Hi there, ? As suggested on the samba wiki, I like to report failures using samba4. ? Story: I had setup a general Office environment using samba4 (2 servers) with AD intergrated DNS (samba internal), Zarafa mail server (Prof.), ISC dhcp with split-scope and file shares (users, profiles, data and application) for a test-case environment.? Plan was to deploy this setup for a customer? (small 25 Windows 7 PC accouting office). Backup was planned with Bacula.? The tests went well as long as the shares were on the DC's (for NTFS rights).? The customer needed 2 windows servers for specific windows Application for book keeping. Next we needed a solution for home-workers to control their PC, remotely. I implemented Guacamole a HTML5 to RDP gateway. I have added yubikey integration for security (not samba related but the AD was used for the Yubikey id storage. ? I've done the migration of a Windows SBS 2008 server to the setup above (VMware virtual platform).? After we went to production we had a lot of failures regarding shares that were lost on clients (random clients, others had no problems). As several windows app cannot handle this 'feature'? lots of crashes and corrupted data. ? At first we blamed the network as i appeared to be crappy before, so we replaceit, next we blamed the NAS/SAN storage as we saw in vmware datastores disapearing....? This was solve by rebooting a Thecus NAS (N5550), the OpenFiler (DELL 2950) was running for years OK so this was fine. But we replaced the Storage-network components (cables switch) to be sure. ? We had to step away from guacamole for stability (lost connections and slow performance), not Samba4 related I think, and use MS rdp gateway server. ? Now after 2 months we see 2 problems arise regularly: - clients still losing shares and applications that cannot handle this make people anoying. - Samba4 intergrated DNS is having problems using forwarders (Google's 8.8.8.8), as 'internet' is sometimes not working. I have added a Windows 2008 DC with DNS to solve the forwarding issue's but hope samba4 can solve this issue..... ? I hope to bring this project to a good ending, and hope someone can shine some light on my misconfiguration as I'm on a point to switch back the shares to windows servers for stability... ? So far i'm positive on the samba4 AD implementation, the filesharing was always great but needs some improvement now. Maybe I need to do the BIND9_DLZ DNS stuff..... ? If someone is willing to help me out here it would be welcome, otherwise keep up the good work! ? T.Duis t.duis at e-genius.nl ? - The Netherlands - ? De inhoud van dit bericht is alleen bestemd voor de geadresseerde en kan vertrouwelijke of persoonlijke informatie bevatten. Als u dit bericht onbedoeld heeft ontvangen verzoeken wij u het te vernietigen en de afzender te informeren. Het is niet toegestaan om een bericht dat niet voor u bestemd is te vermenigvuldigen dan wel te verspreiden. Aan dit bericht inclusief de bijlagen kunnen geen rechten ontleend worden, tenzij schriftelijk anders wordt overeengekomen. E-genius aanvaardt geen enkele aansprakelijkheid voor schade en/of kosten die voortvloeien uit onvolledige en/of foutieve informatie in e-mailberichten.
Hi Twan, Just a short reply, there are much more knowledgeable people here, who I'm sure will have many great tips for you, but...: On 1/25/2015 22:59, Twan Duis wrote:> I had setup a general Office environment using samba4 (2 servers) > with AD intergrated DNS (samba internal), Zarafa mail server (Prof.), > ISC dhcp with split-scope and file shares (users, profiles, data and > application) for a test-case environment. Plan was to deploy this > setup for a customer (small 25 Windows 7 PC accouting office). > Backup was planned with Bacula. The tests went well as long as the > shares were on the DC's (for NTFS rights). The customer needed 2As far as I understand things, it's not recommended to put your shares on the DC's. We have separated the DC's (using kvm) from the fileservers, and do not experience any of the issues you describe. Hopefully someone else will be able to help out more. (but I guess they'll need more specifics about your setup, samba version, os, sssd/winbind, etc, etc) I hope you'll be able to resolve the issues you have. MJ
On 25/01/15 21:59, Twan Duis wrote:> Hi there, > > > As suggested on the samba wiki, I like to report failures using samba4. > > > Story: > > I had setup a general Office environment using samba4 (2 servers) with AD intergrated DNS (samba internal), Zarafa mail server (Prof.), ISC dhcp with split-scope and file shares (users, profiles, data and application) for a test-case environment. Plan was to deploy this setup for a customer (small 25 Windows 7 PC accouting office). Backup was planned with Bacula. The tests went well as long as the shares were on the DC's (for NTFS rights). The customer needed 2 windows servers for specific windows Application for book keeping. > > Next we needed a solution for home-workers to control their PC, remotely. I implemented Guacamole a HTML5 to RDP gateway. I have added yubikey integration for security (not samba related but the AD was used for the Yubikey id storage. > > > I've done the migration of a Windows SBS 2008 server to the setup above (VMware virtual platform). After we went to production we had a lot of failures regarding shares that were lost on clients (random clients, others had no problems). As several windows app cannot handle this 'feature' lots of crashes and corrupted data. > > > At first we blamed the network as i appeared to be crappy before, so we replaceit, next we blamed the NAS/SAN storage as we saw in vmware datastores disapearing.... This was solve by rebooting a Thecus NAS (N5550), the OpenFiler (DELL 2950) was running for years OK so this was fine. But we replaced the