that is in > general makes possible Neighborhood Browsing. > Quite a big function capacity in my oppinion. >I'm lacking knowledge about MS AD but I was believing AD was coming with its own replacement of that election process. If I'm wrong the fact DC are not part of that process does not seems to be a too big issue if they are not file server.> > And it is more comfortable to get AD DC with fully working Neignborhood > Browsing. >For lazy admins on small park, it could be. For DC with short names in a big park, you lose time opening the network neighborhood, waiting it fill up, dig into declared machines to find the one you was looking for rather than just typing "\\my_dc_name" in windows explorer address bar.> And some of them people (mentioned above) stopped to migrate their Windows > AD DCs to Samba4 one because of the reason - lack of discussion > functionality. >"lack of discussion" functionality: what did you meant? They really stopped digging into Samba AD because they didn't find their DC in the network neighborhood? No they must have better reasons I think. I should have missed the meaning of what you said...> As following, I consider important working full nmb functional with AD DC > at Samba4. > > > May be I am wrong, but moving code from nmbd (s3) is necessary only to AD > DC nmb code part (s4) , of course with some editions. > But I may be wrong. > > *Rowland, *can you point me to files from AD DC sources where nmb code is > presented ? > > > May be I will be able to start "process" of working under it. :)) > >Good luck! Always a good idea to help opensource :)
CpServiceSPb .
2015-Dec-05 11:45 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
> There is nothing stopping you connecting directly to your shares, or using a domain member as a fileserverI agree, but for most of users T talked with, via friendly name (NetBios) but not quite long (DNS) is more comfortable.> In my personal opinion, you are risking trouble by still using XP, yes I know that sometimes you have to, but I would suggest that you start > making plans to replace XP, I would not put it past microsoft coming up with something to stop later versions of windows connecting to XP PCs. > You are also risking any unknown security holes (unknown to everybody but the black hats, that is) in XP, these holes will not be fixed.1. Windows 7/8 have NetBios functionality (NeighborHood browser ability) , not only XP (and of course server line of MS have also) ; 2. I know about that (risky and so on) . But there are different conditions: financial, organization, lawing, technical, and so on, to go faster to moving forward to Win after XP (life after death :)) ) .> All I can suggest is you get hold of 'samba-master' from samba git and see if you can work out how to do this. To me 'C' comes between 'B' & > 'D' :-D i.e. I haven't a clueNot much, but thank you. I did at such way when I began to write (code) multi group LMB/DMB functionlity among IP address space for Nmbd and now I have almost completely working solution (that allows browsing even for roadwarriors, what was necessary for me) . *For mathia * > I worked for years for a small company building planes: Airbus. They do have lot of DC, lot of file servers, they use ADAM intensively too. I don't> remember they were using WINS service. DC are > meant to authenticateclients. That specific process is based on DNS to guess where to authenticate.> In fact having DC in network neighborhood is good for mini-parks only. Ifyou have 2 files> server and 2 DC, 50 clients, at worst you will have 54 entries in networkneighborhood. Now think about same network neighborhood when you have 50> DC, 250 file servers and tenths of > thousands clients. Wouldn't be easier for your users to have only thesefile servers in their network neighborhood rather than all clients + all DC +> somewhere in the middle some lost file servers?As I mentionrd above, there are different situation in different organizations, commercial/non commercial/edicational/military/peaceful. :) Mostly using of NetBios abilities is applicable for home/small/medium business. But even in big business companiest it can be used via Wins. No, for conditions I touched with, wouldn' t. It would easy for users (first of all and then for lazy admins :)) ) to have choise to make possibility to see computers at list (including file servers) or not to see. Users who can/wants to use accss to servers/computers by name they are wellcome, users who can /want to access internal resources by IP or by other way (DNS or other which is used at your organization) , they are wellcome. Society of freedom choise. Is it ? By the way, why is it good for miniparks only ? You may not answer to this question. It can well working for quite big parks also. If you meant broadcast, I may partially agree with you, but modern netcards as communication lines have big broadband. :))> I'm lacking knowledge about MS AD but I was believing AD was coming with its own replacement of that election process. > If I'm wrong the fact DC are not part of that process does not seems to be a too big issue if they are not file server.I don' t know any replacement of such operation, there are two choises: use or not (be or not to be :)) ). And also I heard about MS policy declares one server for each role.:))) But ..... As I said there are different orgs in or with different conditions.