[Samba] domain-based DFS ?

Davor Vusir davortvusir at gmail.com
Mon Jun 30 11:19:19 MDT 2014 

2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
> On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
>> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
>> > On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
>> > > >> > To the [global] section on the AD DC I added
>> > > >> > host msdfs = yes <- the trick?
>> > > No, not in my oppinion.
>> > >
>> > >
>> > > These are the defaults on a DC:
>> > > samba-tool testparm -vv | grep dfs
>> > >         host msdfs = Yes
>> > >
>> > >
>> > > and member server:
>> > > testparm -vv | grep dfs
>> > >         host msdfs = No
>> > >         msdfs root = No
>> > >         msdfs proxy =
>> > >
>> >
>> > Hi it's this:
>> > host msdfs = Yes
>> > vfs objects = dfs_samba4 # plus whatever else you need
>> > msdfs root = Yes
>> >
>> > HTH
>> > Steve
>> >
>> >
>> Oh, and the root has to be on the DC:(
>>
>>
> Hi
> Nah, false alarm.
> DC:
> [global]
>         workgroup = HH3
>         realm = HH3.SITE
>         netbios name = HH16
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         host msdfs = Yes
>         vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> [dfs]
>         path = /home/dfsroot
>         read only = No
>         msdfs root = Yes
>         vfs objects = acl_xattr
>
> hh16:/home/dfsroot # ls -l
> total 0
> lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
>
> The fileserver, altea is up and we can navigate to:
> \\altea\users
>
> however:
> \\hh3.site\dfs
> and
> \\hh3.site\dfs\users
>
> Gives us the infamous '...you may not have permission to access...'
> popup.
>
Did you restart the Windows client?

> Is this the acl stuff Davor was mentioning?
> Thanks,
> Steve
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list