30.01.2023 17:34, Rowland Penny via samba ?????:
[]> I think you just described running a DC on the bare metal and a Unix domain
member in a VM.
I would use it the other way 'round: DC in a VM (or better yet, a
container),
and domain member on bare metal (or both in containers). A DC is very well
suited for a container, - it is a small thing with its own
"ecosystem", used
basically for authentication and "finding things". While a regular
member
server is the one which serves files, often many of them, and this is where
most work is being done. This way, when the DC is in a container, it is
easier to install several DCs too (even two DCs on a single physical machine,
to be able to bring one of them down for maintenance and stuff like that).
Also, a DC install is easy to script/automate, since the configuration is
usually quite simple and self-contained.
The prob which I thought about is different though: somehow many people
don't
realize the differences between a DC and a regular file server, and at first
try to set up both on the same samba instance. Setting up containers or VMs
is too much work for some who aren't familiar with the concept (and while
regular tools always available on a typical linux distribution, - like
systemd-nspawn for example - can be used to run just a single application,
like samba, in a separate container without the need to install a whole
new system, - it turned out these aren't easy at all, - perhaps I should
write a how-to about running samba ad dc off the regular system in a
systemd-nspawn container).
It is like, huh, samba needs two machines now instead of one? that's
ridiculous, let's ignore this, I don't have another machine anyway.
And face issues later.
If the DC were easily available and can co-installable with a regular
member server (with single addition necessary, - an extra dedicated IP
address from private IP space), things would be easier for many.
But it wont work anyway, as noted in my other email in this thread.
Just too confusing.
/mjt