> For lazy admins on small park, it could be. For DC with short names in a big park, you lose time opening the network > neighborhood, waiting it fill up, dig into declared machines to find the one you was looking for rather than just typing "\\my_dc_name" in windows > explorer address bar.For first two statements see above. :)) About losing time, in my oppinion not always, because list is builded for some time (not zerod after 1 minute) . Regarding typing of \\DC_name, your users and admis have to be equiped with big memory. :))) Sometimes is quite difficult to remember of 2 DCs names (even one DC name) , but if you talked about 50+ DCs or many DCs + some fileservers ... You are a monster. :))> "lack of discussion" functionality: what did you meant?I meant that absence of functionality we duscussed about. Not else.> They really stopped digging into Samba AD because they didn't find their DC in the network neighborhood? No they must have better reasons I think.Please take in mind, that Samba3/4 Nmbd functionality is not limited of showing/hiding Samba3/4 server itself at Net list, it can (or often is) be as LMB (local master) and/or DMB (domain master) that means quite more, means maintaining and providing Nethood list to other DCs, servers, clients.> Good luck! Always a good idea to help opensource :)Thanks. Do you want to join me at this beginning ? :) P. S.: I offer to stop this duscussion.If Samba development team will addso to the code it is will be very nice. If you, mathias or others want to make it in your/their own or take part in it, it will benice also. :) If you or others want to help me in it, you are wellcome.
Rowland penny
2015-Dec-05 12:09 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
On 05/12/15 11:45, CpServiceSPb . wrote:>> There is nothing stopping you connecting directly to your shares, or using a domain member as a fileserver > I agree, but for most of users T talked with, via friendly name > (NetBios) but not quite long (DNS) is more comfortable. > >> In my personal opinion, you are risking trouble by still using XP, yes I know that sometimes you have to, but I would suggest that you start >> making plans to replace XP, I would not put it past microsoft coming up with something to stop later versions of windows connecting to XP PCs. >> You are also risking any unknown security holes (unknown to everybody but the black hats, that is) in XP, these holes will not be fixed. > 1. Windows 7/8 have NetBios functionality (NeighborHood browser ability) , > not only XP (and of course server line of MS have also) ; > 2. I know about that (risky and so on) . But there are different > conditions: financial, organization, lawing, technical, and so on, to go > faster to moving forward to Win after XP (life after death :)) ) . > > >> All I can suggest is you get hold of 'samba-master' from samba git and see if you can work out how to do this. To me 'C' comes between 'B' & >> 'D' :-D i.e. I haven't a clue > Not much, but thank you. > I did at such way when I began to write (code) multi group LMB/DMB > functionlity among IP address space for Nmbd and now I have almost > completely working solution (that allows browsing even for roadwarriors, > what was necessary for me) . > > > *For mathia * > > I worked for years for a small company building planes: Airbus. They do > have lot of DC, lot of file servers, they use ADAM intensively too. I don't >> remember they were using WINS service. DC are > meant to authenticate > clients. That specific process is based on DNS to guess where to > authenticate. >> In fact having DC in network neighborhood is good for mini-parks only. If > you have 2 files >> server and 2 DC, 50 clients, at worst you will have 54 entries in network > neighborhood. Now think about same network neighborhood when you have 50 >> DC, 250 file servers and tenths of >> thousands clients. Wouldn't be easier for your users to have only these > file servers in their network neighborhood rather than all clients + all DC > + >> somewhere in the middle some lost file servers? > As I mentionrd above, there are different situation in different > organizations, commercial/non commercial/edicational/military/peaceful. :) > Mostly using of NetBios abilities is applicable for home/small/medium > business. > But even in big business companiest it can be used via Wins. > No, for conditions I touched with, wouldn' t. > It would easy for users (first of all and then for lazy admins :)) ) to > have choise to make possibility to see computers at list (including file > servers) or