[Samba] Domain DFS on samba 4

Robert Schetterer rs at sys4.de
Sun Oct 28 11:01:44 MDT 2012 

Am 28.10.2012 17:46, schrieb Ludovic Rouse-Lamarre:
> Hello,
> 
> Our company currently stores its data on centralized samba servers which
> causes performance problems for remote office employees. We are thinking
> of decentralizing the data with NAS in each office and synchronizing all
> the NAS on our central domain controller with MSDFS. I have heard this
> can be done in real time with Windows and Active Directory.
> 
> http://en.wikipedia.org/wiki/Distributed_File_System_(Microsoft)
> <http://en.wikipedia.org/wiki/Distributed_File_System_%28Microsoft%29>
> http://technet.microsoft.com/en-us/library/cc782417.aspx
> 
> The physical location of the data becomes transparent to the end user.
> The DFS path formed with the domain name remains \\DOMAINNAME\share123
> which points the client to the storage device which is physically
> closest to him (the local NAS), thus eliminating the latency problems
> and simplifying the paths to our servers.
> 
> We are currently running a Samba domain and we tend toward open source
> solutions but this is something we need. From what I understand Samba 3
> cannot run domain DFS because it requires Active Directory. I would like
> to know if this will be possible with Samba 4?
> 
> Respectfully,
> 

there are many ways keeping data in sync i.e
rsync, div cluster file systems ( all open source ) etc, so you need to look
what exact fits best to you
dfs might not be ,the best solution for your setup

anyway
look
http://www.samba.org/samba/docs/using_samba/ch08.html
...


Configuring Samba for Dfs

To act as a Dfs server, Samba 2.2 must be compiled with the --with-msdfs
configure option. (See Chapter 2 for instructions on configuring and
compiling Samba.) Samba 3.0 includes Dfs support by default and does not
need to be compiled with the --with-msdfs configure option.

Once a Dfs-enabled Samba server is running, there are just two steps to
serving a Dfs share. First we will set up a Dfs root directory on the
server, and then we will modify the smb.conf configuration file to
enable the share.
Setting up the Dfs root

First we need to create a directory to act as the Dfs root:

    # mkdir /usr/local/samba/dfs

This can be any directory, but it is important that it be owned by root
and given the proper permissions:

    # chown root:root /usr/local/samba/dfs
    # chmod 755 /usr/local/samba/dfs

The Dfs directory tree can have subdirectories and files, just like any
other shared directory. These will function just as they would in any
other share, allowing clients to access the directories and files on the
Samba server. The whole idea of Dfs, though, is to gather together
shares on other servers by making references to them in the Dfs tree.
The way this is implemented with Samba involves a clever use of symbolic
links, which can be in the Dfs root directory or any subdirectory in the
Dfs tree.

You are probably familiar with using symbolic links to create references
to files that exist on the same system, and perhaps crossing a local
filesystem boundary (which ordinary Unix links cannot do). But maybe you
didn't know that symbolic links have a more general functionality.
Although we can't display its contents directly, as we could with a text
or binary file, a symbolic link "contains" an ASCII text string naming
what the link points to. For example, take a look at the listing for
these symbolic links:

    $ ls -l wrdlnk alnk
    lrwxrwxrwx    1 jay      jay            15 Mar 14 06:50 wrdlnk ->
/usr/dict/words
    lrwxrwxrwx    1 jay      jay             9 Mar 14 06:53 alnk ->
dreamtime

As you can infer from the size of the wrdlnk link (15 bytes), the string
/usr/dict/words is encoded into it. The size of alnk (9 bytes) is
smaller, corresponding to the shorter name of dreamtime.

Now let's create a link in our Dfs root for an SMB share:

    # cd /usr/local/samba/dfs
    # ln -s 'msdfs:maya\e' maya-e
    # ls -l maya-e
    lrwxrwxrwx    1 root     root           12 Mar 13 17:34 maya-e ->
msdfs:maya\e

This link might appear as a "broken" link in a directory listing because
it points to something that isn't a file on the local system. For
example, the file command will report:

    $ file maya-e
    maya-e: broken symbolic link to msdfs:maya\e

However, maya-e is a valid reference to the \\maya\e share when used
with Samba's Dfs support. When Samba encounters this file, it sees the
leading msdfs: and interprets the rest as the name of a remote share.
The client is then redirected to the remote share.

When creating links in the Dfs root directory, simply follow the same
format, which in general is msdfs:server\share. Note that this is
similar to a UNC appended onto the msdfs: string, except that in this
case, the two backslashes preceding the server's name are omitted.

    TIP

    The names for the symbolic links in Dfs shares must be in all lowercase.

In addition to regular network shares, you can use symbolic links of
this type to reference Dfs shares on other Dfs servers. However,
referencing printer shares does not work. Dfs is for sharing files only.
Load balancing

To set up a load-balancing Dfs share, create the symbolic link like this:

    # ln -s 'msdfs:toltec\data,msdfs:mixtec\data' lb-data

That is, simply use a list of shares separated by commas as the
reference. Remember, it is up to you to make sure the shared folders
remain identical. Set up permissions on the servers to make the shares
read-only to users.

The last thing we need to do is to modify the smb.conf file to define
the Dfs root share and add Dfs support. The Dfs root is added as a share
definition:

    [dfs]
        path = /usr/local/samba/dfs
        msdfs root = yes

You can use any name you like for the share. The path is set to the Dfs
root directory we just set up, and the parameter msdfs root = yes tells
Samba that this share is a Dfs root.

To enable support for Dfs in the server, we need to add one line to the
[global] section:

    [global]
        host msdfs = yes

Restart the Samba daemons—or just wait a minute for them to reread the
configuration file—and you will see the new share from Windows clients.
If you have trouble accessing any of the remote shares in the Dfs share,
recheck your symbolic links to make sure they were created correctly.


.....

Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

More information about the samba mailing list