[Samba] MSDFS on [homes] share for two samba servers
Michal Bruncko
we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
am trying to configure homedirectories for all of staff in this way:
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
to locate homedirs:
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality
fine, thats are requirements. So I have decided to use MSDFS in
combination with [homes] in this way:
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server B.
this is nice theory. but in practicle, is this feasible with current
version of samba 3.x?
What is the best practicles for cases like this mine? Is there any way
for dispatching homedirs to two/more servers?
thanks
michal
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Daniel Müller
just use a cluster file system or ex:
your host A has all the homes/shares of your users. Make it a host
msdfs=yes and define a root dfs on it for all share that should be unique
on both hosts.
Host B is linked by msdfs proxy=\\hostA\share-on-A.
That should do
Good luck
Daniel
Jonathan Buzzard
On Wed, 2012-01-11 at 19:28 +0100, Michal Bruncko wrote:
> Hello list,
>
> we have two samba servers on two localities with bigger distance between
> them. On both localities there are organizational staff working. And I
> am trying to configure homedirectories for all of staff in this way:
> - all users will have same beginning part of URL path where is their
> homedir located (i.e. \\files.example.com\loginname) for unification and
> central acces
> - but because the lower speed link between both localities there is need
> to locate homedirs:
> -- for locality A - on server A on that locality
> -- for locality B - on server B on that locality
>
> fine, thats are requirements. So I have decided to use MSDFS in
> combination with [homes] in this way:
> - on server A (which will acts as "files.example.com") there will be
> homedirs MSDFS links for users on locality B pointed to their real
> homedirs on server B (with classic symlink syntax "user_on_locality_B"
> -> "msdfs:IP_of_server_B\user_on_locality_B" )
> So if user Bob from locality B will access its homedir, it will be
> transparently redirected from Server A to its homedir on closest server B.
>
[homes] share on server A cannot serve up both home directory shares to
local users and do MSDFS redirection for none local users at the same
time.
The best way I know of is for their to be a third server say
homes.example.com that does MSDFS redirection for all users. It is not
doing much so a light weight virtual machine will do the job. That does
work and has been for a number of years now.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Michal Bruncko
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
You know, people are lazy and they will not be using longer path if the
know simplest one to their homedirs (we are not using this samba server
as domain controller (although it is so configured for this purpose) -
so there are not folder redirection nor policy using).
thanks
michal
Michal Bruncko
also thanks for your answer. Your second hint with msfds proxy: it can
be applied also for homedirectories/homes shares? Because it seems like
just whole share redirect (directly from configuration file) to another
server/share.
I think that maybe this can be applied on virtual server, but this
statements need to be added for everyone user in organization... so it
is little more laborious, but in result we can use the most simple url
for every user in form \\virtual.filesrv\user. And in configuration
there should be:
[user_on_B]
msdfs proxy=\\hostB\share-on-B
or
[user_on_A]
msdfs proxy=\\hostA\share-on-A
it is correct understanding of msdfs proxy?
thanks
michal
thanks
michal
Jonathan Buzzard
On Sun, 2012-01-15 at 12:35 +0100, Michal Bruncko wrote:
> Hello Jonathan,
>
> thank you for answer. You have right, that is good idea with making
> standalone (virtual) redirection server for all people. But here is
> another question: it is possible creates this redirection shares on that
> virtual server with the most simple path like \\virtual.filesrv\user ?
> Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
>
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.
I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.
The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.
Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.
Daniel Müller
Msdfs root and host msdfs and msdfs proxy are the things you need.
You have a server let's call A.
A is your redirection server to any share on other servers.
You need in you smb.conf ex:
[global]
host msdfs=yes
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
[docs]
Msdfs root=yes
Msdfs proxy= \serveronwhichyourdocsare\docs
The shares on the servers to which the users are redirected are quiet normal
shares
Ex:
[homes]
comment=homeshares %U
path= /yourpath/tohomeshares/%U
valid users=%S
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] Im
Auftrag von Jonathan Buzzard
Gesendet: Montag, 16. Januar 2012 15:50
An: sa...@lists.samba.org
Betreff: Re: [Samba] MSDFS on [homes] share for two samba servers
David Roid
server is the preferred one (by locality), in a programmatic way?