not to see. > Users who can/wants to use accss to servers/computers by name they are > wellcome, users who can /want to access internal resources by IP or by > other way (DNS or other which is used at your organization) , they are > wellcome. > Society of freedom choise. Is it ? > > By the way, why is it good for miniparks only ? You may not answer to this > question. It can well working for quite big parks also. > If you meant broadcast, I may partially agree with you, but modern netcards > as communication lines have big broadband. :)) > >> I'm lacking knowledge about MS AD but I was believing AD was coming with its own replacement of that election process. >> If I'm wrong the fact DC are not part of that process does not seems to be a too big issue if they are not file server. > I don' t know any replacement of such operation, there are two choises: use > or not (be or not to be :)) ). > And also I heard about MS policy declares one server for each role.:))) > But ..... > As I said there are different orgs in or with different conditions. > >> For lazy admins on small park, it could be. For DC with short names in a big park, you lose time opening the network >> neighborhood, waiting it fill up, dig into declared machines to find the one you was looking for rather than just typing "\\my_dc_name" in windows >> explorer address bar. > For first two statements see above. :)) > About losing time, in my oppinion not always, because list is builded for > some time (not zerod after 1 minute) . > Regarding typing of \\DC_name, your users and admis have to be equiped with > big memory. :))) > Sometimes is quite difficult to remember of 2 DCs names (even one DC name) > , but if you talked about 50+ DCs or many DCs + some fileservers ... > You are a monster. :)) > >> "lack of discussion" functionality: what did you meant? > I meant that absence of functionality we duscussed about. Not else. > >> They really stopped digging into Samba AD because they didn't find their DC in the network neighborhood? No they must have better reasons I think. > Please take in mind, that Samba3/4 Nmbd functionality is not limited of > showing/hiding Samba3/4 server itself at Net list, it can (or often is) be > as LMB (local master) and/or DMB (domain master) that means quite more, > means maintaining and providing Nethood list to other DCs, servers, clients. > >> Good luck! Always a good idea to help opensource :) > Thanks. Do you want to join me at this beginning ? :) > > P. S.: I offer to stop this duscussion.If Samba development team will addso > to the code it is will be very nice. > If you, mathias or others want to make it in your/their own or take part in > it, it will benice also. :) > If you or others want to help me in it, you are wellcome.Obviously to you, the lack of network browsing is a big deal, to others, it is just not that important. There are things required that take priority over this, so until one of the main developers (or more likely, their employer) require it, network browsing will probably not get 'fixed'. If you can fix it, you will need to supply patches against samba-master to either samba-technical or https://github.com/samba-team/samba Rowland
mathias dufresne
2015-Dec-07 09:20 UTC
[Samba] Functionality of Nmbd at Active Directory mode of Samba4 !
2015-12-05 12:45 GMT+01:00 CpServiceSPb . <cpservicespb at gmail.com>:> > > *For mathia * > > I worked for years for a small company building planes: Airbus. They do > have lot of DC, lot of file servers, they use ADAM intensively too. I don't > > remember they were using WINS service. DC are > meant to authenticate > clients. That specific process is based on DNS to guess where to > authenticate. > > In fact having DC in network neighborhood is good for mini-parks only. If > you have 2 files > > server and 2 DC, 50 clients, at worst you will have 54 entries in network > neighborhood. Now think about same network neighborhood when you have 50 > > DC, 250 file servers and tenths of > > thousands clients. Wouldn't be easier for your users to have only these > file servers in their network neighborhood rather than all clients + all DC > + > > somewhere in the middle some lost file servers? > As I mentionrd above, there are different situation in different > organizations, commercial/non commercial/edicational/military/peaceful. :) > Mostly using of NetBios abilities is applicable for home/small/medium > business. > But even in big business companiest it can be used via Wins. >What gives you Wins? The ability to use short names I believe. Active Directory uses DNS to store hosts names. Yes they are stored in a long form called FQDN which is boring to type but MS Windows systems comes with domains search options, as are UNIXes boxes. Filling some searched domain you should be able to use short names, as if you were having Wins.> No, for conditions I touched with, wouldn' t. >I did not understand anything.