[Samba] domain-based DFS ?

Davor Vusir davortvusir at gmail.com
Mon Jun 30 12:12:24 MDT 2014 

2014-06-30 19:48 GMT+02:00 steve <steve at steve-ss.com>:
> On Mon, 2014-06-30 at 19:19 +0200, Davor Vusir wrote:
>> 2014-06-30 17:08 GMT+02:00 steve <steve at steve-ss.com>:
>> > On Mon, 2014-06-30 at 14:57 +0200, steve wrote:
>> >> On Mon, 2014-06-30 at 14:51 +0200, steve wrote:
>> >> > On Mon, 2014-06-30 at 13:24 +0200, L.P.H. van Belle wrote:
>> >> > > >> > To the [global] section on the AD DC I added
>> >> > > >> > host msdfs = yes <- the trick?
>> >> > > No, not in my oppinion.
>> >> > >
>> >> > >
>> >> > > These are the defaults on a DC:
>> >> > > samba-tool testparm -vv | grep dfs
>> >> > >         host msdfs = Yes
>> >> > >
>> >> > >
>> >> > > and member server:
>> >> > > testparm -vv | grep dfs
>> >> > >         host msdfs = No
>> >> > >         msdfs root = No
>> >> > >         msdfs proxy =
>> >> > >
>> >> >
>> >> > Hi it's this:
>> >> > host msdfs = Yes
>> >> > vfs objects = dfs_samba4 # plus whatever else you need
>> >> > msdfs root = Yes
>> >> >
>> >> > HTH
>> >> > Steve
>> >> >
>> >> >
>> >> Oh, and the root has to be on the DC:(
>> >>
>> >>
>> > Hi
>> > Nah, false alarm.
>> > DC:
>> > [global]
>> >         workgroup = HH3
>> >         realm = HH3.SITE
>> >         netbios name = HH16
>> >         server role = active directory domain controller
>> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> > drepl, winbind, ntp_signd, kcc, dnsupdate
>> >         host msdfs = Yes
>> >         vfs objects = dfs_samba4, acl_xattr
>> >
>> > [netlogon]
>> >         path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>> >         read only = No
>> >
>> > [sysvol]
>> >         path = /usr/local/samba/var/locks/sysvol
>> >         read only = No
>> >
>> > [dfs]
>> >         path = /home/dfsroot
>> >         read only = No
>> >         msdfs root = Yes
>> >         vfs objects = acl_xattr
>> >
>> > hh16:/home/dfsroot # ls -l
>> > total 0
>> > lrwxrwxrwx 1 root root 17 Jun 30 16:45 users -> msdfs:altea\users
>> >
>> > The fileserver, altea is up and we can navigate to:
>> > \\altea\users
>> >
>> > however:
>> > \\hh3.site\dfs
>> > and
>> > \\hh3.site\dfs\users
>> >
>> > Gives us the infamous '...you may not have permission to access...'
>> > popup.
>> >
>> Did you restart the Windows client?
>
> Yes.
> \\hh16.hh3.site\dfs\users
> works fine (hh16 is the DC with the dfs root) I get a security tab and a
> DFS tab.
>
> \\hh3.site\dfs
> Nothing: access denied
>
What happens if you remove 'vfs objects = acl_xattr' from [dfs] and
restart both Samba and the client?

> \\hh3.site
> shows the dfs folder which gives me a DFS tab but no security tab.
>
> I've tried giving Administrator access to /home/dfsroot as fs level (our
> Administrator has uid:gid in AD) but still nada. I've tried giving
> Administrator access to the same using the security tab as above. Nada.
>
> Not giving up just yet.
> Any thoughts as you go through the day most welcome. I get the feeling
> that not many have been this way before.
> Cheers,
> Steve
>
>>
>> > Is this the acl stuff Davor was mentioning?
>> > Thanks,
>> > Steve
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list