[Samba] Two SMB Domain member gateways to CEPHFS

[Oskari Koivisto]

Hi, no no, Samba is NOT an AD DC.

it’s only a member in Domain and should only be used to authenticate user to the shares.

the ceph clusters are in 2 separate locations but both cluster are mainly accessed via different users and groups.

There is only few services that actually connects to both cluster.

Regards,
-Oskari

> On 30. Mar 2021, at 13.52, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
> On 30/03/2021 10:58, Oskari Koivisto wrote:
>> Hi,
>> 
>> the realm in the smb.conf defines the actual domain. And that is set with .local
>> 
>> As per samba documentation that’s the way it should be done.
> 
> 
> No, actually it isn't, the Samba wiki here:
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> 
> Explicitly says to not use '.local':
> 
> Make sure that you provision the AD using a DNS domain that will not need to be changed. Samba does not support renaming the AD DNS zone and Kerberos realm. Do not use |.local| for the TLD, this is used by Avahi.
> 
> So is your dns domain 'mict.local' and your workgroup 'MICT' ?
> 
> Note that the Samba wiki advises using a subdomain instead of a registered domain e.g. ad.mict.local
> 
> Except that you shouldn't use '.local', even Microsoft says this is a bad idea.
> 
> 
>> 
>> So the ceph is used as a backend storage for windows-hosts. Samba is the only way providing cephfs to windows-clients.
>> 
>> The shares from the samba are mapped to users as netdrives and windows permissions should be set to the shares accordingly.
> 
> 
> That should work (mapping shares, that is), it sounds like your problem is with cephs and it sounds like your cephs cluster is spread out globally, I don't think this is a good idea.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba