[Samba] Rsyncing Samba4 Roaming Profiles between servers

Mon Apr 22 04:06:08 MDT 2013

are you using getfattr to check ntacl attributes? getfattr -d -m ".*"
<folder> should dump all extended attributes, itll return a "Not available"
on security.NTACL if there are no extended attributes.

On Mon, Apr 22, 2013 at 7:24 PM, Rob Beard <rob at mareandfoal.org> wrote:

>
>
> On 17/04/2013 16:32, Rob Beard wrote:
>
>> Hi folks,
>>
>> I've got a bit of an issue with roaming profiles and I wondered if someone
>> might be able to help please? :-)
>>
>> We've started rolling out Samba 4 across our network.  Currently it's on 3
>> of our 4 sites, one site has two Samba servers and two sites have one
>> Samba
>> server each (well one site has two Samba 4 servers but one of the servers
>> was an oldish test box which I'm planning on removing from AD when I can
>> work out how to, but that's a separate issue).
>>
>> I've managed to get roaming profiles working for the users on each site.
>> Each user is currently configured to store their roaming profile on the
>> server on the site that they're based at.  This seems to work pretty well
>> with our Windows 7 clients and the users are happy that they can now login
>> to any PC and get their desktop icons etc.
>>
>> Now my boss would like the ability to be able to login to a PC on a remote
>> site (as in, not the site where his roaming profile is stored) and have
>> the
>> profile available.  It seems to work without making any changes but it is
>> quite slow logging on and off (I put this down to the fairly slow ADSL
>> links we have between the sites).
>>
>> I was giving the issue some thought and tried creating a test user and
>> changing the profile path to %logonserver%\profiles\user.**name<http://user.name>which when
>> logging on created a profile on the logon server of whichever site I was
>> at.
>>
>> However, I tried then rsyncing this profile across from one server at one
>> site to another server (I've also tried it between two servers on the same
>> site) but the permissions seem to get corrupted...
>>
>> If I look at the permissions in a Linux terminal I get the following...
>>
>> Output from ls -lh on Server 1:
>> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>>
>> Output from ls -lh on Server 2:
>> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>>
>> So the permissions look okay to me unless I'm missing something.
>>
>> If I check the permissions of the two profile folders in Windows 7 I get
>> the following:
>>
>> Server 1 Permissions:
>>
>> SYSTEM - Full Control
>> Charles.Carmichael - Full Control
>>
>> Server 2 Permissions:
>>
>> Everyone - None
>> RANDOMPC$ - Full Control
>> Random Group - Full Control
>> Domain Users - None
>> CREATOR OWNER - Special
>> CREATOR GROUP - Special
>>
>> On Server 1 the owner is the user of the profile, on Server 2 the owner is
>> RANDOMPC$.
>>
>> Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64
>> with the kernel 2.6.32-5-amd64.  If it helps the filesystems are ext4 and
>> have the options user_xattr,acl,barrier=1 in fstab.
>>
>> What we'd like to do is run an rsync overnight and copy the differences
>> between the servers, but as we're coming across these issues we're a bit
>> stuck.
>>
>> If anyone could help, or maybe suggest another way of syncing the roaming
>> profiles between the servers that would be great.
>>
>> Thanks in advance,
>>
>> Rob
>>
>>
> Hi folks,
>
> Further to Ricky's reply, I've had a look at the xattr's and acl's of the
> profiles folder after running an rsync with the -p, -A and -X switches.
>
> Checking the permissions on both servers they appear to be the same, the
> have the same owner and groups.  Having checked the acls and xattrs they
> match on both servers.
>
> I've restarted Samba on the second server after rsyncing to it and checked
> the permissions again but I'm still getting the incorrect permissions :-(
>
> I wondered if there might be anywhere I can check where the permissions
> might be stored?
>
> Ta,
>
>
> Rob
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>