[Samba] domain-based DFS ?
Davor Vusir
davortvusir at gmail.com
Mon Jun 30 11:11:25 MDT 2014
2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
> On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
>> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
>> > On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
>> > > >> > To the [global] section on the AD DC I added
>> > > >> > host msdfs = yes <- the trick?
>> > > No, not in my oppinion.
>> > >
>> > >
>> > > These are the defaults on a DC:
>> > > samba-tool testparm -vv | grep dfs
>> > > host msdfs = Yes
>> > >
>> > >
>> > > and member server:
>> > > testparm -vv | grep dfs
>> > > host msdfs = No
>> > > msdfs root = No
>> > > msdfs proxy =
>> > >
>> >
>> > Hi it's this:
>> > host msdfs = Yes
>> > vfs objects = dfs_samba4 # plus whatever else you need
>> > msdfs root = Yes
>> >
>> > HTH
>> > Steve
>> >
>> >
>> Oh, and the root has to be on the DC:(
>>
>>
> Hi
> Nah, false alarm.
> DC:
> [global]
> workgroup = HH3
> realm = HH3.SITE
> netbios name = HH16
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> host msdfs = Yes
> vfs objects = dfs_samba4, acl_xattr
This I don't have^
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [dfs]
> path = /home/dfsroot
> read only = No
> msdfs root = Yes
> vfs objects = acl_xattr
This I don't have^
Here it gets tricky, I think. I see that you have compiled Samba. So have I.
My /usr/local resides as a directory on the root disk and /etc/fstab
has got the acl,user_xattr and barrier=1.
The directory files, that contains the links to DFS targets, is just
another directory in /data.
The question is; if /etc/fstab contains acl,user_xattr and barrier=1
for the root-partition/disk and /home is just another directory. Does
smb.conf need to include vfs objects = acl_xattr for /home/dfs? Or
does Samba use the settings in /etc/fstab?
In my setup the directories /data/home and /data/familjen have mounted
LVM-volumes formatted with ext4. For these two directories I have to
include vfs objects = acl_xattr (explicit setting) to be able to
manipulate ACLs. It seems that Sambas understanding (or how to put it)
of this does not "spill" over to mounted volumes.
Your [dfs] and my [files] are manually added to smb.conf. And as soon
you add a share definition, you have to add a 'explicit' setting (host
msdfs = Yes to the global section).
And it's about here I start to realize that it might not be such good
idea in the log run to create a SBS-equivalent server where both the
AD DC and file server runs simultanously.
Is this understandable?
Regards
Davor
>
> hh16:/home/dfsroot # ls -l
> total 0
> lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
>
> The fileserver, altea is up and we can navigate to:
> \\altea\users
>
> however:
> \\hh3.site\dfs
> and
> \\hh3.site\dfs\users
>
> Gives us the infamous '...you may not have permission to access...'
> popup.
>
> Is this the acl stuff Davor was mentioning?
> Thanks,
> Steve
>
>
This is my smb.conf at the AD DC:
# Global parameters
[global]
workgroup = VUSIR
realm = VUSIR.LOCAL
netbios name = OSTRAAROS
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
disable spoolss = yes
log level = 1
host msdfs = yes
[files]
path = /data/files
comment = "Här finns allt!"
read only = No
msdfs root = yes
[home]
path = /data/home
comment = Homedirectories
read only = No
vfs objects = acl_xattr recycle
acl_xattr:ignore system acl = yes
recycle:keeptree = yes
recycle:versions = yes
recycle:maxsize = 1073741824
csc policy = programs
[familjen]
path = /data/familjen
comment = "Familjens samlade verk!"
read only = No
vfs objects = acl_xattr recycle
acl_xattr:ignore system acl = yes
recycle:keeptree = yes
recycle:versions = yes
recycle:maxsize = 1073741824
csc policy = disable
[netlogon]
path = /usr/local/samba/var/locks/sysvol/vusir.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list