[Samba] Re: Re: DC2 denies access when saving
Rowland Penny
rowlandpenny at googlemail.com
Sat Nov 8 10:36:10 MST 2014
On 08/11/14 17:24, Min Wai Chan wrote:
> Yep...
>
> Just like the original issue report by Megas.
>
> But with your suggested changes...
>
> Which is odd...
>
> On Sun, Nov 9, 2014 at 1:01 AM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 08/11/14 16:50, Min Wai Chan wrote:
>
> Dear Louis and Rowland,
>
> I've try to do as suggested
>
> /root/.unison/default.prf
> remove
> perms=0
> add
> owner=true
> group=true
>
> But still the problem on folder removed still happen...
>
> Strange...
>
>
> On Mon, Nov 3, 2014 at 8:54 PM, L.P.H. van Belle
> <belle at bazuin.nl <mailto:belle at bazuin.nl>> wrote:
>
> Hai,
>
> Ok, this is an option also then.
> I'll go test this also, and if this works better, then
> lets adopt it.
>
> Greetz,
>
> Louis
>
>
> -----Oorspronkelijk bericht-----
> Van: rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>
> [mailto:samba-bounces at lists.samba.org
> <mailto:samba-bounces at lists.samba.org>] Namens Rowland
> Penny
> Verzonden: maandag 3 november 2014 12:16
> Aan: samba at lists.samba.org <mailto:samba at lists.samba.org>
> Onderwerp: Re: [Samba] Re: Re: DC2 denies
> access
> when saving
>
> On 03/11/14 08:12, L.P.H. van Belle wrote:
>
> Hai,
>
> Guys, some extra understanding.
>
> This is what I cannot really understand, why
> use the rsync
>
> command at
>
> all, as it would seem that unison uses rsync
> itself to do
>
> the copying,
>
> Rsync is use-ed to create the right direcotie
> structure with
>
> all the needed ACL and ATTRS.
>
> Unison cant do that ( yet ) but unison can do
> bidirectional
>
> sync of files.
>
> and together you get what we need.
>
>
> OK, after reading the unison manpage several
> times, I think
>
> I have it,
>
> >from /root/.unison/default.prf remove 'perms=0'
> and add
>
> 'owner=true' &
>
> 'group=true' . This seems to fix the problem.
>
> That can be but should not be needed.
>
> remember, that i dont look het the rights on
> linux, and
>
> mainly because of that sysvol
>
> is only used for windows.
>
> So idmappping not needed, rights, copied from DC1
> to DC2 may
>
> see different, but !
>
> not in windows.
>
> and if you want it really only for windows, and
> dont look to
>
> much in the underlaying linux rights.
>
> add : acl_xattr:ignore system acl = ye
>
> last.
>
> I saw something with errors on DC2 about when
> creating etc.
> where the prileges set on the second DC?
>
>
>
> Louis
>
>
>
> -----Oorspronkelijk bericht-----
> Van: rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>
> [mailto:samba-bounces at lists.samba.org
> <mailto:samba-bounces at lists.samba.org>] Namens
> Rowland Penny
> Verzonden: zondag 2 november 2014 23:01
> CC: samba at lists.samba.org
> <mailto:samba at lists.samba.org>
> Onderwerp: Re: [Samba] Re: Re: DC2
> denies access
> when saving
>
> On 02/11/14 17:10, Min Wai Chan wrote:
>
> Hi Rowland,
>
> You are correct...
>
> Let us ask Louis...
>
> Dear Louis,
>
> Can help us on this?
>
> Thank you
>
> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
> <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>
>
> <mailto:rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>>> wrote:
>
> On 02/11/14 16:00, Rowland Penny wrote:
>
> On 02/11/14 15:29, ?icro MEGAS
> wrote:
>
> Indeed, it deleted these two
> mentioned directories, it
> also tried to delete the
> directory
>
> {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it
>
> wasn't able
>
> to do so.
