Date: Wed, 25 May 2016 19:21:57 +0200 From: Andrea Venturoli <ml@netfence.it> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: Samba on FreeBSD Message-ID: <6ac960f8-7f98-c6c6-5f42-e68ed5b0f1f1@netfence.it> In-Reply-To: <ed9551dcc02dc8f9f3f0fb55b83e5751.squirrel@webmail.harte-lyne.ca> References: <3119dd177e3d8cbbe74a91f30656a005.squirrel@webmail.harte-lyne.ca> <96f7c99f-832e-c43d-7c5f-18e918ad8364@netfence.it> <ed9551dcc02dc8f9f3f0fb55b83e5751.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/25/16 18:58, James B. Byrne wrote: >> AD: Yes, in a jail (mainly, but not only, because on an AD DC there >> are some limitations WRT to NSS; that lets the base system or another >> jail act as file server). >> > > > Could you explain this issue in greater detail? I am aware that the > Samba team advise against having a SAMBA file-server act as a DC. I > have not followed the reasoning very well however. > > What are the NSS issues to which you refer? Suppose you want (for whatever reason) to see the Samba users as UNIX users: you'll put something like "passwd: files winbind" in /etc/nsswitch.conf. AFAICT that's not going to work on the machine (phyisical, virtual, jail, etc...) where Samba is configured to be an AD DC (*). I'm not sure why, I think it has something to do with the way winbindd works, which is different on the DC. So I use a jail for the DC (where I'll have no need for UNIX users) and configure any other instance be a domain member. (*) Notice "AD DC"; it will work on an NT DC. The only nuisance is the need to use that jail for DNS. > What are the issues with Bhyve that make it not production ready? I never investigated (yet), so I can't answer. It's also possible I've fallen behind and bhyve now works well. > Additionally, if the SAMBA DC was hosted on a Bhyve VM and another > SAMBA file-share server for that domain was hosted in a different > Bhyve VM would that be a problem in your opinion? (Leaving aside bhyve specific problems, which, as I said earlier, I'm not entitled to consider), I don't think there would be any problem: that's what I'm doing with jails. > Thank you for your response. I greatly appreciate it. I have kept my > reply to you off-list since it is probably outside the scope of being > FreeBSD related. However, I have no objection to anything I write > herein showing up on the list should you deem it appropriate. Why? I thinks the community might benefit from this... let them decide :) bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ac960f8-7f98-c6c6-5f42-e68ed5b0f1f1>