[quote=“salvois, post:12, topic:4865, full:true”]
As a side note, I still don’t get why Samba has to be run in a container. [/quote]
I fully share. I’m discovering Nethserver I can’t yet figure out why such constraint, design choice or whatever reason behind this.
However I’m very far from having read lot of documentation or forum yet.
Nevertheless, it looks very strange too me
I even don’t understand what could be the added value Well, I do understand that POSIX ACL won’t work. OK, fine, what does it really mean? I mean in real deployment scenario?
It doesn’t mean DC as a container but means two Samba deployments, one acting as DC and the other as files sharing server, joining domain exposed by DC. Is it what NS provides? (I didn’t work back, hands on, on my broken NS server yet, trying for the time being to understand the logic behind its general design)
Comment from Samba team on this specific topic:
[quote]The default file server in Samba 4.0 is our smbd file server from Samba
3.x, simply updated with the latest work from that line of
No matter if you are running an AD DC, or a file server as a member
server, we use the same code for file server operations. However, some
support infrastructure varies between the operating modes, and some
options are forced on in the AD DC, so as to emulate NT ACLs in the way
we must for the SYSVOL share. We also use a different winbind
For smaller sites, where there is just one server, using the AD DC as
the file server is perfectly fine and supported. It will work well.
For other (generally larger) sites, the knowledge that the file server
and DC can be configured, upgraded and replicated independently will be
far more important, and so follow our advise to separate these roles.