31.01.2023 22:32, Andrew Bartlett via samba wrote:> On Mon, 2023-01-30 at 16:44 +0300, Michael Tokarev via samba wrote:
>> After realizing that people don't realize (heh) samba DC isnot a
>> regular fileserver, an idea come to me.
>> How about building two different samba packages (on a
>> distributionsuch as debian), one being a regular file server and
>> another isjust for an AD DC, and make them *co-installable*, so each
>> hasits own set of config/library/cache/runtime files?
>
> I think that would be a pile of pain, and cause to many conflicts.
I don't (yet) see any conflicts in there besides the already mentioned
one: where things like nsswitch should point to (and it looks like it
should point to the DC). Other than that, things look quite smooth.
However, the more I think about that, the less I like the whole thing.
Not because of the conflicts, but because of the unusual/non-standard/
confusing two sets of binaries and control tools. For example, there
will be two samba-tools and smbstatus, - either named differently,
like samba-tool and samba-tool.dc (and all other tools need to be able
to find the right one), or put into different dirs to adjust PATH
(with the same problem finding the right one). It will be too clumsy
as a whole.
..> Alternative packages would be a reasonable outcome, but not co-
> installable.
I think you're right here.
Or maybe it's better to spend efforts in building whole thing with MIT,
fixing the issues and removing the -experimental- tag from this DC.
I'm being asked for mit-krb5 build of samba on a regular basis, and
I know why, - when you actually use kerberos, you understand that
heimdal is really lacking in some areas. For one, I haven't found a
way to use smartcards/tokens with heimdal, while with mit-krb5 it
just works out of the box.
Thank you for the answer!
/mjt