[Samba] Keeping idmap in sync cross DC

Ian Coetzee samba at iancoetzee.za.net
Thu Nov 23 12:01:03 UTC 2017


On 22 November 2017 at 17:45, Rowland Penny <rpenny at samba.org> wrote:

> On Wed, 22 Nov 2017 16:01:17 +0200
> Ian Coetzee via samba <samba at lists.samba.org> wrote:
>
> > Hi Guys,
> >
> > I have run into a very interesting problem using GPO's on our DC's.
> >
> > As you may (or may not) know, we have migrated to a pure Samba4 (Git
> > stable branch checkout) AD network. I can't be happier. *Kudos to the
> > Samba team*
> >
> > We are running to DC's, DC1 and DC2, both full fledged DC's, both
> > running CentOS 6.9, fully up to date.
> >
> > For the sysvol partition I decided to run a glusterfs between the
> > DC's. I started out with a unison sync, but being the impatient
> > person I am, I needed more real time.
> >
> > Now my problem is with the permissions in the sysvol folder structure.
> >
>
> Sorry, but your problem is that you missed this:
>
> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_
> based_SysVol_replication_workaround#FAQ
>
> Where it quite clearly says this:
>
>      Why can't I simply use a distributed filesystem like GlusterFS,
> Lustre, etc. for SysVol?
>         A cluster file system with Samba requires CTDB to be able to do it
> safely. And CTDB and AD DC are incompatible.
>
> Rowland
>

Hi Rowland,

Yes, you are right, I completely missed that part.

I actually had the system set up using
https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround

But then I decided to become creative with a glusterfs setup.

I now have a Osync set up (much easier IMO), but the permissions are still
not quite right, bringing me back to my idmap syncing question.

Kind regards


More information about the samba mailing list