[Samba] Shares not accessible when using FQDN

Rowland Penny rpenny at samba.org
Wed Aug 30 08:06:20 UTC 2017

On Wed, 30 Aug 2017 09:35:29 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:

> Hi Rowland, 
> The reason is long to explain but shortly it was about huge amount of
> data ~20TB stored on that server with unix user ID (comming from a
> S3/LDAP setup). 
> On a DC mode it seems unix ID are in use instead of idmap id.

No, not really, it is just a different way of doing things. On a DC
idmap.ldb is used, this allocates IDs in the '3000000' range on a first
come basis, this means that users (and groups) can have different IDs
on different DCs. This can be overridden by giving users a uidNumber
attribute containing whatever ID you require, the same goes for groups,
but with gidNumber attributes.

> CNAME is in added indeed. Regarding the migration as said
> we came from S3/LDAP and go to 4.6. The entire future structure is
> not fixed yet but at this time we have a DC, a Fileserver and 3 other
> servers which should be simple fileservers (member) but currently are
> DC 

If you were only a small organisation, you could use a DC as a
fileserver, but you have to be aware of the limitations and backup
everything on a regular basis, just how regular depends on how often
you change AD, if you change it hourly, you should back it up hourly.

However you seem to have large and complex requirements, so you
should have at least two DCs with as many Unix domain members running
as fileservers as you require.

With multiple DCs, you only need to backup one DC, usually the
one holding the FSMO roles. You will only need to backup the smb.conf
from the fileservers and any data etc that they hold, you do not need
to backup any other of the Samba files. You can (and should) use the
same smb.conf on all Unix domain members, just don't set the 'netbios
name' in any of them, Samba will fill this for you.


More information about the samba mailing list