[Samba] domain-based DFS ?

steve steve at steve-ss.com
Mon Jun 30 08:15:25 MDT 2014 

On Mon, 2014-06-30 at 15:40 +0200, Davor Vusir wrote:
> 2014-06-30 14:57 GMT+02:00 steve <steve at steve-ss.com>:
> > On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
> >> On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
> >> > >> > To the [global] section on the AD DC I added
> >> > >> > host msdfs = yes <- the trick?
> >> > No, not in my oppinion.
> >> >
> >> >
> >> > These are the defaults on a DC:
> >> > samba-tool testparm -vv | grep dfs
> >> >         host msdfs = Yes
> >> >
> >> >
> >> > and member server:
> >> > testparm -vv | grep dfs
> >> >         host msdfs = No
> >> >         msdfs root = No
> >> >         msdfs proxy =
> >> >
> >>
> >> Hi it's this:
> >> host msdfs = Yes
> >> vfs objects = dfs_samba4 # plus whatever else you need
> >> msdfs root = Yes
> >>
> >> HTH
> >> Steve
> >>
> >>
> > Oh, and the root has to be on the DC:(
> >
> Sorry that I wasn't clearer about that.
> 
> @L.P.H van Belle:
> I'm aware of that 'host msdfs = Yes' is amongst the hidden settings in
> global section. But to host DFS it simply didn't work until I made it
> explicit.
Hi
I think that means you have to have the line:
host msdfs = Yes
in smb.conf
The hidden (default?) value you get from testparm isn't correct.
@Davor Please could you confirm that that is what you mean?

Could you also post the vfs_object lines that we should include in 1.
[global] and 2. [share]

TIA


> 
> I have two more share definitions on my AD DC, both running on RAID5,
> LVM and ext4 on top. In spite of that 'vfs object = dfs_samba4
> acl_xattr' is defined in the global section as a hidden setting, I
> could not manipulate ACLs on these share. Not until I added 'vfs
> object = acl_xattr' to the share definitions. I have not tested using
> a share on the same disk/volume that Samba is installed on.
> 
As above.
Thanks,
Steve
 
> My experience is that the settings in smb.conf work great until you
> add another share with vfs objects. They are not nullified, but rather
> seem to not extend beyond the shares defined during provision. To
> activate it you have to explicity define them in the global section.
> 
> And that is a call for following Sambas recommendation to separate the
> DC functionalty from file server functionality.
> 
> 
> Regards
> Davor

More information about the samba mailing list