[Samba] Update3: easy - automated setup : Debian Wheezy withsernet samba 4.1 : sysvol replication with unison. (now with extendedattributes support )

Davor Vusir davortvusir at gmail.com
Fri Apr 4 13:34:43 MDT 2014 

On 2014-03-31 11:39, L.P.H. van Belle wrote:
> Hai Marc,
>
> No, unison itself cant replicate the extended attributes.
> But you made a point thanks for that.
>
>> Does unison replicates extended attributes? This is required.
>> I haven't
>> used unison for a long time, but when I'm right, it's not supported.
> No, standard it does not, but you can use the copyprog  copyprogrest copyquoterem to make this work with rsync.
>
>> Bi-directional syncronisation would be nice. But how does it
>> react, if a
>> file was changed on DC A and B? Is always the newer replicated?
> The latest version is replicated, based on timestamp of the file.
> But then this happend, then there is something very wrong.
>
> i've tested this, i can update gpo on server A or B, both end up the same in folders and files.
> with only the latest versions of the timestamp.
>
>
> So that said ..  ;-)  i have updated the script.
> Now its unison with rsync and the extended attributes are also copied.
>
> so now we have it...
> Bi directional sync, with rsync and unison.
> we need rsync for the directory structure to be created,
> for some reason this didnt work with the modified unison setup.
> so its a 2 setups sync, 1 rsync 2 unison.
>
> See the updated script : https://secure.bazuin.nl/scripts/3-setup-sysvol-bidirectional-BETA.sh
>
> Beta, testers are welkom.  ;-)
>
> Thank you Marc for pointing this out.
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: Marc Muehlfeld [mailto:samba at marc-muehlfeld.de]
>> Verzonden: zondag 30 maart 2014 17:49
>> Aan: L.P.H. van Belle; samba at lists.samba.org
>> Onderwerp: Re: [Samba] Update3: easy - automated setup :
>> Debian Wheezy with sernet samba 4.1 : sysvol replication with unison.
>>
>> Hello Louis,
>>
>> Am 28.03.2014 12:09, schrieb L.P.H. van Belle:
>>> Small update since i need som testers..
>>>
>>> im trying to setup bi-directional sysvol replication.
>>> Unison has this ability.
>>> http://www.cis.upenn.edu/~bcpierce/unison/
>> Does unison replicates extended attributes? This is required.
>> I haven't
>> used unison for a long time, but when I'm right, it's not supported.
>>
>> Bi-directional syncronisation would be nice. But how does it
>> react, if a
>> file was changed on DC A and B? Is always the newer replicated? Then
>> some changes may getting lost. In that case I still would suggest, the
>> editing should only be done on one DC.
>>
>>
>> Regards,
>> Marc
>>
>>

Hi Louis!

I have had a quick look at your script and may I suggest another approach.

Instead of syncing every x minutes as root, let all DCs run a script to 
check whether this particular server is the PDC Emulator or not every x 
minutes and then make a synchronizaton using rsync in the context of a 
domain user account.

The synchronization in turn is triggered by any changes made in both the 
Netlogon- and sysvol-shares (the file system). The technology used is 
'inotify'. from their webpage (http://inotify.aiken.cz/):

"inotify is an inode-based filesystem notification technology. It 
provides possibility to simply monitor various events on files in 
filesystems."

Well, the idea is pretty much stolen from 
http://www.kutukupret.com/2011/06/28/postfix-one-way-maildir-replication-backup-using-inotify-and-rsync/.

Create an account 'DOMAIN\netlogonsync'. Create a group 
'Netlogon-syncers'. Make the account member of the group.

Change the ACL for the Netlogon-share with appropriate permissions for 
the group 'Netlogon-syncers'.

The account 'DOMAIN\netlogonsync' is of course authenticated and the 
script below runs in that context.

Script outline:
$this_host = 'hostname -f'
$all_dcs = 'nslookup _tcp.ldap.tld'
$pdc_emulator = 'nslookup _tcp.pdc.tld'
$all_non_pdc = $all_dcs except $pdc_emulator except

if $this_host =$this_host == $pdc_emulator {
   rsync over smb
}

In the event of a server crash which will require a manual intervention 
with moving FSMO roles or a planned move of the PDC Emulator FSMO-role 
to another server this script will automatically continue its work.

Regards
Davor

More information about the samba mailing list