>
> I played around a bit and
> actually in my opinion
> rsync+unison is *not*
> behaving correctly as one would
> expect. For example: I am
> creating a new file or
>
> directory
>
> on
> dc2:/var/lib/samba/sysvol/mydom.example.com <http://mydom.example.com>
> <http://mydom.example.com>
> called "test"
>
> After I run the rsync+unison
> command on DC1,
>
> this file or
>
> directory called "test" gets
> deleted on DC2.
>
> That's not
>
> what I would expect. What I
> expected is that this
> file/directory would be
> copied from DC2 to
>
> DC1. The setup
>
> works only in one direction
> at the moment,
>
> that mean when
>
> I create something on DC1 it
> is successfully
>
> synced to DC2
>
> but _not vice-versa_ :(
>
> So in my opinion there is a
> misconfigured
>
> rsync+unison.
>
> How do we set this thing up
> so both directions work?
>
> Mirco
>
> You would seem to be correct, I
> rsync'd
>
> /var/lib/samba/sysvol
>
> to /var/test/samba and I have
> been testing with the
>
> later dir.
>
> I run the line from the script
> (modified for
>
> change of path)
>
> and my test sysvol was
> replicated to the second
>
> DC, so far so
>
> good.
>
> root at dc02:~# cd
> /var/test/samba//sysvol/example.com
> <http://example.com>
> <http://example.com>
>
> root at dc02:/var/test/samba/sysvol/example.com#
> <http://example.com#>
> <http://example.com#> ls -la
> total 32
> drwxrwx---+ 4 root 3000000 4096
> Aug 12 10:41 .
> drwxrwx---+ 3 root 3000000 4096
> Aug 12 10:40 ..
> drwxrwx---+ 4 root 3000000 4096
> Aug 12 10:41 Policies
> drwxrwx---+ 2 root 3000000 4096
> Aug 12 10:40 scripts
>
> I then created a new directory
> on the second DC dc02
>
>
> root at dc02:/var/test/samba/sysvol/example.com#
> <http://example.com#>
> <http://example.com#> mkdir Test
>
> root at dc02:/var/test/samba/sysvol/example.com#
> <http://example.com#>
> <http://example.com#> chown
> root:3000000 Test
>
>
> root at dc02:/var/test/samba/sysvol/example.com#
> <http://example.com#>
> <http://example.com#> ls -la
> total 40
> drwxrwx---+ 5 root 3000000 4096
> Nov 2 15:38 .
> drwxrwx---+ 3 root 3000000 4096
> Aug 12 10:40 ..
> drwxrwx---+ 4 root 3000000 4096
> Aug 12 10:41 Policies
> drwxrwx---+ 2 root 3000000 4096
> Aug 12 10:40 scripts
> drwxrwx---+ 2 root 3000000 4096
> Nov 2 15:38 Test
>
> I then ran the line from the
> script again on dc01
>
> root at dc01:~# rsync -XAavz
> --delete-after -f"+ */" -f"- *"
> /var/test/samba/sysvol
> root at DC02:/var/test/samba &&
> /usr/bin/unison
> building file list ... done
> sysvol/example.com/
> <http://example.com/> <http://example.com/>
> deleting
> sysvol/example.com/Test/
> <http://example.com/Test/>
>
> <http://example.com/Test/>
>
> sent 973 bytes received 15
> bytes 658.67 bytes/sec
> total size is 0 speedup is 0.00
> Contacting server...
> Connected [//dc01//var/test/samba ->
>
> //dc02//var/test/samba]
>
> Looking for changes
> Waiting for changes from server
> Reconciling changes
> Nothing to do: replicas have not
> changed since last sync.
>
> If I now check if the new
> directory is still there:
>
>
> root at dc02:/var/test/samba/sysvol/example.com#
> <http://example.com#>
> <http://example.com#> ls -la
> total 32
> drwxrwx---+ 4 root 3000000 4096
> Aug 12 10:41 .
> drwxrwx---+ 3 root 3000000 4096
> Aug 12 10:40 ..
