[Samba] Sysvol Replication in Samba4

Sun Aug 26 15:27:09 MDT 2012

Hello alain,

Please find attached a script that used to have and that used to work 
quite decently.
It might need rework still it's based on rsync + csync so that posix 
rights and NTACLs are preserved during the copy.

I haven't touched them since at least 6 to 9 months so maintenance might 
be needed.

Matthieu.

On 08/25/2012 10:24 PM, Alain Foucher wrote:
> Hello Matthieu,
>
> Thanks for your answer
>
> we'll write the scripts
>
> regards
>
> Alain
>
>
> ----- Original Message ----- From: "Matthieu Patou" <mat at samba.org>
> To: <samba at lists.samba.org>
> Sent: Sunday, August 26, 2012 4:11 PM
> Subject: Re: [Samba] Sysvol Replication in Samba4
>
>
>> On 08/24/2012 07:21 PM, Fouchers's Family wrote:
>>> Hi,
>>>
>>> We installed a samba4 AD controller using Gpo for a small group of 
>>> users (5 users), everything is OK.
>>> (Samba4 beta 7 on Ubuntu 12.04)
>>>
>>> We installed another Samba4 AD controller as a BDC of the first one 
>>> with the command "samba-tool domain join" with succes.
>>>
>>> After checking this new installation, we saw that the sysvol share 
>>> was not replicated from the PDC and all the Policies are not present 
>>> in the BDC.
>>>
>>> At this stage of Samba4, is this feature  implemented ? Do we do it 
>>> manually by shelle scripts ?
>>>
>> No replication is not working yet you have to use scripts to do the 
>> sync.
>>
>> Matthieu.
>>
>>
>> -- 
>> Matthieu Patou
>> Samba Team
>> http://samba.org
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>> __________ Information provenant d'ESET NOD32 Antivirus, version de 
>> la base des signatures de virus 7417 (20120825) __________
>>
>> Le message a été vérifié par ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>

-- 
Matthieu Patou
Samba Team
http://samba.org

-------------- next part --------------
#!/bin/bash
#
# Copyright (C) Matthieu Patou <mat at matws.net> 2011-2012
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

export KRB5CCNAME=/tmp/sync.$$
. /usr/local/etc/ecv/list_dcs

contacteddc=0
me=`hostname -s`
domain=`hostname -d`
PROVISIONDIR=/usr/local/domain/$domain/
STAGING=$PROVISIONDIR/staging
SYSVOL=$PROVISIONDIR/sysvol

# Add some randomness 
sleep $(( $RANDOM % 50 ))
rm -rf $STAGING/*
kinit -k -t /etc/krb5.keytab  `hostname -s | tr "[:lower:]" "[:upper:]"`\$
date +%s >$SYSVOL/.flag
for dc in $LIST_DC; do
	if [ $dc == $me ]; then
		continue
	fi

	# can we ping this dc ?
	ping -c 2 $dc >/dev/null 2>&1
	if [ $? -ne 0 ]; then
		continue
	fi

	[ ! -f $STAGING/.lastts.$dc ]&& touch $STAGING/.lastts.$dc
		dc_account_name=`echo $me | tr "[:lower:]" "[:upper:]"`
		rsync  -X -u -a  $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING

	[ $? -ne 0 ]&& continue
	contacteddc=$(($contacteddc + 1))

	if [ -f $STAGING/sysvol/.flag ]; then
		# A sync is running on another dc ...
		now=`date +%s`
		ts=`cat $SYSVOL/.flag`
		delta=$(( $now - $ts ))
		if [ $delta -gt 300 ]; then
			echo -ne "A sync is already running on $dc for more than 5 minutes, you should "
			echo "check and if needed remove the following file: $SYSVOL/.flag"
		else
			sleep $(( $RANDOM % 50 + 20))
			rm -rf $STAGING/*
			rsync  -X -u -a  $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
			if [ -f $STAGING/sysvol/.flag ]; then
				#echo "Sync is running"
				rm -f $KRB5CCNAME
				[ -f $SYSVOL/.flag ]&& rm $SYSVOL/.flag
				exit 0
			fi
		fi
	fi
done

if [ $contacteddc -eq 0 ]; then
	if [ -f $STAGING/sysvol/.flag ]; then
		rm $STATING/sysvol/.flag
		exit 0
	fi
fi
csync $STAGING $SYSVOL
cd $STAGING
find . >/tmp/listfiles.$$
cd /

while read l; do
	nb=`getfattr -d -m "" "$SYSVOL/$l" 2>/dev/null |wc -l`
	nb2=`getfattr -d -m "" "$STAGING/sysvol/$l" 2>/dev/null |wc -l`
	if [ ! -L "$STAGING/sysvol/$l" -a $nb -eq 0 -a $nb2 -ne 0 ]; then
		echo "setting acls on $l"
		getfattr -d -m "" "$STAGING/sysvol/$l" 2>/dev/null | sed 's at staging/@@' |setfattr --restore=- 2>/dev/null
	fi
done </tmp/listfiles.$$

rm /tmp/listfiles.$$

rm -f $KRB5CCNAME
[ -f $SYSVOL/.flag ]&& rm $SYSVOL/.flag