[Samba] domain-based DFS ?

steve steve at steve-ss.com
Mon Jun 30 11:48:40 MDT 2014


On Mon, 2014-06-30 at 19:19 +0200, Davor Vusir wrote:
> 2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
> > On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
> >> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
> >> > On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
> >> > > >> > To the [global] section on the AD DC I added
> >> > > >> > host msdfs = yes <- the trick?
> >> > > No, not in my oppinion.
> >> > >
> >> > >
> >> > > These are the defaults on a DC:
> >> > > samba-tool testparm -vv | grep dfs
> >> > >         host msdfs = Yes
> >> > >
> >> > >
> >> > > and member server:
> >> > > testparm -vv | grep dfs
> >> > >         host msdfs = No
> >> > >         msdfs root = No
> >> > >         msdfs proxy =
> >> > >
> >> >
> >> > Hi it's this:
> >> > host msdfs = Yes
> >> > vfs objects = dfs_samba4 # plus whatever else you need
> >> > msdfs root = Yes
> >> >
> >> > HTH
> >> > Steve
> >> >
> >> >
> >> Oh, and the root has to be on the DC:(
> >>
> >>
> > Hi
> > Nah, false alarm.
> > DC:
> > [global]
> >         workgroup = HH3
> >         realm = HH3.SITE
> >         netbios name = HH16
> >         server role = active directory domain controller
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbind, ntp_signd, kcc, dnsupdate
> >         host msdfs = Yes
> >         vfs objects = dfs_samba4, acl_xattr
> >
> > [netlogon]
> >         path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /usr/local/samba/var/locks/sysvol
> >         read only = No
> >
> > [dfs]
> >         path = /home/dfsroot
> >         read only = No
> >         msdfs root = Yes
> >         vfs objects = acl_xattr
> >
> > hh16:/home/dfsroot # ls -l
> > total 0
> > lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
> >
> > The fileserver, altea is up and we can navigate to:
> > \\altea\users
> >
> > however:
> > \\hh3.site\dfs
> > and
> > \\hh3.site\dfs\users
> >
> > Gives us the infamous '...you may not have permission to access...'
> > popup.
> >
> Did you restart the Windows client?

Yes.
\\hh16.hh3.site\dfs\users
works fine (hh16 is the DC with the dfs root) I get a security tab and a
DFS tab. 

\\hh3.site\dfs
Nothing: access denied

\\hh3.site
shows the dfs folder which gives me a DFS tab but no security tab.

I've tried giving Administrator access to /home/dfsroot as fs level (our
Administrator has uid:gid in AD) but still nada. I've tried giving
Administrator access to the same using the security tab as above. Nada.

Not giving up just yet.
Any thoughts as you go through the day most welcome. I get the feeling
that not many have been this way before.
Cheers,
Steve

> 
> > Is this the acl stuff Davor was mentioning?
> > Thanks,
> > Steve
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list