[Samba] Re: Re: DC2 denies access when saving
Min Wai Chan
dcmwai at gmail.com
Sat Nov 8 09:50:10 MST 2014
Dear Louis and Rowland,
I've try to do as suggested
/root/.unison/default.prf
remove
perms=0
add
owner=true
group=true
But still the problem on folder removed still happen...
Strange...
On Mon, Nov 3, 2014 at 8:54 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
> Hai,
>
> Ok, this is an option also then.
> I'll go test this also, and if this works better, then lets adopt it.
>
> Greetz,
>
> Louis
>
>
> >-----Oorspronkelijk bericht-----
> >Van: rowlandpenny at googlemail.com
> >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> >Verzonden: maandag 3 november 2014 12:16
> >Aan: samba at lists.samba.org
> >Onderwerp: Re: [Samba] Re: Re: DC2 denies access
> >when saving
> >
> >On 03/11/14 08:12, L.P.H. van Belle wrote:
> >> Hai,
> >>
> >> Guys, some extra understanding.
> >>
> >>> This is what I cannot really understand, why use the rsync
> >command at
> >>> all, as it would seem that unison uses rsync itself to do
> >the copying,
> >> Rsync is use-ed to create the right direcotie structure with
> >all the needed ACL and ATTRS.
> >> Unison cant do that ( yet ) but unison can do bidirectional
> >sync of files.
> >> and together you get what we need.
> >>
> >>
> >>> OK, after reading the unison manpage several times, I think
> >I have it,
> >> >from /root/.unison/default.prf remove 'perms=0' and add
> >'owner=true' &
> >>> 'group=true' . This seems to fix the problem.
> >> That can be but should not be needed.
> >>
> >> remember, that i dont look het the rights on linux, and
> >mainly because of that sysvol
> >> is only used for windows.
> >>
> >> So idmappping not needed, rights, copied from DC1 to DC2 may
> >see different, but !
> >> not in windows.
> >>
> >> and if you want it really only for windows, and dont look to
> >much in the underlaying linux rights.
> >> add : acl_xattr:ignore system acl = ye
> >>
> >> last.
> >>
> >> I saw something with errors on DC2 about when creating etc.
> >> where the prileges set on the second DC?
> >>
> >>
> >>
> >> Louis
> >>
> >>
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: rowlandpenny at googlemail.com
> >>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> >>> Verzonden: zondag 2 november 2014 23:01
> >>> CC: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] Re: Re: DC2 denies access
> >>> when saving
> >>>
> >>> On 02/11/14 17:10, Min Wai Chan wrote:
> >>>> Hi Rowland,
> >>>>
> >>>> You are correct...
> >>>>
> >>>> Let us ask Louis...
> >>>>
> >>>> Dear Louis,
> >>>>
> >>>> Can help us on this?
> >>>>
> >>>> Thank you
> >>>>
> >>>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
> >>>> <rowlandpenny at googlemail.com
> >>> <mailto:rowlandpenny at googlemail.com>> wrote:
> >>>> On 02/11/14 16:00, Rowland Penny wrote:
> >>>>
> >>>> On 02/11/14 15:29, ?icro MEGAS wrote:
> >>>>
> >>>> Indeed, it deleted these two mentioned directories, it
> >>>> also tried to delete the directory
> >>>> {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it
> >wasn't able
> >>>> to do so.
> >>>>
> >>>> I played around a bit and actually in my opinion
> >>>> rsync+unison is *not* behaving correctly as one would
> >>>> expect. For example: I am creating a new file or
> >>> directory
> >>>> on dc2:/var/lib/samba/sysvol/mydom.example.com
> >>>> <http://mydom.example.com> called "test"
> >>>>
> >>>> After I run the rsync+unison command on DC1,
> >this file or
> >>>> directory called "test" gets deleted on DC2.
> >That's not
> >>>> what I would expect. What I expected is that this
> >>>> file/directory would be copied from DC2 to
> >DC1. The setup
> >>>> works only in one direction at the moment,
> >that mean when
> >>>> I create something on DC1 it is successfully
> >>> synced to DC2
> >>>> but _not vice-versa_ :(
> >>>>
> >>>> So in my opinion there is a misconfigured
> >rsync+unison.
> >>>> How do we set this thing up so both directions work?
> >>>>
> >>>> Mirco
> >>>>
> >>>> You would seem to be correct, I rsync'd
> >/var/lib/samba/sysvol
> >>>> to /var/test/samba and I have been testing with the
> >>> later dir.
> >>>> I run the line from the script (modified for
> >change of path)
> >>>> and my test sysvol was replicated to the second
> >DC, so far so
> >>>> good.
> >>>>
> >>>> root at dc02:~# cd /var/test/samba//sysvol/example.com
> >>>> <http://example.com>
> >>>> root at dc02:/var/test/samba/sysvol/example.com#
> >>>> <http://example.com#> ls -la
> >>>> total 32
> >>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
> >>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
> >>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
> >>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
> >>>>
> >>>> I then created a new directory on the second DC dc02
> >>>>
> >>>> root at dc02:/var/test/samba/sysvol/example.com#
> >>>> <http://example.com#> mkdir Test
> >>>> root at dc02:/var/test/samba/sysvol/example.com#
> >>>> <http://example.com#> chown root:3000000 Test
> >>>>
> >>>> root at dc02:/var/test/samba/sysvol/example.com#
> >>>> <http://example.com#> ls -la
> >>>> total 40
> >>>> drwxrwx---+ 5 root 3000000 4096 Nov 2 15:38 .
> >>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
> >>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
> >>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
> >>>> drwxrwx---+ 2 root 3000000 4096 Nov 2 15:38 Test
> >>>>
> >>>> I then ran the line from the script again on dc01
> >>>>
> >>>> root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
> >>>> /var/test/samba/sysvol root at DC02:/var/test/samba &&
> >>>> /usr/bin/unison
> >>>> building file list ... done
> >>>> sysvol/example.com/ <http://example.com/>
> >>>> deleting sysvol/example.com/Test/
> ><http://example.com/Test/>
> >>>>
> >>>> sent 973 bytes received 15 bytes 658.67 bytes/sec
> >>>> total size is 0 speedup is 0.00
> >>>> Contacting server...
> >>>> Connected [//dc01//var/test/samba ->
> >//dc02//var/test/samba]
> >>>> Looking for changes
> >>>> Waiting for changes from server
> >>>> Reconciling changes
> >>>> Nothing to do: replicas have not changed since last sync.
> >>>>
> >>>> If I now check if the new directory is still there:
> >>>>
> >>>> root at dc02:/var/test/samba/sysvol/example.com#
> >>>> <http://example.com#> ls -la
> >>>> total 32
> >>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
> >>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
> >>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
> >>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
> >>>>
> >>>> It has been removed and I think I understand why, rsync is
> >>>> removing it:
> >>>>
> >>>> building file list ... done
> >>>> sysvol/example.com/ <http://example.com/>
> >>>> deleting sysvol/example.com/Test/
> ><http://example.com/Test/>
> >>>>
> >>>> So how do we stop rsync removing anything that is
> >not on the
> >>>> first DC ????
> >>>>
> >>>> Rowland
> >>>>
> >>>> OK, got past that problem, remove '--delete-after'
> >from the rsync
> >>>> command. Now for the next problem, the test dir is
> >not deleted on
> >>>> the second DC, but when unison syncs it to the first DC,
> >>> it is set
> >>>> as belonging to 'root:root' even though it belongs to
> >>>> 'root:3000000' on the second DC.
> >>>>
> >>>>
> >>>> Rowland
> >>>>
> >>>> --
> >>>> To unsubscribe from this list go to the following URL
> >>> and read the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>
> >>>>
> >>> OK, after reading the unison manpage several times, I think
> >I have it,
> >> >from /root/.unison/default.prf remove 'perms=0' and add
> >'owner=true' &
> >>> 'group=true' . This seems to fix the problem.
> >>>
> >>> Rowland
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions: https://lists.samba.org/mailman/options/samba
> >>>
> >>>
> >OK, I am testing on a test dir '/var/test/samba', I rsync'd
> >/var/lib/samba/sysvol' to the test dir and then tested copying between
> >my two DC's.
> >
> >My '/root/.unison/default.prf' now looks like this:
> >
> ># Unison preference file
> ># Synchronization roots
> ># This machine
> >root = /var/test/samba
> ># Remote machine
> ># Note the 2 x / behind DC02, they are required
> >root = ssh://root@DC02//var/test/samba
> >#
> ># Path to synchronize
> >path = sysvol
> >#
> >#ignore = Path stats ## ignores /var/www/stats
> ># copymax & maxthreads params were set to 1 for easier troubleshooting.
> ># Have to experiment to see if they can be increased again.
> >auto=true
> >batch=true
> >rsync=true
> >maxthreads=1
> >retry=3
> >confirmbigdel=false
> >servercmd=/usr/bin/unison
> >copythreshold=0
> ># removed --compress from following two lines, z is --compress
> >copyprog = /usr/bin/rsync -XAavz --inplace
> >copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
> >copyquoterem = true
> >copymax = 1
> >owner=true
> >group=true
> >
> >Running 'rsync -XAavz -f"+ */" -f"- *" /var/test/samba/sysvol
> >root at DC02:/var/test/samba && /usr/bin/unison' syncs
> >'/var/test/samba/sysvol' to the second DC.
> >
> >If I add another dir inside '/var/test/samba/sysvol' and run
> >the command
> >again, the dir is then synced to the second DC.
> >
> >If I add another dir inside '/var/test/samba/sysvol' on the second DC
> >and run the command again, the dir is then synced to the first DC.
> >
> >I now have two identical directories, one on my first DC, the other on
> >the second DC, if I run 'getfacl' on any of the directories or
> >files, I
> >get exactly the same results, all the directories & files are owned by
> >the same user & group.
> >
> >This is, in my opinion, better than having files owned by different
> >users on different DC's.
> >
> >Rowland
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list