[Samba] Re: Re: DC2 denies access when saving
Rowland Penny
rowlandpenny at googlemail.com
Sat Nov 8 10:01:53 MST 2014
On 08/11/14 16:50, Min Wai Chan wrote:
> Dear Louis and Rowland,
>
> I've try to do as suggested
>
> /root/.unison/default.prf
> remove
> perms=0
> add
> owner=true
> group=true
>
> But still the problem on folder removed still happen...
>
> Strange...
>
>
> On Mon, Nov 3, 2014 at 8:54 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
>
>> Hai,
>>
>> Ok, this is an option also then.
>> I'll go test this also, and if this works better, then lets adopt it.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: rowlandpenny at googlemail.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>> Verzonden: maandag 3 november 2014 12:16
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Re: Re: DC2 denies access
>>> when saving
>>>
>>> On 03/11/14 08:12, L.P.H. van Belle wrote:
>>>> Hai,
>>>>
>>>> Guys, some extra understanding.
>>>>
>>>>> This is what I cannot really understand, why use the rsync
>>> command at
>>>>> all, as it would seem that unison uses rsync itself to do
>>> the copying,
>>>> Rsync is use-ed to create the right direcotie structure with
>>> all the needed ACL and ATTRS.
>>>> Unison cant do that ( yet ) but unison can do bidirectional
>>> sync of files.
>>>> and together you get what we need.
>>>>
>>>>
>>>>> OK, after reading the unison manpage several times, I think
>>> I have it,
>>>> >from /root/.unison/default.prf remove 'perms=0' and add
>>> 'owner=true' &
>>>>> 'group=true' . This seems to fix the problem.
>>>> That can be but should not be needed.
>>>>
>>>> remember, that i dont look het the rights on linux, and
>>> mainly because of that sysvol
>>>> is only used for windows.
>>>>
>>>> So idmappping not needed, rights, copied from DC1 to DC2 may
>>> see different, but !
>>>> not in windows.
>>>>
>>>> and if you want it really only for windows, and dont look to
>>> much in the underlaying linux rights.
>>>> add : acl_xattr:ignore system acl = ye
>>>>
>>>> last.
>>>>
>>>> I saw something with errors on DC2 about when creating etc.
>>>> where the prileges set on the second DC?
>>>>
>>>>
>>>>
>>>> Louis
>>>>
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: rowlandpenny at googlemail.com
>>>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>>>> Verzonden: zondag 2 november 2014 23:01
>>>>> CC: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] Re: Re: DC2 denies access
>>>>> when saving
>>>>>
>>>>> On 02/11/14 17:10, Min Wai Chan wrote:
>>>>>> Hi Rowland,
>>>>>>
>>>>>> You are correct...
>>>>>>
>>>>>> Let us ask Louis...
>>>>>>
>>>>>> Dear Louis,
>>>>>>
>>>>>> Can help us on this?
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
>>>>>> <rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>>>>> On 02/11/14 16:00, Rowland Penny wrote:
>>>>>>
>>>>>> On 02/11/14 15:29, ?icro MEGAS wrote:
>>>>>>
>>>>>> Indeed, it deleted these two mentioned directories, it
>>>>>> also tried to delete the directory
>>>>>> {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it
>>> wasn't able
>>>>>> to do so.
>>>>>>
>>>>>> I played around a bit and actually in my opinion
>>>>>> rsync+unison is *not* behaving correctly as one would
>>>>>> expect. For example: I am creating a new file or
>>>>> directory
>>>>>> on dc2:/var/lib/samba/sysvol/mydom.example.com
>>>>>> <http://mydom.example.com> called "test"
>>>>>>
>>>>>> After I run the rsync+unison command on DC1,
>>> this file or
>>>>>> directory called "test" gets deleted on DC2.
>>> That's not
>>>>>> what I would expect. What I expected is that this
>>>>>> file/directory would be copied from DC2 to
>>> DC1. The setup
>>>>>> works only in one direction at the moment,
>>> that mean when
>>>>>> I create something on DC1 it is successfully
>>>>> synced to DC2
>>>>>> but _not vice-versa_ :(
>>>>>>
>>>>>> So in my opinion there is a misconfigured
>>> rsync+unison.
>>>>>> How do we set this thing up so both directions work?
>>>>>>
>>>>>> Mirco
>>>>>>
>>>>>> You would seem to be correct, I rsync'd
>>> /var/lib/samba/sysvol
>>>>>> to /var/test/samba and I have been testing with the
>>>>> later dir.
>>>>>> I run the line from the script (modified for
>>> change of path)
>>>>>> and my test sysvol was replicated to the second
>>> DC, so far so
>>>>>> good.
