[Samba] SysVol questions
Sven Schwedas
sven.schwedas at tao.at
Thu May 22 08:40:25 MDT 2014
On 2014-05-22 16:25, Steve Campbell wrote:
>
> On 5/22/2014 10:13 AM, Sven Schwedas wrote:
>> On 2014-05-22 16:07, Steve Campbell wrote:
>>> Where on the system will sysvol be placed? Is it something in smb.conf
>>> that determines this?
>> It's inside /var/lib/samba. I'm not sure how you can change this
>> directory (compile-time option? There's nothing in the smb.conf).
>>
>>> We have two identical servers. Each will be a mirror of the other and
>>> I'm hoping that when one isn't available for whatever reason, the other
>>> will take over. I think I understand that everything but sysvol can be
>>> replicated, and that sysvol will need an rsync-type copy to be
>>> replicated.
>> Yes. We're using lsyncd for this.
>>
>>> These two servers will be the only servers involved in the Samba/Domain
>>> system. The impression I get, though, from most things I read is that
>>> the AD should be on another third machine.
>> Not quite. The Domain Controller_s_ shouldn't serve any other role. You
>> can (and should) have redundant DCs, but file shares etc. pp. should be
>> provided by (equally redundant) member servers (both for security
>> reasons, and because the DC code of samba has a lot of rough edges for
>> those use-cases, e.g. an incomplete winbind implementation).
> So is this to say our set up here should have a minimum of 4 servers?
Yes. It can be 4 virtual machines on two physical servers just as well,
though.
> I got the impression from the wiki instructions that I could set up shares
> and the AD stuff all on one server if I didn't have replication. Of
> course, I want replication, hence two servers.
No, putting shares on a DC is is not a good idea. As far as I know, it
doesn't even work properly, and even if it did, it's a security nightmare.
> I hope you all realize how confusing all of this is to a new Samba/AD
> guy.
Welcome to the wonderful world of Active Directory. :-)
> Samba itself isn't so bad, and I've used it for single shares, but
> throwing in that Windows AD/DC stuff makes it a hundred times more
> complicated.
>>
>>
> Thanks for the help.
>
> steve
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140522/36e255b5/attachment.pgp>
More information about the samba
mailing list