Web lists-archives.com

Re: [Samba] Keeping idmap in sync cross DC




On 22 November 2017 at 17:45, Rowland Penny <rpenny@xxxxxxxxx> wrote:

> On Wed, 22 Nov 2017 16:01:17 +0200
> Ian Coetzee via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hi Guys,
> >
> > I have run into a very interesting problem using GPO's on our DC's.
> >
> > As you may (or may not) know, we have migrated to a pure Samba4 (Git
> > stable branch checkout) AD network. I can't be happier. *Kudos to the
> > Samba team*
> >
> > We are running to DC's, DC1 and DC2, both full fledged DC's, both
> > running CentOS 6.9, fully up to date.
> >
> > For the sysvol partition I decided to run a glusterfs between the
> > DC's. I started out with a unison sync, but being the impatient
> > person I am, I needed more real time.
> >
> > Now my problem is with the permissions in the sysvol folder structure.
> >
>
> Sorry, but your problem is that you missed this:
>
> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_
> based_SysVol_replication_workaround#FAQ
>
> Where it quite clearly says this:
>
>      Why can't I simply use a distributed filesystem like GlusterFS,
> Lustre, etc. for SysVol?
>         A cluster file system with Samba requires CTDB to be able to do it
> safely. And CTDB and AD DC are incompatible.
>
> Rowland
>

Hi Rowland,

Yes, you are right, I completely missed that part.

I actually had the system set up using
https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround

But then I decided to become creative with a glusterfs setup.

I now have a Osync set up (much easier IMO), but the permissions are still
not quite right, bringing me back to my idmap syncing question.

Kind regards
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba