[Samba] GPO redirected folders reg path issue
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 20 15:55:30 UTC 2020
A setup on howto improve your samba network and simplify it.
This is how i setup, sure looks dificult but its all about DNS setup and what you add to it.
For AD-DC.s ( AD, TIME, NS, LDAP )
Hostname.FQDN.TLD : max 63chars, incl the .'s allowed chars: a-Z 0-9 -
Hostname : sam-dc1.internal.domain.tld
IP : what you need/want. ( example 192.168.1.11 )
PTR : 18.104.22.168.in-addr.arpa
CNAME : dc1 ns1 ldap1 ntp1
Hostname : sam-dc2.internal.domain.tld
IP : what you need/want. ( example 192.168.1.12 )
PTR : 22.214.171.124.in-addr.arpa
CNAME : dc1 ns2 ldap2 ntp2
For a MEMBER.
Hostname.FQDN.TLD : max 254chars, incl the .'s allowed chars: a-Z 0-9 -
Hostname : sam-mem1.internal.domain.tld
IP : what you need/want. ( example 192.168.1.21 )
PTR : 126.96.36.199.in-addr.arpa
CNAME : fs1 (fileserver1)
But also and this is just how may servers you setup.
Think in web1 proxy1 cluster1 etc etc. these are always the ALIASES.
And you can also say thing like this.
Why.. This is all about the ability to scale you network and split up services over other servers IF needed.
And if done right ,you dont have to touch any setup you only change a CNAME.
Now lets say you move or setup a new webserver, all i change is web1.dom.tld and point that to a new server hostname.
www.dom.tld CNAME web1.dom.tld ( which is also a CNAME to sam-mem1.internal.domain.tld )
And yes you have to think in ahead here.
So now for all serices configure the alias name, not the real hostname.
Kerberos works fine as long you A and PTR are the server is set.
Certificates, per hostname and aliases where needed or in one certificate or multiple.
This is also why i hammer on a correct DNS setup, if its not correct above will most probely fail.
For windows, stop using \\hostname start using \\hostname.internal.fqdn.tld
Same user/profile shares use :
Why not \\fs1.int.dom.tld\home\%username% or \\fs1.int.dom.tld\homes\%username%
Well, one is really wrong and the other should work like \users\ but easy to make a mistake here.
man smb.conf tells it all ;-)
Tip for today.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Philippe LeCavalier via samba
> Verzonden: donderdag 20 februari 2020 16:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO redirected folders reg path issue
> On Thu, Feb 20, 2020 at 10:14 AM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
> > We are not much off. But you have mixed "samba/window" and
> > "windows/windows" settings.
> > Samba/windows \\%logonserver%\home\%username%\desktop
> > Windows/windows \\hostname.fqdn.tld\users\%username%\desktop
> > Guess, which one i use. ;-)
> Okay that's good info. Keep in mind I wrote all that out purely by
> memory so I'll repost if it differs at all from what I
> initially wrote. But
> otherwise, yeah that sounds like a possible fix and I would certainly
> welcome that! I think what may have mislead me was the roaming profile
> section of the wiki refers to the fqdn to set permissions
> therefore in my
> mind, the fqdn should be used for all references for config
> that's facing
> the windows side.
> > Now, do get where this is coming from.
> > So use this (add CNAME for you member server ), Note, you
> MUST setup PTR
> > records.
> > \\ALIAS-CNAME.fqdn.tld\users\%username%\desktop
> They have PTR records I know that for certain but I'll
> revisit that as well
> to be certain they reflect what you show here.
> > And offcourse this is not correct.
> > \\%logonserver%\home\%username%\desktop.
> > You "logon" server = the DC. Not the member.
> Yep. Agreed.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba