[Samba] Sysvol replication with Unison for more than 2 server.

L.P.H. van Belle belle at bazuin.nl
Tue Oct 7 07:42:17 MDT 2014

Since i dont use sysvol for anything else as sysvol/netlogon and in this case it's only access from windows computers. 
If you also use linux/mac other computers to access sysvol, than dont put acl_xattr:ignore system acl = yes on the share. 

Van: Min Wai Chan [mailto:dcmwai at gmail.com] 
Verzonden: dinsdag 7 oktober 2014 14:22
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Sysvol replication with Unison for more than 2 server.

Dear Louis, 

Need to double check with you on something.

Why we need to ignore system acl?
acl_xattr:ignore system acl = yes

Wouldn't the ACL on sysvol help us in most of the case?
When ACL removed the files and folder are with the basic Unix ACL which don't have the extended ACL...

The linux right in the backgound meant?

Thank You.

On Fri, Oct 3, 2014 at 2:45 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
Hello Min Wai,
I havent tested it with more than 2 server but in my opionion it should work if you make sure you set gpo and work on 1 machine.
for example.
You work on the sysvol of DC1 only. then you can sync to unlimited DC's.
you let DC1 do al the syncing. ( the cron job on this machine. )
With only 2 DC's you can work on both DC's, in this case sync both ways works ok, this i have tested.
to overcome some of the rights issues..
The DC's only work as DC, just sysvol as shares ( and netlogon )
The 2 DC's i've running, will be accessed only from windows computers. and i have set the following.
        path = /var/lib/samba/sysvol
        read only = No
        acl_xattr:ignore system acl = yes           <== 

If you only access the data via Samba you might set this to yes to achieve better NT ACL compatibility.
and in this case i set my rights from windows on the share, and i dont have any rights problems as far as i have seen.
The acl_xattr is not really needed, but i noticed it made it more easy to setup, since you dont have to look at the linux rights in the background.
Hope this helps you out a but.
Best regards,

Van: Min Wai Chan [mailto:dcmwai at gmail.com]
Verzonden: donderdag 2 oktober 2014 17:26
Aan: Rowland Penny; L.P.H. van Belle; samba at lists.samba.org; steve
Onderwerp: Sysvol replication with Unison for more than 2 server.

Dear Louis,

Just to check...
Would it be possible to have more than 2 DC using Unison to sync?

I was trying to make this to the samba wiki.

But when reading the list I see Rowland talking about the SID and RID issue
Because of built-in group SID is not sync across domain.

Which I think samba should have their own way of dealing this or it will just be a mess in a long run.

Did we have any trick to deal with this built-in group UID/RID temporary?

I remember saw something like io notice/fam to monitor the sysvol and trigger unison when change happen.

but I'm not sure how it would help when you have more than 3 server...

Min Wai

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list