[Samba] GPO redirected folders reg path issue
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 20 15:59:53 UTC 2020
OOOEPPS.. The PTR record point to 192.168.0. not 192.168.1. ..
Adjust that in jou mind please ;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: donderdag 20 februari 2020 16:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO redirected folders reg path issue
>
>
> A setup on howto improve your samba network and simplify it.
> This is how i setup, sure looks dificult but its all about
> DNS setup and what you add to it.
>
> For AD-DC.s ( AD, TIME, NS, LDAP )
> Hostname.FQDN.TLD : max 63chars, incl the .'s allowed chars:
> a-Z 0-9 -
>
> Hostname : sam-dc1.internal.domain.tld
> IP : what you need/want. ( example 192.168.1.11 )
> PTR : 11.0.168.192.in-addr.arpa
> CNAME : dc1 ns1 ldap1 ntp1
>
> Hostname : sam-dc2.internal.domain.tld
> IP : what you need/want. ( example 192.168.1.12 )
> PTR : 12.0.168.192.in-addr.arpa
> CNAME : dc1 ns2 ldap2 ntp2
>
> For a MEMBER.
> Hostname.FQDN.TLD : max 254chars, incl the .'s allowed
> chars: a-Z 0-9 -
> Hostname : sam-mem1.internal.domain.tld
> IP : what you need/want. ( example 192.168.1.21 )
> PTR : 21.0.168.192.in-addr.arpa
> CNAME : fs1 (fileserver1)
> But also and this is just how may servers you setup.
> Think in web1 proxy1 cluster1 etc etc. these are always the ALIASES.
> And you can also say thing like this.
>
> Why.. This is all about the ability to scale you network and
> split up services over other servers IF needed.
> And if done right ,you dont have to touch any setup you only
> change a CNAME.
> Now lets say you move or setup a new webserver, all i change
> is web1.dom.tld and point that to a new server hostname.
> www.dom.tld CNAME web1.dom.tld ( which is also a CNAME to
> sam-mem1.internal.domain.tld )
>
> And yes you have to think in ahead here.
> So now for all serices configure the alias name, not the real
> hostname.
>
> Kerberos works fine as long you A and PTR are the server is set.
> Certificates, per hostname and aliases where needed or in one
> certificate or multiple.
>
> This is also why i hammer on a correct DNS setup, if its not
> correct above will most probely fail.
>
> For windows, stop using \\hostname start using
> \\hostname.internal.fqdn.tld
> Same user/profile shares use :
> \\fs1.int.dom.tld\users\%username%
> \\fs1.int.dom.tld\profiles\%username%
>
> Why not \\fs1.int.dom.tld\home\%username% or
> \\fs1.int.dom.tld\homes\%username%
> Well, one is really wrong and the other should work like
> \users\ but easy to make a mistake here.
> man smb.conf tells it all ;-)
>
> Tip for today.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Philippe LeCavalier via samba
> > Verzonden: donderdag 20 februari 2020 16:35
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] GPO redirected folders reg path issue
> >
> > On Thu, Feb 20, 2020 at 10:14 AM L.P.H. van Belle via samba <
> > samba at lists.samba.org> wrote:
> >
> > >
> > > We are not much off. But you have mixed "samba/window" and
> > > "windows/windows" settings.
> > > Samba/windows \\%logonserver%\home\%username%\desktop
> > > Windows/windows \\hostname.fqdn.tld\users\%username%\desktop
> > >
> > > Guess, which one i use. ;-)
> >
> > Okay that's good info. Keep in mind I wrote all that out purely by
> > memory so I'll repost if it differs at all from what I
> > initially wrote. But
> > otherwise, yeah that sounds like a possible fix and I would
> certainly
> > welcome that! I think what may have mislead me was the
> roaming profile
> > section of the wiki refers to the fqdn to set permissions
> > therefore in my
> > mind, the fqdn should be used for all references for config
> > that's facing
> > the windows side.
> >
> > >
> > >
> > > Now, do get where this is coming from.
> > > So use this (add CNAME for you member server ), Note, you
> > MUST setup PTR
> > > records.
> > > \\ALIAS-CNAME.fqdn.tld\users\%username%\desktop
> >
> > They have PTR records I know that for certain but I'll
> > revisit that as well
> > to be certain they reflect what you show here.
> >
> > >
> > >
> > >
> > > And offcourse this is not correct.
> > > \\%logonserver%\home\%username%\desktop.
> > >
> > > You "logon" server = the DC. Not the member.
> >
> > Yep. Agreed.
> > Phil
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list