[Samba] Two SMB Domain member gateways to CEPHFS

Rowland penny rpenny at samba.org
Tue Mar 30 10:52:20 UTC 2021

On 30/03/2021 10:58, Oskari Koivisto wrote:
> Hi,
> the realm in the smb.conf defines the actual domain. And that is set with .local
> As per samba documentation that’s the way it should be done.

No, actually it isn't, the Samba wiki here:


Explicitly says to not use '.local':

Make sure that you provision the AD using a DNS domain that will not 
need to be changed. Samba does not support renaming the AD DNS zone and 
Kerberos realm. Do not use |.local| for the TLD, this is used by Avahi.

So is your dns domain 'mict.local' and your workgroup 'MICT' ?

Note that the Samba wiki advises using a subdomain instead of a 
registered domain e.g. ad.mict.local

Except that you shouldn't use '.local', even Microsoft says this is a 
bad idea.

> So the ceph is used as a backend storage for windows-hosts. Samba is the only way providing cephfs to windows-clients.
> The shares from the samba are mapped to users as netdrives and windows permissions should be set to the shares accordingly.

That should work (mapping shares, that is), it sounds like your problem 
is with cephs and it sounds like your cephs cluster is spread out 
globally, I don't think this is a good idea.


More information about the samba mailing list