> It would easy for users (first of all and then for lazy admins :)) ) to > have choise to make possibility to see computers at list (including file > servers) or not to see. >As explained, users don't have to access DC. DC are meant to discuss with others systems (OSes) to authentication. No access means no need to put them into Network Neighborhood. Admins can access DC with short names as explained earlier.> Users who can/wants to use accss to servers/computers by name they are > wellcome, users who can /want to access internal resources by IP or by > other way (DNS or other which is used at your organization) , they are > wellcome. > Society of freedom choise. Is it ? >Again, I don't understand why you write that: we can access DC using \\<ip_adress> or \\<fqdn> or \\<hostname without DNS domain if you are able to configure your Windows> So it seems to me you shout against something which is working as expected...> > By the way, why is it good for miniparks only ? You may not answer to this > question. It can well working for quite big parks also. > If you meant broadcast, I may partially agree with you, but modern netcards > as communication lines have big broadband. :)) >No I did not meant broadcast issue but organizational issue. I give (again) the example: You have 10 DC. You have 50 servers (files servers) You have 2000 workstations. Files servers are in network neighborhood, so 50 entries in there. Workstations are in network neighborhood, 2050 entries in there. You add your 10 DC in network neighborhood and you have 2060 entries in your network neighborhood. I can't see how it simpler to look for into a list of 2000+ entries manually to find one server when you can access it by IP, FQDN or shortname (again, short name is accessible only for admin who know how to configure a MS Windows system).> > > I'm lacking knowledge about MS AD but I was believing AD was coming with > its own replacement of that election process. >We saw : )> > If I'm wrong the fact DC are not part of that process does not seems to > be a too big issue if they are not file server. >That's it, no issue if they are not files server.> > I don' t know any replacement of such operation, there are two choises: use > or not (be or not to be :)) ). > And also I heard about MS policy declares one server for each role.:))) > But ..... > As I said there are different orgs in or with different conditions. > > > For lazy admins on small park, it could be. For DC with short names in a > big park, you lose time opening the network > > neighborhood, waiting it fill up, dig into declared machines to find the > one you was looking for rather than just typing "\\my_dc_name" in windows > > explorer address bar. >Once more, learn how to configure searched domains on MS Windows systems.> > For first two statements see above. :)) > About losing time, in my oppinion not always, because list is builded for > some time (not zerod after 1 minute) . > Regarding typing of \\DC_name, your users and admis have to be equiped with > big memory. :))) > Sometimes is quite difficult to remember of 2 DCs names (even one DC name) > , but if you talked about 50+ DCs or many DCs + some fileservers ... > You are a monster. :)) > > > "lack of discussion" functionality: what did you meant? > > I meant that absence of functionality we duscussed about. Not else. > > > They really stopped digging into Samba AD because they didn't find their > DC in the network neighborhood? No they must have better reasons I think. > > Please take in mind, that Samba3/4 Nmbd functionality is not limited of > showing/hiding Samba3/4 server itself at Net list, it can (or often is) be > as LMB (local master) and/or DMB (domain master) that means quite more, > means maintaining and providing Nethood list to other DCs, servers, > clients. > > > Good luck! Always a good idea to help opensource :) > > Thanks. Do you want to join me at this beginning ? :) >No. As explained I can't see any interest in that. For me network neighborhood is THE place to avoid. Perhaps because I work for big company for too much time. And something else: I'm currently working for a big company, trying to design a (very) big domain. We are already trying to find financial resources to help Samba team to develop what we need for scalability. In others words, we have already enough to do with our own issues.> > P. S.: I offer to stop this duscussion.If Samba development team will addso > to the code it is will be very nice. > If you, mathias or others want to make it in your/their own or take part in > it, it will benice also. :) > If you or others want to help me in it, you are wellcome. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Functionality of Nmbd at Active Directory mode of Samba4 !
- Functionality of Nmbd at Active Directory mode of Samba4 !
- Fwd: Functionality of Nmbd at Active Directory mode of Samba4 !
- Fwd: Functionality of Nmbd at Active Directory mode of Samba4 !
- Fwd: Functionality of Nmbd at Active Directory mode of Samba4 !