> drwxrwx---+ 4 root 3000000 4096
> Aug 12 10:41 Policies
> drwxrwx---+ 2 root 3000000 4096
> Aug 12 10:40 scripts
>
> It has been removed and I think
> I understand why, rsync is
> removing it:
>
> building file list ... done
> sysvol/example.com/
> <http://example.com/> <http://example.com/>
> deleting
> sysvol/example.com/Test/
> <http://example.com/Test/>
>
> <http://example.com/Test/>
>
> So how do we stop rsync removing
> anything that is
>
> not on the
>
> first DC ????
>
> Rowland
>
> OK, got past that problem, remove
> '--delete-after'
>
> >from the rsync
>
> command. Now for the next problem,
> the test dir is
>
> not deleted on
>
> the second DC, but when unison syncs
> it to the first DC,
>
> it is set
>
> as belonging to 'root:root' even
> though it belongs to
> 'root:3000000' on the second DC.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to
> the following URL
>
> and read the
>
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
> OK, after reading the unison manpage several
> times, I think
>
> I have it,
>
> >from /root/.unison/default.prf remove 'perms=0'
> and add
>
> 'owner=true' &
>
> 'group=true' . This seems to fix the problem.
>
> Rowland
>
> --
> To unsubscribe from this list go to the
> following URL and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
> OK, I am testing on a test dir '/var/test/samba', I
> rsync'd
> /var/lib/samba/sysvol' to the test dir and then tested
> copying between
> my two DC's.
>
> My '/root/.unison/default.prf' now looks like this:
>
> # Unison preference file
> # Synchronization roots
> # This machine
> root = /var/test/samba
> # Remote machine
> # Note the 2 x / behind DC02, they are required
> root = ssh://root@DC02//var/test/samba
> #
> # Path to synchronize
> path = sysvol
> #
> #ignore = Path stats ## ignores /var/www/stats
> # copymax & maxthreads params were set to 1 for easier
> troubleshooting.
> # Have to experiment to see if they can be increased
> again.
> auto=true
> batch=true
> rsync=true
> maxthreads=1
> retry=3
> confirmbigdel=false
> servercmd=/usr/bin/unison
> copythreshold=0
> # removed --compress from following two lines, z is
> --compress
> copyprog = /usr/bin/rsync -XAavz --inplace
> copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
> copyquoterem = true
> copymax = 1
> owner=true
> group=true
>
> Running 'rsync -XAavz -f"+ */" -f"- *"
> /var/test/samba/sysvol
> root at DC02:/var/test/samba && /usr/bin/unison' syncs
> '/var/test/samba/sysvol' to the second DC.
>
> If I add another dir inside '/var/test/samba/sysvol'
> and run
> the command
> again, the dir is then synced to the second DC.
>
> If I add another dir inside '/var/test/samba/sysvol'
> on the second DC
> and run the command again, the dir is then synced to
> the first DC.
>
> I now have two identical directories, one on my first
> DC, the other on
> the second DC, if I run 'getfacl' on any of the
> directories or
> files, I
> get exactly the same results, all the directories &
> files are owned by
> the same user & group.
>
> This is, in my opinion, better than having files owned
> by different
> users on different DC's.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL
> and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> Hi, is the folder on the second DC and when you sync from the
> first DC, it is removed ?
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
I actually changed two things, the default.prf and the rsync command, I
found that with the command like this:
/usr/bin/rsync -XAavz --log-file /var/log/sysvol-sync.log --delete-after
-f"+ */" -f"- *" /var/lib/samba/sysvol root at DC2:/var/lib/samba
There was not much point in using unision, any changes made on the
second machine, were removed when the command was run, one small change
stopped it, the change was to remove '--delete-after', so the command
was now:
/usr/bin/rsync -XAavz --log-file /var/log/sysvol-sync.log -f"+ */" -f"-
*" /var/lib/samba/sysvol root at DC2:/var/lib/samba
Rowland
More information about the samba
mailing list