John te Bokkel
2016-Nov-05 16:33 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
I understand from the wiki that I shouldn't have the domain controller also be the file server. Is it possible to to setup the domain controller in a chroot and have the file server run under regular root? Would it be better to setup a VM for the domain controller and have file server run on the main OS or vice-versa? Regards, John
Marc Muehlfeld
2016-Nov-05 16:48 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
Hi John, Am 05.11.2016 um 17:33 schrieb John te Bokkel via samba:> I understand from the wiki that I shouldn't have the domain controller also > be the file server. > > Is it possible to to setup the domain controller in a chroot and have the > file server run under regular root? > > Would it be better to setup a VM for the domain controller and have file > server run on the main OS or vice-versa?to run two Samba instances on the same host, you can create a NIC alias with an additional IP address and bind the Samba DC to one IP and the file server to the second. Of course you need two separate smb.conf files and configure individual database directories. And then start the daemons with the "-c" parameter and the path to the smb.conf file. Maybe this would be something new and interesting to discover and to document the procedure. I will think about it. :-) Regards, Marc
Rowland Penny
2016-Nov-05 16:50 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
On Sat, 5 Nov 2016 12:33:15 -0400 John te Bokkel via samba <samba at lists.samba.org> wrote:> I understand from the wiki that I shouldn't have the domain > controller also be the file server. > > Is it possible to to setup the domain controller in a chroot and have > the file server run under regular root? > > Would it be better to setup a VM for the domain controller and have > file server run on the main OS or vice-versa? > > Regards, > JohnTry reading the wiki again, especially this: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server Rowland
Rowland Penny
2016-Nov-05 19:00 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
On Sat, 5 Nov 2016 14:19:44 -0400 John te Bokkel <tanj.tanj at gmail.com> wrote:> On 5 November 2016 at 12:50, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > On Sat, 5 Nov 2016 12:33:15 -0400 > > John te Bokkel via samba <samba at lists.samba.org> wrote: > > > >> I understand from the wiki that I shouldn't have the domain > >> controller also be the file server. > >> > >> Is it possible to to setup the domain controller in a chroot and > >> have the file server run under regular root? > >> > >> Would it be better to setup a VM for the domain controller and have > >> file server run on the main OS or vice-versa? > >> > >> Regards, > >> John > > > > Try reading the wiki again, especially this: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > Rowland, > > I'm understanding then that it should be possible to run both the > domain controller and file sharing off the same samba instance > provided I setup libnss_winbind before setting up shares. > > I have read through some of the linked wiki articles. > https://wiki.samba.org/index.php/Idmap_config_ad there is a comment in > the smb.conf examples that says not to use these lines on a DC. Is > that referring to the "default (*)" lines or to all of the following > lines. > > Regards, > JohnIt references all the lines, they do absolutely nothing if added to a DCs smb.conf. I have moved the line to the top of the smb.conf fragments, I probably should have put them there in the first place. So to answer your original question, yes you can use a DC as a fileserver, Samba just doesn't recommended doing this and you need to set it up slightly differently from a domain member. Rowland
Linda W
2016-Nov-05 19:15 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
Marc Muehlfeld via samba wrote:> Hi John, > > Am 05.11.2016 um 17:33 schrieb John te Bokkel via samba: > >> I understand from the wiki that I shouldn't have the domain controller also >> be the file server. >> >> Is it possible to to setup the domain controller in a chroot and have the >> file server run under regular root? >> >> Would it be better to setup a VM for the domain controller and have file >> server run on the main OS or vice-versa? >> > to run two Samba instances on the same host, you can create a NIC alias > with an additional IP address and bind the Samba DC to one IP and the > file server to the second. Of course you need two separate smb.conf > files and configure individual database directories. And then start the > daemons with the "-c" parameter and the path to the smb.conf file. >--- Is there a target date for when the 4.x server will be able to support 1 samba instance being the domain controller and serving files as the 3.x server is able to do? I have been waiting for the 4.x server to become a full server before upgrading from 3.6.22, but it is getting a bit long in the tooth. The requirement that in upgrading to 4.x I'll still need to run a 3.6 server made the upgrade seem like alot of work for little gain (I only have a few users and most of them are "virtual me's"...). I guess I don't understand why the 3.6.x file-serving code wasn't just included in the 4.x. On some level, at *worst*, it seems like the 4.x code could include all the 3.6 file-serving code and just fork the that portion for files to be shared -- not ideal, but it *seems* better than "recommending" multiple machines. I did say "seems", as I don't know why it is suggested they be separate, so please forgive my ignorance in advance. I've been off the list (not by choice) due to some mail-server snafu that only affects the samba list, so it's been impossible to track. For some reason the problem has, (at least temporarily) gone away (I hate unexplained solutions almost as much as unexplained problems). Thanks, -linda my
mj
2016-Nov-05 19:26 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
Hi John,>> I understand from the wiki that I shouldn't have the domain controller also >> be the file server. >> >> Is it possible to to setup the domain controller in a chroot and have the >> file server run under regular root? >> >> Would it be better to setup a VM for the domain controller and have file >> server run on the main OS or vice-versa?Yes, we'd recommend: install a Virtual Machine on your fileserver host, and install a DC in that VM. We have been doing that for years. Works perfectly, and the machines are completely seperated and much more independant than with chroots etc. MJ
Lee Brown
2016-Nov-05 19:35 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
On Sat, Nov 5, 2016 at 12:00 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Sat, 5 Nov 2016 14:19:44 -0400 > John te Bokkel <tanj.tanj at gmail.com> wrote: > > > On 5 November 2016 at 12:50, Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > On Sat, 5 Nov 2016 12:33:15 -0400 > > > John te Bokkel via samba <samba at lists.samba.org> wrote: > > > > > >> I understand from the wiki that I shouldn't have the domain > > >> controller also be the file server. > > >> > > >> Is it possible to to setup the domain controller in a chroot and > > >> have the file server run under regular root? > > >> > > >> Would it be better to setup a VM for the domain controller and have > > >> file server run on the main OS or vice-versa? > > >> > > >> Regards, > > >> John > > > > > > Try reading the wiki again, especially this: > > > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_ > Active_Directory_Domain_Controller#Using_the_Domain_ > Controller_as_a_File_Server > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > Rowland, > > > > I'm understanding then that it should be possible to run both the > > domain controller and file sharing off the same samba instance > > provided I setup libnss_winbind before setting up shares. > > > > I have read through some of the linked wiki articles. > > https://wiki.samba.org/index.php/Idmap_config_ad there is a comment in > > the smb.conf examples that says not to use these lines on a DC. Is > > that referring to the "default (*)" lines or to all of the following > > lines. > > > > Regards, > > John > > It references all the lines, they do absolutely nothing if added to a > DCs smb.conf. > > I have moved the line to the top of the smb.conf fragments, I probably > should have put them there in the first place. > > So to answer your original question, yes you can use a DC as a > fileserver, Samba just doesn't recommended doing this and you need to > set it up slightly differently from a domain member. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaA VM is overkill, just use whatever container technology your OS provides. Under FreeBSD, I have, on the same hardware, 2 jailed DC's and 1 jailed file server.
Mike Lykov
2016-Nov-06 07:10 UTC
[Samba] How can I setup a Domain Controller and File Server on the same hardware
05.11.2016 20:33, John te Bokkel via samba пишет:> I understand from the wiki that I shouldn't have the domain controller also > be the file server. > > Is it possible to to setup the domain controller in a chroot and have the > file server run under regular root? > > Would it be better to setup a VM for the domain controller and have file > server run on the main OS or vice-versa?I use two openvz containters for this task. Running anything on "main os" (hardware node) is a bad idea. -- Mike