[Samba] several offices: home dirs, local resources, ...

cn at brain-biotech.de cn at brain-biotech.de
Tue Nov 22 19:59:15 UTC 2022

Maybe this helps?


Am 22. November 2022 20:36:04 MEZ schrieb Michael Tokarev via samba <samba at lists.samba.org>:
>22.11.2022 21:59, cn--- via samba wrote:
>> Sorry for top posting.
>That's entirely okay, thank you!
>> To say it is  try to answer your questions.
>> Why not to use a dc as file server:
>> It is slower. Because e. g. All the traffic is signed.
>> Because every DC uses its own idmap file you have to keep that in sync and use the AD idmap backend. Rid for example does not work I think.
>> The Fileserver on a DC behaves differently with regards to Administrator mappings.
>Yeah. All this seems to be irrelevant in context of a domain-level MSDFS root shares,
>which only purpose is to give connecting client a referral, - where to find the actual
>data (server/share), and clients even cache this info.
>idmap needs to be syncronized anyway, or else sysvol permissions can't be syncronized properly.
>Yes, idmap_rid doesn't work, actually whole idmap config* is ignored, winbind in ad uses
>its own way for idmapping.
>> As for the DNS:
>> It does work to use another DNS Server. However, this is a lot of manual labor and if it does not work, folks here are likely to say it is your DNS.
>The second part is very much understandable, I faced it already several times :)
>For the first, it is not difficult at all, - grabbing dns_update_cache files from
>servers (much easier when all of them are containers on the same server so directly
>accessible from the host filesystem) to a host which manages dns, and converting
>them into regular dns zone format with a trivial 3-line shell fragment, -- it is
>all set up in some 10 minutes, especially if config syncronization is already
>working between the offices.  And once any file changes, zone is regenerated
>and signed automatically, and downstream resolvers are notified and updates the
>zone content.
>> As for your roaming profile question:
>> You can specify a GPO to a site. That should help you if I understood your question right.
>Can you give an example please? I can't find a way to map home/profile path to
>a site-specific name, - be the GPO itself site-specific or not.  It smells like
>GPO can be used there, but I can't find a way to do that.
>Thank you very much Christian!
>Your reply makes me hope (just a little bit), maybe my questions aren't completely
>stupid after all.. :)

Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36
64673 Zwingenberg, Germany

T: +49 6251 9331-30
F: +49 6251 9331-11

cn at brain-biotech.com

Sitz der Gesellschaft: Zwingenberg | Bergstrasse
Registergericht AG Darmstadt | HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender) | Michael Schneiders
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list