Web lists-archives.com

Re: [Samba] Minimal AD DC server for dev/test setup




On Tue, 2017-12-19 at 11:07 -0500, Martin Langhoff via samba wrote:
> About the last question, I'll be reading up on samba-tool. Apologies.
> 
> A better question is: can I run the DC without an attached DNS server? How
> little can I get away with running?
> 
> In my imagination, I should be able to run just the LDAP+Kerberos parts,
> AIUI that's all I need, skipping DNS, fileserving, winbind, etc; blame this
> on my view of AD as a quirky LDAP. Again, scoped for my use cases, which
> are essentially LDAP-connection-and-lookup against the AD-flavored LDAP
> that AD contains.

Yes.  You can set 'server services = ldap' and just run LDAP.  If you
are just doing simple binds you won't even need the KDC.  That should
be enough to keep a web app happy.

Be aware that this configuration isn't tested by the Samba Team, so
watch out on upgrades as we may add a dependency on other services, but
give it a go. 

This certainly should help you test your work against 'AD' without all
that fiddling about with Windows, which I guess is your goal. :-)

All the best,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba