Web lists-archives.com

Re: [Samba] AD DC and Fileserver




On Tue, 2017-08-29 at 08:48 -0300, Flávio Silveira wrote:
> 
> On 29/08/2017 01:10, Andrew Bartlett wrote:
> > On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote:
> > > Hi Andrew, thanks for your quick reply!
> > > 
> > > On 28/08/2017 21:32, Andrew Bartlett wrote:
> > > > On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote:
> > > > > Good evening,
> > > > > 
> > > > >      Sorry if this question is too dumb, but is it possible to
> > > > > configure
> > > > > an AD and Fileserver using the same Samba (or server) or they
> > > > > need to
> > > > > be
> > > > > two separate thing?
> > > > 
> > > > We suggest separating them, because having them on the same server
> > > > implies you only have one AD DC, and that isn't a good idea.
> > > 
> > > Giving my first question you may know I am a novice in regards to
> > > AD,
> > > I've only ran Samba as workgroup and simple file server. I guess
> > > your
> > > suggestion applies to any network, no matter what size, right?
> > > Because
> > > my network doesn't have more than 30 clients.
> > 
> > One of the reasons I suggest it is that if you ever get DB corruption,
> > which is very rare, it doesn't tend to replicate.  It also means you
> > can upgrade without disrupting clients.
> 
> Yes, I just saw one case here where the guy is trying to upgrade to 
> 4.6.7 from 4.1.7 and his db is corrupted.
> 
> > > > Additionally, folks often wish to upgrade the AD DC on a different
> > > > schedule to the file server.  I'm sure others will pile on with the
> > > > other various reasons, but this is the core of it.
> > > 
> > > Makes sense to have a spare DC and/or file server, can it be a
> > > different
> > > VM for example?
> > 
> > Yes, that is fine.  Naturally, a larger organisation would spread it
> > out over more hardware, but you will know what makes sense at your
> > scale.
> 
> Ok, I'm thinking on focusing on the file server for now, does that need 
> a backup server as well or just one with backups can be enough? If one 
> is not the case, here is the topology I thought:

Most organisations your size don't go for a clustered Samba for a file
server, as it isn't really practical.  

> 1x HDD holding the VMs
> 2x HDD (RAID 1) for data
> 
> file server 1 will use one of the data HDDs
> file server 2 will use the other

Do you mean AD DC 1/2?

> I don't know if I can use RAID 1 if two distinct machines will use them, 
> even though they are VMs

I'm a long way from start of the art sysadmin, but for the kind of
setup you are trying, RAID 1 over 2xHDDs, an LVM PV on that, then
putting the VMs system and data partitions as logical volumes on that
PV would do fine.  Remember, you are protecting against both logical
and physical corruption, the logical corruption will be confined to the
VM no matter the media, and the physical is confined (we hope) to a
disk that dies. 

> > > If it matters, I will be using KVM, which seems to be as
> > > close to a real machine as possible.
> > 
> > That should be fine.  Just remember to keep taking backups with the
> > samba_backup script also.
> > 
> > Andrew Bartlett
> 
> Thanks for reminding me about samba_backup, does that apply for a file 
> server only as well?

It is structured around the AD DC.  But that reminds me, I need to find
the patches someone posted to improve it.  The fundamental task is to
tdbbackup each tdb before the real backup.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba