[Samba] Keeping idmap in sync cross DC
Rowland Penny
rpenny at samba.org
Wed Nov 22 15:45:52 UTC 2017
On Wed, 22 Nov 2017 16:01:17 +0200
Ian Coetzee via samba <samba at lists.samba.org> wrote:
> Hi Guys,
>
> I have run into a very interesting problem using GPO's on our DC's.
>
> As you may (or may not) know, we have migrated to a pure Samba4 (Git
> stable branch checkout) AD network. I can't be happier. *Kudos to the
> Samba team*
>
> We are running to DC's, DC1 and DC2, both full fledged DC's, both
> running CentOS 6.9, fully up to date.
>
> For the sysvol partition I decided to run a glusterfs between the
> DC's. I started out with a unison sync, but being the impatient
> person I am, I needed more real time.
>
> Now my problem is with the permissions in the sysvol folder structure.
>
Sorry, but your problem is that you missed this:
https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround#FAQ
Where it quite clearly says this:
Why can't I simply use a distributed filesystem like GlusterFS, Lustre, etc. for SysVol?
A cluster file system with Samba requires CTDB to be able to do it safely. And CTDB and AD DC are incompatible.
Rowland
More information about the samba
mailing list