Web lists-archives.com

Re: [Samba] Q: Samba4 AD DC & small office file sharing

On Wed, 30 May 2018 06:44:27 +1200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Tue, 2018-05-29 at 18:20 +0100, Rowland Penny via samba wrote:
> > On Tue, 29 May 2018 09:57:50 -0700
> > Jeremy Allison <jra@xxxxxxxxx> wrote:
> > 
> > No and nobody else does and we never will do, if we keep saying 'do
> > not use a DC as a fileserver'. 
> G'Day Rowland,
> Thanks for raising this.  To be clear, this wasn't ever meant to be as
> absolute as that, and like Microsoft's 'don't change the schema' from
> the days of Windows 2000, it has got a little out of control.
> In the same way that a warning intended to give administrators pause
> for thought has taken years to undo (I spoke long ago with the
> Microsoft engineer who first gave the warnings to be careful about the
> schema), this is perhaps the same.
> The reasons are this:
>  - For anything but the smallest organisations, having more than one
> DC is a really good backup measure, and makes upgrades safer:
>   - It encourages upgrades of the DC to also be upgrades of the host
> OS every year or two, because there isn't complex data to transition
> or other services involved. 
>   - This means upgrades can be done installing fresh, and replicating
> in the changes, which is better tested in Samba, gains new features
> and avoids a number of lingering data corruption risks. 
>  - The DC and file-server have different points at which an
> organisation would wish to upgrade.  The needs for new features on the
> DC and file server come at different times.  Currently the AD DC
> evolves rapidly to gain features whereas the fileserver after over 20
> years is quite rightly more conservative.   
>  - The mandatory smb signing on the DC.
> Finally, in terms of reasons that don't apply any more:
>  - In Samba 4.0 we shipped a different, much less capable 'winbind'
> service in the AD DC.  We don't any more, we just plug in to the
> common winbindd codebase (just self-starting it as a forked child for
> samba).
> Anyway, as I say, it was set down just to give folks pause for
> thought, not as a total prescription.  Samba remains free software
> and folks will use it as they want.
> I hope this clarifies things and you are welcome to embellish the wiki
> with the above.
> Andrew Bartlett

So I take it from the above, that whilst it isn't a good idea to use a
DC as a fileserver if you have the resources, it will work for a
small office set up.

I will use the information above to update the wiki and I feel that I
should point out that I didn't start this thread.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba