[Samba] GPO redirected folders reg path issue

L.P.H. van Belle belle at bazuin.nl
Thu Feb 20 15:59:53 UTC 2020 

OOOEPPS.. The PTR record point to 192.168.0.  not 192.168.1. .. 
Adjust that in jou mind please ;-) 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: donderdag 20 februari 2020 16:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO redirected folders reg path issue
> 
> 
> A setup on howto improve your samba network and simplify it. 
> This is how i setup, sure looks dificult but its all about 
> DNS setup and what you add to it. 
> 
> For AD-DC.s  ( AD, TIME, NS, LDAP )
> Hostname.FQDN.TLD : max 63chars, incl the .'s  allowed chars: 
> a-Z 0-9 - 
> 
> Hostname : sam-dc1.internal.domain.tld
> IP 	   : what you need/want. ( example 192.168.1.11 ) 
> PTR 	   : 11.0.168.192.in-addr.arpa
> CNAME    : dc1 ns1 ldap1 ntp1
> 
> Hostname : sam-dc2.internal.domain.tld
> IP 	   : what you need/want. ( example 192.168.1.12 ) 
> PTR 	   : 12.0.168.192.in-addr.arpa
> CNAME    : dc1 ns2 ldap2 ntp2
> 
> For a MEMBER. 
> Hostname.FQDN.TLD : max 254chars, incl the .'s  allowed 
> chars: a-Z 0-9 - 
> Hostname : sam-mem1.internal.domain.tld
> IP 	   : what you need/want. ( example 192.168.1.21 ) 
> PTR 	   : 21.0.168.192.in-addr.arpa
> CNAME    : fs1 (fileserver1) 
> But also and this is just how may servers you setup. 
> Think in web1 proxy1 cluster1  etc etc. these are always the ALIASES. 
> And you can also say thing like this. 
> 
> Why.. This is all about the ability to scale you network and 
> split up services over other servers IF needed. 
> And if done right ,you dont have to touch any setup you only 
> change a CNAME.
> Now lets say you move or setup a new webserver, all i change 
> is web1.dom.tld and point that to a new server hostname. 
> www.dom.tld CNAME web1.dom.tld  ( which is also a CNAME to 
> sam-mem1.internal.domain.tld ) 
> 
> And yes you have to think in ahead here. 
> So now for all serices configure the alias name, not the real 
> hostname.
> 
> Kerberos works fine as long you A and PTR are the server is set. 
> Certificates, per hostname and aliases where needed or in one 
> certificate or multiple. 
> 
> This is also why i hammer on a correct DNS setup, if its not 
> correct above will most probely fail. 
> 
> For windows, stop using \\hostname  start using 
> \\hostname.internal.fqdn.tld 
> Same user/profile shares use : 
> \\fs1.int.dom.tld\users\%username% 
> \\fs1.int.dom.tld\profiles\%username% 
> 
> Why not \\fs1.int.dom.tld\home\%username% or 
> \\fs1.int.dom.tld\homes\%username% 
> Well, one is really wrong and the other should work like 
> \users\ but easy to make a mistake here. 
> man smb.conf tells it all ;-)  
> 
> Tip for today. 
> 
> 
> Greetz, 
> 
> Louis
>  
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Philippe LeCavalier via samba
> > Verzonden: donderdag 20 februari 2020 16:35
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] GPO redirected folders reg path issue
> > 
> > On Thu, Feb 20, 2020 at 10:14 AM L.P.H. van Belle via samba <
> > samba at lists.samba.org> wrote:
> > 
> > >
> > > We are not much off. But you have mixed "samba/window" and
> > > "windows/windows" settings.
> > > Samba/windows \\%logonserver%\home\%username%\desktop
> > > Windows/windows \\hostname.fqdn.tld\users\%username%\desktop
> > >
> > > Guess, which one i use.  ;-)
> > 
> > Okay that's good info. Keep in mind I wrote all that out purely by
> > memory so I'll repost if it differs at all from what I 
> > initially wrote. But
> > otherwise, yeah that sounds like a possible fix and I would 
> certainly
> > welcome that! I think what may have mislead me was the 
> roaming profile
> > section of the wiki refers to the fqdn to set permissions 
> > therefore in my
> > mind, the fqdn should be used for all references for config 
> > that's facing
> > the windows side.
> > 
> > >
> > >
> > > Now, do get where this is coming from.
> > > So use this (add CNAME for you member server ), Note, you 
> > MUST setup PTR
> > > records.
> > > \\ALIAS-CNAME.fqdn.tld\users\%username%\desktop
> > 
> > They have PTR records I know that for certain but I'll 
> > revisit that as well
> > to be certain they reflect what you show here.
> > 
> > >
> > >
> > >
> > > And offcourse this is not correct.
> > > \\%logonserver%\home\%username%\desktop.
> > >
> > > You "logon" server = the DC. Not the member.
> > 
> > Yep. Agreed.
> > Phil
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list