El 3/9/18 a les 17:13, Rowland Penny via samba ha escrit:> Yes, but it depends on how you run Samba. If you run Samba as a > standalone server you only need to run 'smbd', but running 'nmbd' as > well would be a good idea. > > If you run Samba as a PDC or BDC, the same as a standalone server goes. > > Anything else needs both smbd and winbind running.It doesn't make sense: 1) why should I need to run smbd if I'm not providing cifs services to other computers? 2) why does winbindd work for many days even with smbd not running? Shouldn't it just barf at startup or after a short wait if it really needs smbd? In any case I prefer my plaster instead of running a service that I don't need and could open the server to several vulnerabilities. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
El 3/9/18 a les 17:19, Luca Olivetti via samba ha escrit:> El 3/9/18 a les 17:13, Rowland Penny via samba ha escrit: > >> Yes, but it depends on how you run Samba. If you run Samba as a >> standalone server you only need to run 'smbd', but running 'nmbd' as >> well would be a good idea. >> >> If you run Samba as a PDC or BDC, the same as a standalone server goes. >> >> Anything else needs both smbd and winbind running. > > It doesn't make sense: > > 1) why should I need to run smbd if I'm not providing cifs services to > other computers? > > 2) why does winbindd work for many days even with smbd not running? > Shouldn't it just barf at startup or after a short wait if it really > needs smbd? > > In any case I prefer my plaster instead of running a service that I > don't need and could open the server to several vulnerabilities.The wiki agrees with the manpages: https://wiki.samba.org/index.php?title=Setting_up_Samba_as_a_Domain_Member#Starting_the_Services "If you set up file shares or printer services on the domain member, *additionally* (emphasis mine) start the smbd and nmbd service" Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
On Mon, 3 Sep 2018 17:19:02 +0200 Luca Olivetti via samba <samba at lists.samba.org> wrote:> El 3/9/18 a les 17:13, Rowland Penny via samba ha escrit: > > > Yes, but it depends on how you run Samba. If you run Samba as a > > standalone server you only need to run 'smbd', but running 'nmbd' as > > well would be a good idea. > > > > If you run Samba as a PDC or BDC, the same as a standalone server > > goes. > > > > Anything else needs both smbd and winbind running. > > It doesn't make sense: > > 1) why should I need to run smbd if I'm not providing cifs services > to other computers?What are you using the computer for then, it surely isn't for authentication, that is coming from the DC.> > 2) why does winbindd work for many days even with smbd not running? > Shouldn't it just barf at startup or after a short wait if it really > needs smbd?I am not saying winbind will not run by itself, it just really needs 'smbd' to be useful.> > In any case I prefer my plaster instead of running a service that I > don't need and could open the server to several vulnerabilities.Then put up with winbind dying on a regular basis. Rowland
On 09/03/2018 11:48 AM, Rowland Penny via samba wrote:> On Mon, 3 Sep 2018 17:19:02 +0200 > Luca Olivetti via samba <samba at lists.samba.org> wrote: > >> El 3/9/18 a les 17:13, Rowland Penny via samba ha escrit: >> >>> Yes, but it depends on how you run Samba. If you run Samba as a >>> standalone server you only need to run 'smbd', but running 'nmbd' as >>> well would be a good idea. >>> >>> If you run Samba as a PDC or BDC, the same as a standalone server >>> goes. >>> >>> Anything else needs both smbd and winbind running. >> >> It doesn't make sense: >> >> 1) why should I need to run smbd if I'm not providing cifs services >> to other computers? > > What are you using the computer for then, it surely isn't for > authentication, that is coming from the DC.I run firewalls with only winbind active, and it surely is being used for Proxy NTLM authentication (as fallback from Kerberos). Luckily I have not experienced problems like the other ones posted in this thread.> >> >> 2) why does winbindd work for many days even with smbd not running? >> Shouldn't it just barf at startup or after a short wait if it really >> needs smbd? > > I am not saying winbind will not run by itself, it just really needs > 'smbd' to be useful. > >> >> In any case I prefer my plaster instead of running a service that I >> don't need and could open the server to several vulnerabilities. > > Then put up with winbind dying on a regular basis. > > Rowland > > >
On Mon, 3 Sep 2018 17:38:58 +0200 Luca Olivetti via samba <samba at lists.samba.org> wrote:> El 3/9/18 a les 17:19, Luca Olivetti via samba ha escrit: > > El 3/9/18 a les 17:13, Rowland Penny via samba ha escrit: > > > >> Yes, but it depends on how you run Samba. If you run Samba as a > >> standalone server you only need to run 'smbd', but running 'nmbd' > >> as well would be a good idea. > >> > >> If you run Samba as a PDC or BDC, the same as a standalone server > >> goes. > >> > >> Anything else needs both smbd and winbind running. > > > > It doesn't make sense: > > > > 1) why should I need to run smbd if I'm not providing cifs services > > to other computers? > > > > 2) why does winbindd work for many days even with smbd not running? > > Shouldn't it just barf at startup or after a short wait if it > > really needs smbd? > > > > In any case I prefer my plaster instead of running a service that I > > don't need and could open the server to several vulnerabilities. > > The wiki agrees with the manpages: > > https://wiki.samba.org/index.php?title=Setting_up_Samba_as_a_Domain_Member#Starting_the_Services > > "If you set up file shares or printer services on the domain member, > *additionally* (emphasis mine) start the smbd and nmbd service" >It doesn't say that any more ;-) Rowland
El 3/9/18 a les 17:48, Rowland Penny via samba ha escrit:>> >> It doesn't make sense: >> >> 1) why should I need to run smbd if I'm not providing cifs services >> to other computers? > > What are you using the computer for then, it surely isn't for > authentication, that is coming from the DC.I'm using it for what the winbindd man page says: "winbindd is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself. Even if winbind is not used for nsswitch, it still provides a service to smbd, ntlm_auth and the pam_winbind.so PAM module, by managing connections to domain controllers."> >> >> 2) why does winbindd work for many days even with smbd not running? >> Shouldn't it just barf at startup or after a short wait if it really >> needs smbd? > > I am not saying winbind will not run by itself, it just really needs > 'smbd' to be useful.Uh? It's perfectly useful by itself to provide the services mentioned in its manpage.> >> >> In any case I prefer my plaster instead of running a service that I >> don't need and could open the server to several vulnerabilities. > > Then put up with winbind dying on a regular basis.That's not because smbd is not running. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007