[Samba] Syncing Sysvol

Joachim Lindenberg samba at lindenberg.one
Wed Jul 17 05:20:53 UTC 2019 

Listening to notifications can only complement another mechanism (and then reduce latency) as otherwise you are going to loose changes during downtimes.
Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jonathon Reinhart via samba
Gesendet: Tuesday, 16 July 2019 22:22
An: Rowland penny <rpenny at samba.org>
Cc: sambalist <samba at lists.samba.org>
Betreff: Re: [Samba] Syncing Sysvol

On Tue, Jul 16, 2019 at 12:32 PM Rowland penny via samba <samba at lists.samba.org> wrote:
>
> On 16/07/2019 16:40, Jonathon Reinhart wrote:
> > On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba 
> > <samba at lists.samba.org> wrote:
> >> On 16/07/2019 14:16, Jonathon Reinhart wrote:
> >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba 
> >>> <samba at lists.samba.org> wrote:
> >>>> On 16/07/2019 14:02, Jonathon Reinhart wrote:
> >>>>> Rowland,
> >>>>>
> >>>>> You could go another step further and run that with "notify" to 
> >>>>> monitor for changes, instead of having to run it in a cron job. 
> >>>>> In my experience, "notify" works using smbclient, but not so 
> >>>>> with libsmbclient.
> >>>> Problem is, the script is written to be run on DC's that do not 
> >>>> hold the PDC Emulator FSMO role, so it would have to be re-written.
> >>> Why does the PDC emulator role matter? All non-PDC-emulators could 
> >>> simply watch for changes on the PDC Emulator, right? Am I missing 
> >>> something?
> >> It doesn't really matter, but it is probably best practise to only 
> >> carry out GPO operations on one DC and the PDC Emulator DC is 
> >> probably the best one to use.
> > Absolutely, all of my plans and scripts assume this. I also enforce 
> > it by marking Sysvol and netlogon as "read only = yes" on 
> > non-PDC-Emulators.
> >
> >>   From my knowledge, inotify only works on the computer it is 
> >> installed on, so how do you suggest that inotify could watch for 
> >> something happening on another computer ?
> > I'm not referring to inotify; I'm talking about the smbcient "notify"
> > command, or libsmbclient smbc_notify() API.
>
> I don't think this does what you think, from 'man smbclient':
>
>         notify <dir name>
>             Query a directory for change notifications. This command 
> issues a
>             recursive filechangenotify call for all possible changes. As
>             changes come in will print one line per change. See
>             https://msdn.microsoft.com/en-us/library/dn392331.aspx for a
>             description of the action numbers that this command prints.
>
>             This command never ends, it waits for event indefinitely.
>
> So I think for this to work, you would have to keep a connection open 
> to sysvol on the PDC Emulator at all times. I have never used 
> 'notify', so I am guessing here, the above seems to be the total of 
> the documentation available.

That's exactly what I'm proposing. Instead of running a cron job, you'd run this script like a daemon. It would continuously read the output of a "smbclient -c '... notify ...'" process, and when it is notified of a change, then you would sync that changed file.

>
> It could just be the most underused part of Samba ;-)

If you look back at my reply to Joachim's original post, you'll see that this is what I was suggesting; except I wanted to implement it in Python using libsmbclient, rather than in a shell script:

https://lists.samba.org/archive/samba/2019-July/224347.html


>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list