>>>>>>
>>>>>> root at dc02:~# cd /var/test/samba//sysvol/example.com
>>>>>> <http://example.com>
>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>> <http://example.com#> ls -la
>>>>>> total 32
>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>>
>>>>>> I then created a new directory on the second DC dc02
>>>>>>
>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>> <http://example.com#> mkdir Test
>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>> <http://example.com#> chown root:3000000 Test
>>>>>>
>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>> <http://example.com#> ls -la
>>>>>> total 40
>>>>>> drwxrwx---+ 5 root 3000000 4096 Nov 2 15:38 .
>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>> drwxrwx---+ 2 root 3000000 4096 Nov 2 15:38 Test
>>>>>>
>>>>>> I then ran the line from the script again on dc01
>>>>>>
>>>>>> root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
>>>>>> /var/test/samba/sysvol root at DC02:/var/test/samba &&
>>>>>> /usr/bin/unison
>>>>>> building file list ... done
>>>>>> sysvol/example.com/ <http://example.com/>
>>>>>> deleting sysvol/example.com/Test/
>>> <http://example.com/Test/>
>>>>>> sent 973 bytes received 15 bytes 658.67 bytes/sec
>>>>>> total size is 0 speedup is 0.00
>>>>>> Contacting server...
>>>>>> Connected [//dc01//var/test/samba ->
>>> //dc02//var/test/samba]
>>>>>> Looking for changes
>>>>>> Waiting for changes from server
>>>>>> Reconciling changes
>>>>>> Nothing to do: replicas have not changed since last sync.
>>>>>>
>>>>>> If I now check if the new directory is still there:
>>>>>>
>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>> <http://example.com#> ls -la
>>>>>> total 32
>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>>
>>>>>> It has been removed and I think I understand why, rsync is
>>>>>> removing it:
>>>>>>
>>>>>> building file list ... done
>>>>>> sysvol/example.com/ <http://example.com/>
>>>>>> deleting sysvol/example.com/Test/
>>> <http://example.com/Test/>
>>>>>> So how do we stop rsync removing anything that is
>>> not on the
>>>>>> first DC ????
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>> OK, got past that problem, remove '--delete-after'
>> >from the rsync
>>>>>> command. Now for the next problem, the test dir is
>>> not deleted on
>>>>>> the second DC, but when unison syncs it to the first DC,
>>>>> it is set
>>>>>> as belonging to 'root:root' even though it belongs to
>>>>>> 'root:3000000' on the second DC.
>>>>>>
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL
>>>>> and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>> OK, after reading the unison manpage several times, I think
>>> I have it,
>>>> >from /root/.unison/default.prf remove 'perms=0' and add
>>> 'owner=true' &
>>>>> 'group=true' . This seems to fix the problem.
>>>>>
>>>>> Rowland
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>> OK, I am testing on a test dir '/var/test/samba', I rsync'd
>>> /var/lib/samba/sysvol' to the test dir and then tested copying between
>>> my two DC's.
>>>
>>> My '/root/.unison/default.prf' now looks like this:
>>>
>>> # Unison preference file
>>> # Synchronization roots
>>> # This machine
>>> root = /var/test/samba
>>> # Remote machine
>>> # Note the 2 x / behind DC02, they are required
>>> root = ssh://root@DC02//var/test/samba
>>> #
>>> # Path to synchronize
>>> path = sysvol
>>> #
>>> #ignore = Path stats ## ignores /var/www/stats
>>> # copymax & maxthreads params were set to 1 for easier troubleshooting.
>>> # Have to experiment to see if they can be increased again.
>>> auto=true
>>> batch=true
>>> rsync=true
>>> maxthreads=1
>>> retry=3
>>> confirmbigdel=false
>>> servercmd=/usr/bin/unison
>>> copythreshold=0
>>> # removed --compress from following two lines, z is --compress
>>> copyprog = /usr/bin/rsync -XAavz --inplace
>>> copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
>>> copyquoterem = true
>>> copymax = 1
>>> owner=true
>>> group=true
>>>
>>> Running 'rsync -XAavz -f"+ */" -f"- *" /var/test/samba/sysvol
>>> root at DC02:/var/test/samba && /usr/bin/unison' syncs
>>> '/var/test/samba/sysvol' to the second DC.
>>>
>>> If I add another dir inside '/var/test/samba/sysvol' and run
>>> the command
>>> again, the dir is then synced to the second DC.
>>>
>>> If I add another dir inside '/var/test/samba/sysvol' on the second DC
>>> and run the command again, the dir is then synced to the first DC.
>>>
>>> I now have two identical directories, one on my first DC, the other on
>>> the second DC, if I run 'getfacl' on any of the directories or
>>> files, I
>>> get exactly the same results, all the directories & files are owned by
>>> the same user & group.
>>>
>>> This is, in my opinion, better than having files owned by different
>>> users on different DC's.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
Hi, is the folder on the second DC and when you sync from the first DC,
it is removed ?
Rowland
More information about the samba
mailing list