[Samba] Re: Re: DC2 denies access when saving
L.P.H. van Belle
belle at bazuin.nl
Mon Nov 3 01:12:48 MST 2014
Hai,
Guys, some extra understanding.
>This is what I cannot really understand, why use the rsync command at
>all, as it would seem that unison uses rsync itself to do the copying,
Rsync is use-ed to create the right direcotie structure with all the needed ACL and ATTRS.
Unison cant do that ( yet ) but unison can do bidirectional sync of files.
and together you get what we need.
>OK, after reading the unison manpage several times, I think I have it,
>from /root/.unison/default.prf remove 'perms=0' and add 'owner=true' &
>'group=true' . This seems to fix the problem.
That can be but should not be needed.
remember, that i dont look het the rights on linux, and mainly because of that sysvol
is only used for windows.
So idmappping not needed, rights, copied from DC1 to DC2 may see different, but !
not in windows.
and if you want it really only for windows, and dont look to much in the underlaying linux rights.
add : acl_xattr:ignore system acl = ye
last.
I saw something with errors on DC2 about when creating etc.
where the prileges set on the second DC?
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: zondag 2 november 2014 23:01
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Re: Re: DC2 denies access
>when saving
>
>On 02/11/14 17:10, Min Wai Chan wrote:
>> Hi Rowland,
>>
>> You are correct...
>>
>> Let us ask Louis...
>>
>> Dear Louis,
>>
>> Can help us on this?
>>
>> Thank you
>>
>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
>> <rowlandpenny at googlemail.com
><mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 02/11/14 16:00, Rowland Penny wrote:
>>
>> On 02/11/14 15:29, ?icro MEGAS wrote:
>>
>> Indeed, it deleted these two mentioned directories, it
>> also tried to delete the directory
>> {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it wasn't able
>> to do so.
>>
>> I played around a bit and actually in my opinion
>> rsync+unison is *not* behaving correctly as one would
>> expect. For example: I am creating a new file or
>directory
>> on dc2:/var/lib/samba/sysvol/mydom.example.com
>> <http://mydom.example.com> called "test"
>>
>> After I run the rsync+unison command on DC1, this file or
>> directory called "test" gets deleted on DC2. That's not
>> what I would expect. What I expected is that this
>> file/directory would be copied from DC2 to DC1. The setup
>> works only in one direction at the moment, that mean when
>> I create something on DC1 it is successfully
>synced to DC2
>> but _not vice-versa_ :(
>>
>> So in my opinion there is a misconfigured rsync+unison.
>> How do we set this thing up so both directions work?
>>
>> Mirco
>>
>> You would seem to be correct, I rsync'd /var/lib/samba/sysvol
>> to /var/test/samba and I have been testing with the
>later dir.
>> I run the line from the script (modified for change of path)
>> and my test sysvol was replicated to the second DC, so far so
>> good.
>>
>> root at dc02:~# cd /var/test/samba//sysvol/example.com
>> <http://example.com>
>> root at dc02:/var/test/samba/sysvol/example.com#
>> <http://example.com#> ls -la
>> total 32
>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>
>> I then created a new directory on the second DC dc02
>>
>> root at dc02:/var/test/samba/sysvol/example.com#
>> <http://example.com#> mkdir Test
>> root at dc02:/var/test/samba/sysvol/example.com#
>> <http://example.com#> chown root:3000000 Test
>>
>> root at dc02:/var/test/samba/sysvol/example.com#
>> <http://example.com#> ls -la
>> total 40
>> drwxrwx---+ 5 root 3000000 4096 Nov 2 15:38 .
>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>> drwxrwx---+ 2 root 3000000 4096 Nov 2 15:38 Test
>>
>> I then ran the line from the script again on dc01
>>
>> root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
>> /var/test/samba/sysvol root at DC02:/var/test/samba &&
>> /usr/bin/unison
>> building file list ... done
>> sysvol/example.com/ <http://example.com/>
>> deleting sysvol/example.com/Test/ <http://example.com/Test/>
>>
>> sent 973 bytes received 15 bytes 658.67 bytes/sec
>> total size is 0 speedup is 0.00
>> Contacting server...
>> Connected [//dc01//var/test/samba -> //dc02//var/test/samba]
>> Looking for changes
>> Waiting for changes from server
>> Reconciling changes
>> Nothing to do: replicas have not changed since last sync.
>>
>> If I now check if the new directory is still there:
>>
>> root at dc02:/var/test/samba/sysvol/example.com#
>> <http://example.com#> ls -la
>> total 32
>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>
>> It has been removed and I think I understand why, rsync is
>> removing it:
>>
>> building file list ... done
>> sysvol/example.com/ <http://example.com/>
>> deleting sysvol/example.com/Test/ <http://example.com/Test/>
>>
>> So how do we stop rsync removing anything that is not on the
>> first DC ????
>>
>> Rowland
>>
>> OK, got past that problem, remove '--delete-after' from the rsync
>> command. Now for the next problem, the test dir is not deleted on
>> the second DC, but when unison syncs it to the first DC,
>it is set
>> as belonging to 'root:root' even though it belongs to
>> 'root:3000000' on the second DC.
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL
>and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>OK, after reading the unison manpage several times, I think I have it,
>from /root/.unison/default.prf remove 'perms=0' and add 'owner=true' &
>'group=true' . This seems to fix the problem.
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list