Cheers
-David
2012/1/17 Daniel Müller <mue...@tropenklinik.de>
Daniel Müller
If you live with samba you will have one PDC I think and all other servers are part of your domain.
So the users and groups are all the same in your domain and servers.
So if you logon to your PDC you will have your [homes] ex.:
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
And a netlogon script under your [netlogon]
Will do the rest.
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
Jonathan Buzzard
On Tue, 2012-01-17 at 08:27 +0100, Daniel Müller wrote:
> THis is what is working:
>
> Msdfs root and host msdfs and msdfs proxy are the things you need.
> You have a server let's call A.
> A is your redirection server to any share on other servers.
>
> You need in you smb.conf ex:
> [global]
>
> host msdfs=yes
>
> [homes]
> Msfds root=yes
> Msdfs proxy= \serveronwhichyourhomesharesare\homes
>
That is not going to work for the requested setup as the server on which
homes share resides is different for different users. For example users
tom and dick could be on servera while user harry could be on serverb.
This setup would proxy all the homes shares to one server.
Jonathan Buzzard
On Tue, 2012-01-17 at 09:32 +0100, Daniel Müller wrote:
> What do you mean with "preferred one".
> If you live with samba you will have one PDC I think and all other servers are part of your domain.
> So the users and groups are all the same in your domain and servers.
> So if you logon to your PDC you will have your [homes] ex.:
> [homes]
> Msfds root=yes
> Msdfs proxy= \serveronwhichyourhomesharesare\homes
>
> And a netlogon script under your [netlogon]
> Will do the rest.
>
You are presuming the presence of a PDC and that all machines are PDC
joined.
The way I read it is that the OP wants to be able to tell all his users
to go to say \\homes.mycorp.com\homes and then depending on where their
normal work location is have them map their home drive from a server at
the local site, no PDC or AD involved.
If you have a PDC it would be simpler to just set the home directory for
each user to the correct server and forget about DFS and netlogon
scripts.
Michal Bruncko
samba server as Domain controller for user domain autentification i.e.
into workstations.
That server is just standalone file server with user level
autentification... of course, if user have same credentials to its
personal computer like credentials to file server, autentication will be
transpared, but thats all - any login scripts, any drive mapping
(right.. this feature should solved my problem if I will use it, but...).
So I just looking for solution of mapping user home directories from ONE
unifed URL to real location (on second or third server) based on user
location information (from db/manual).
thanks for responses
michal
On 17. 1. 2012 12:42, Jonathan Buzzard wrote:
>
> On Tue, 2012-01-17 at 09:32 +0100, Daniel Müller wrote:
>> What do you mean with "preferred one".
>> If you live with samba you will have one PDC I think and all other servers are part of your domain.
>> So the users and groups are all the same in your domain and servers.
>> So if you logon to your PDC you will have your [homes] ex.:
>> [homes]
>> Msfds root=yes
>> Msdfs proxy= \serveronwhichyourhomesharesare\homes
>>
>> And a netlogon script under your [netlogon]
>> Will do the rest.
>>
>
> You are presuming the presence of a PDC and that all machines are PDC
> joined.
>
> The way I read it is that the OP wants to be able to tell all his users
> to go to say \\homes.mycorp.com\homes and then depending on where their
> normal work location is have them map their home drive from a server at
> the local site, no PDC or AD involved.
>
> If you have a PDC it would be simpler to just set the home directory for
> each user to the correct server and forget about DFS and netlogon
> scripts.
>
> JAB.
>
--
Michal Bruncko
just two additional questions:
- which way pass data flow between user and MSDFS redirected share
(i.e. MSDFS from virtualserver\share -> anotherserver\share)? The data
will flow directly between source (user) and real destination? Or MSDFS
is just simple redirect so flow will goes in this path: client - MSDFS
share on virtualserver - real share on anotherserver?
- second question: it is possible to use variable substitutions (i.e.
like %U) directly in section name like [%U]? Is this possible?
ps: probably I will look (due to simplicity:)) on option with explicit
share name for every users. This organization have 50+ staffs so it is
not soo complicated for realisation.
Thanks
michal