[Samba] AD DC and Fileserver

Tue Aug 29 19:04:14 UTC 2017

On 29/08/2017 15:39, Andrew Bartlett wrote:
> On Tue, 2017-08-29 at 08:48 -0300, Flávio Silveira wrote:
>> On 29/08/2017 01:10, Andrew Bartlett wrote:
>>> On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote:
>>>> Hi Andrew, thanks for your quick reply!
>>>>
>>>> On 28/08/2017 21:32, Andrew Bartlett wrote:
>>>>> On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote:
>>>>>> Good evening,
>>>>>>
>>>>>>       Sorry if this question is too dumb, but is it possible to
>>>>>> configure
>>>>>> an AD and Fileserver using the same Samba (or server) or they
>>>>>> need to
>>>>>> be
>>>>>> two separate thing?
>>>>> We suggest separating them, because having them on the same server
>>>>> implies you only have one AD DC, and that isn't a good idea.
>>>> Giving my first question you may know I am a novice in regards to
>>>> AD,
>>>> I've only ran Samba as workgroup and simple file server. I guess
>>>> your
>>>> suggestion applies to any network, no matter what size, right?
>>>> Because
>>>> my network doesn't have more than 30 clients.
>>> One of the reasons I suggest it is that if you ever get DB corruption,
>>> which is very rare, it doesn't tend to replicate.  It also means you
>>> can upgrade without disrupting clients.
>> Yes, I just saw one case here where the guy is trying to upgrade to
>> 4.6.7 from 4.1.7 and his db is corrupted.
>>
>>>>> Additionally, folks often wish to upgrade the AD DC on a different
>>>>> schedule to the file server.  I'm sure others will pile on with the
>>>>> other various reasons, but this is the core of it.
>>>> Makes sense to have a spare DC and/or file server, can it be a
>>>> different
>>>> VM for example?
>>> Yes, that is fine.  Naturally, a larger organisation would spread it
>>> out over more hardware, but you will know what makes sense at your
>>> scale.
>> Ok, I'm thinking on focusing on the file server for now, does that need
>> a backup server as well or just one with backups can be enough? If one
>> is not the case, here is the topology I thought:
> Most organisations your size don't go for a clustered Samba for a file
> server, as it isn't really practical.

Ok, so one it is!

>> 1x HDD holding the VMs
>> 2x HDD (RAID 1) for data
>>
>> file server 1 will use one of the data HDDs
>> file server 2 will use the other
> Do you mean AD DC 1/2?

I meant file server, but as you said above it isn't really practical indeed.

>> I don't know if I can use RAID 1 if two distinct machines will use them,
>> even though they are VMs
> I'm a long way from start of the art sysadmin, but for the kind of
> setup you are trying, RAID 1 over 2xHDDs, an LVM PV on that, then
> putting the VMs system and data partitions as logical volumes on that
> PV would do fine.  Remember, you are protecting against both logical
> and physical corruption, the logical corruption will be confined to the
> VM no matter the media, and the physical is confined (we hope) to a
> disk that dies.

Your idea makes perfect sense, thank you!

>   
>
>>>> If it matters, I will be using KVM, which seems to be as
>>>> close to a real machine as possible.
>>> That should be fine.  Just remember to keep taking backups with the
>>> samba_backup script also.
>>>
>>> Andrew Bartlett
>> Thanks for reminding me about samba_backup, does that apply for a file
>> server only as well?
> It is structured around the AD DC.  But that reminds me, I need to find
> the patches someone posted to improve it.  The fundamental task is to
> tdbbackup each tdb before the real backup.

Understood, so for a file server I should not worry about this, correct? 
Or does it work for file servers as well?

> Andrew Bartlett
>

Also, should I create a new thread? Because this one was meant to see if 
it was possible to run AD DC and file server from the same server, but 
now I have file server related questions and I don't know if I can ask 
here or on a new thread.

Off-topic: Do you still use IRC as abartlett?

Regards,
   Flavio Silveira