[Samba] domain-based DFS ?

Davor Vusir davortvusir at gmail.com
Mon Jun 30 11:11:25 MDT 2014


2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
> On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
>> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
>> > On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
>> > > >> > To the [global] section on the AD DC I added
>> > > >> > host msdfs = yes <- the trick?
>> > > No, not in my oppinion.
>> > >
>> > >
>> > > These are the defaults on a DC:
>> > > samba-tool testparm -vv | grep dfs
>> > >         host msdfs = Yes
>> > >
>> > >
>> > > and member server:
>> > > testparm -vv | grep dfs
>> > >         host msdfs = No
>> > >         msdfs root = No
>> > >         msdfs proxy =
>> > >
>> >
>> > Hi it's this:
>> > host msdfs = Yes
>> > vfs objects = dfs_samba4 # plus whatever else you need
>> > msdfs root = Yes
>> >
>> > HTH
>> > Steve
>> >
>> >
>> Oh, and the root has to be on the DC:(
>>
>>
> Hi
> Nah, false alarm.
> DC:
> [global]
>         workgroup = HH3
>         realm = HH3.SITE
>         netbios name = HH16
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         host msdfs = Yes
>         vfs objects = dfs_samba4, acl_xattr
This I don't have^
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> [dfs]
>         path = /home/dfsroot
>         read only = No
>         msdfs root = Yes
>         vfs objects = acl_xattr
This I don't have^

Here it gets tricky, I think. I see that you have compiled Samba. So have I.
My /usr/local resides as a directory on the root disk and /etc/fstab
has got the acl,user_xattr and barrier=1.
The directory files, that contains the links to DFS targets, is just
another directory in /data.

The question is; if /etc/fstab contains acl,user_xattr and barrier=1
for the root-partition/disk and /home is just another directory. Does
smb.conf need to include  vfs objects = acl_xattr for /home/dfs? Or
does Samba use the settings in /etc/fstab?

In my setup the directories /data/home and /data/familjen have mounted
LVM-volumes formatted with ext4. For these two directories I have to
include  vfs objects = acl_xattr (explicit setting) to be able to
manipulate ACLs. It seems that Sambas understanding (or how to put it)
of this does not "spill" over to mounted volumes.

Your [dfs] and my [files] are manually added to smb.conf. And as soon
you add a share definition, you have to add a 'explicit' setting (host
msdfs = Yes to the global section).

And it's about here I start to realize that it might not be such good
idea in the log run to create a SBS-equivalent server where both the
AD DC and file server runs simultanously.

Is this understandable?

Regards
Davor

>
> hh16:/home/dfsroot # ls -l
> total 0
> lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
>
> The fileserver, altea is up and we can navigate to:
> \\altea\users
>
> however:
> \\hh3.site\dfs
> and
> \\hh3.site\dfs\users
>
> Gives us the infamous '...you may not have permission to access...'
> popup.
>
> Is this the acl stuff Davor was mentioning?
> Thanks,
> Steve
>
>
This is my smb.conf at the AD DC:
# Global parameters
[global]
        workgroup = VUSIR
        realm = VUSIR.LOCAL
        netbios name = OSTRAAROS
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        disable spoolss = yes
        log level = 1
        host msdfs = yes
[files]
        path = /data/files
        comment = "Här finns allt!"
        read only = No
        msdfs root = yes
[home]
        path = /data/home
        comment = Homedirectories
        read only = No
        vfs objects = acl_xattr recycle
        acl_xattr:ignore system acl = yes
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:maxsize = 1073741824
        csc policy = programs
[familjen]
        path = /data/familjen
        comment = "Familjens samlade verk!"
        read only = No
        vfs objects = acl_xattr recycle
        acl_xattr:ignore system acl = yes
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:maxsize = 1073741824
        csc policy = disable
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/vusir.local/scripts
        read only = No
[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list