Web lists-archives.com

Re: [Samba] Keeping idmap in sync cross DC

On 22 November 2017 at 17:45, Rowland Penny <rpenny@xxxxxxxxx> wrote:

> On Wed, 22 Nov 2017 16:01:17 +0200
> Ian Coetzee via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > Hi Guys,
> >
> > I have run into a very interesting problem using GPO's on our DC's.
> >
> > As you may (or may not) know, we have migrated to a pure Samba4 (Git
> > stable branch checkout) AD network. I can't be happier. *Kudos to the
> > Samba team*
> >
> > We are running to DC's, DC1 and DC2, both full fledged DC's, both
> > running CentOS 6.9, fully up to date.
> >
> > For the sysvol partition I decided to run a glusterfs between the
> > DC's. I started out with a unison sync, but being the impatient
> > person I am, I needed more real time.
> >
> > Now my problem is with the permissions in the sysvol folder structure.
> >
> Sorry, but your problem is that you missed this:
> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_
> based_SysVol_replication_workaround#FAQ
> Where it quite clearly says this:
>      Why can't I simply use a distributed filesystem like GlusterFS,
> Lustre, etc. for SysVol?
>         A cluster file system with Samba requires CTDB to be able to do it
> safely. And CTDB and AD DC are incompatible.
> Rowland

Hi Rowland,

Yes, you are right, I completely missed that part.

I actually had the system set up using

But then I decided to become creative with a glusterfs setup.

I now have a Osync set up (much easier IMO), but the permissions are still
not quite right, bringing me back to my idmap syncing question.

Kind regards
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba