Enabling s3fs on samba4 DC

Daniele Dario d.dario76 at gmail.com
Tue Aug 28 02:16:13 MDT 2012 

Hi Andrew,

On Tue, 2012-08-28 at 15:21 +1000, Andrew Bartlett wrote:
> On Mon, 2012-08-27 at 10:35 +0200, Daniele Dario wrote:
> > Hi samba team,
> > it's a long time since my last question and I've seen many progresses
> > during this time so I'll say you "great job guys".
> > 
> > In my installation I have 2 s4 DCs (at the moment DC1 is Version
> > 4.0.0beta3-GIT-d1aeb2d and DC2 is Version 4.0.0beta3-GIT-c983ea8) both
> > are using bind 9.9 + samba_dlz for DNS and they are running without
> > problems since my last update to beta3 (again great job guys).
> > 
> > I'm planning to move network shares from a s3 fileserver which is joined
> > to the domain to DC2 and I'd use s3fs (to reduce HW) but I've heard that
> > there are some things to do when changing from NTVFS to s3fs (both DCs
> > are using NTVFS) so can someone please point me to the right way to
> > proceed?
> 
> 
> 
> > Is it better to upgrade to latest beta release before to migrate from
> > NTVFS to S3FS?
> 
> Please either wait for beta7 (very soon) or use GIT master.  I've
> finally fixed a lot of issues here. 
> 
> It won't really matter, but you can do it in stages if you like.
> 
> > When upgrading to latest release I would run samba-tool dbcheck
> > --cross-ncs --fix on the installation I've upgraded before to start
> > samba am I right?
> 
> Yes.
> 
> If you only have a sysvol share, then running:
> 
> samba-tool ntacl sysvolreset
> 
> after configuring it back to the default file server (s3fs) will set the
> POSIX ACLs you need.
> 
> > This should check and fix dbs in the DC I've upgraded so shall I check
> > something before to restart samba to avoid replication problems with the
> > other DC?
> 
> Honestly, I don't think we changed anything that this will matter for
> since beta3, so don't worry too much.
> 
> > I would start upgrading the "secondary" DC and once it is again ok and
> > running I would do the same on the "primary", am I right?
> 
> That should be OK.
> 
> Andrew Bartlett
> 

I upgraded to latest git (Version 4.0.0beta7-GIT-b05d28e) secondary DC
and this is the response of dbcheck:

[root at kdc02:~/samba4/samba-master]# samba-tool dbcheck --cross-ncs --fix
Checking 4207 objects
ERROR: parent object not found for CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
Move object CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local into LostAndFound? [y/N/all/none] y
Failed to rename object CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local into lostAndFound at CN=NTDS Settings\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=LostAndFoundConfig,CN=Configuration,DC=saitelitalia,DC=local : (32, 'objectclass: Cannot rename CN=NTDS Settings\\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02\\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local, entry does not exist!')
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,CN=Configuration,DC=saitelitalia,DC=local' [y/N/all/none] y
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=DomainDnsZones,DC=saitelitalia,DC=local' [y/N/all/none] y
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=ForestDnsZones,DC=saitelitalia,DC=local' [y/N/all/none] y
Fix isDeleted originating_change_time on 'CN=Deleted
Objects,DC=saitelitalia,DC=local' [y/N/all/none] y
Checked 4207 objects (5 errors)

Retrying 

[root at kdc02:~/samba4/samba-master]# samba-tool dbcheck --cross-ncs --fix
Checking 4207 objects
ERROR: parent object not found for CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
Move object CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local into LostAndFound? [y/N/all/none] y
Failed to rename object CN=NTDS Settings
\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02
\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local into lostAndFound at CN=NTDS Settings\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=LostAndFoundConfig,CN=Configuration,DC=saitelitalia,DC=local : (32, 'objectclass: Cannot rename CN=NTDS Settings\\0ADEL:66e2d411-467c-4375-b6f6-0408c2fa6544,CN=KDC02\\0ADEL:fed27b3b-88f2-4360-97f2-e28e8372ccc9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local, entry does not exist!')
Checked 4207 objects (1 errors)

This seems to be a non blocking error because I restarted samba4 on the
secondary DC and all seems to be ok.

Now I will run samba-tool ntacl sysvolreset but this should be done with
samba stopped am I right?
Before to restart the service I have to enable s3fs and disable ntvfs
isn't it?

Thanks,
Daniele.

More information about the samba-technical mailing list