Storage-network components (cables switch) to be sure. > > > We had to step away from guacamole for stability (lost connections and slow performance), not Samba4 related I think, and use MS rdp gateway server. > > > Now after 2 months we see 2 problems arise regularly: > > - clients still losing shares and applications that cannot handle this make people anoying. > > - Samba4 intergrated DNS is having problems using forwarders (Google's 8.8.8.8), as 'internet' is sometimes not working. I have added a Windows 2008 DC with DNS to solve the forwarding issue's but hope samba4 can solve this issue..... > > > I hope to bring this project to a good ending, and hope someone can shine some light on my misconfiguration as I'm on a point to switch back the shares to windows servers for stability... > > > So far i'm positive on the samba4 AD implementation, the filesharing was always great but needs some improvement now. Maybe I need to do the BIND9_DLZ DNS stuff..... > > > If someone is willing to help me out here it would be welcome, otherwise keep up the good work! > > > >What OS ? What version of Samba4 ? Where did you get samba4 from, OS package, Sernet or self compiled ? How did you provision Samba 4 ? How have you set dhcp up ? Please post the smb.conf from the two DC's Rowland
i have about the same running here. .. 2 dcs. but shares on a member server, zarafa mail.. My differences as far i can read.. but for that i need more info... DC's are also time servers, are yours ? DC's use bind9 as dns servers. ( master dns ) Member servers for my shares. I have 2 proxy servers, which are the bind9 DNS slaves (read only) of the AD DC servers. and these do the internet resolving for my network. DHCP points also to these DNS servers. and im running on Xen Server ( free version ) (www.xenserver.org) How i did setup.. not all the scripts i used are ( for example the proxy scripts ) there but is a good starter. and it does not matter what your os is or if you do, or dont use Sernet packages. it's all about the setting imo. go here: https://secure.bazuin.nl/scripts/ if you have more questions just ask on the list.. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rowlandpenny at googlemail.com >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: dinsdag 27 januari 2015 12:14 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Failure reporting (mixed feelings) > >On 25/01/15 21:59, Twan Duis wrote: >> Hi there, >> >> >> As suggested on the samba wiki, I like to report failures >using samba4. >> >> >> Story: >> >> I had setup a general Office environment using samba4 (2 >servers) with AD intergrated DNS (samba internal), Zarafa mail >server (Prof.), ISC dhcp with split-scope and file shares >(users, profiles, data and application) for a test-case >environment. Plan was to deploy this setup for a customer >(small 25 Windows 7 PC accouting office). Backup was planned >with Bacula. The tests went well as long as the shares were >on the DC's (for NTFS rights). The customer needed 2 windows >servers for specific windows Application for book keeping. >> >> Next we needed a solution for home-workers to control their >PC, remotely. I implemented Guacamole a HTML5 to RDP gateway. >I have added yubikey integration for security (not samba >related but the AD was used for the Yubikey id storage. >> >> >> I've done the migration of a Windows SBS 2008 server to the >setup above (VMware virtual platform). After we went to >production we had a lot of failures regarding shares that were >lost on clients (random clients, others had no problems). As >several windows app cannot handle this 'feature' lots of >crashes and corrupted data. >> >> >> At first we blamed the network as i appeared to be crappy >before, so we replaceit, next we blamed the NAS/SAN storage as >we saw in vmware datastores disapearing.... This was solve by >rebooting a Thecus NAS (N5550), the OpenFiler (DELL 2950) was >running for years OK so this was fine. But we replaced the >Storage-network components (cables switch) to be sure. >> >> >> We had to step away from guacamole for stability (lost >connections and slow performance), not Samba4 related I think, >and use MS rdp gateway server. >> >> >> Now after 2 months we see 2 problems arise regularly: >> >> - clients still losing shares and applications that cannot >handle this make people anoying. >> >> - Samba4 intergrated DNS is having problems using forwarders >(Google's 8.8.8.8), as 'internet' is sometimes not working. I >have added a Windows 2008 DC with DNS to solve the forwarding >issue's but hope samba4 can solve this issue..... >> >> >> I hope to bring this project to a good ending, and hope >someone can shine some light on my misconfiguration as I'm on >a point to switch back the shares to windows servers for stability... >> >> >> So far i'm positive on the samba4 AD implementation, the >filesharing was always great but needs some improvement now. >Maybe I need to do the BIND9_DLZ DNS stuff..... >> >> >> If someone is willing to help me out here it would be >welcome, otherwise keep up the good work! >> >> >> >> > >What OS ? What version of Samba4 ? Where did you get samba4 from, OS >package, Sernet or self compiled ? >How did you provision Samba 4 ? >How have you set dhcp up ? >Please post the smb.conf from the two DC's > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On Sun, 2015-01-25 at 22:59 +0100, Twan Duis wrote:> > - Samba4 intergrated DNS is having problems using forwarders (Google's > 8.8.8.8), as 'internet' is sometimes not working. I have added a > Windows 2008 DC with DNS to solve the forwarding issue's but hope > samba4 can solve this issue.....If you are having trouble with forwarding packets via Samba, then don't forward packets via Samba. Either use BIND9 and the DLZ module, or on another IP use BIND9 as your DNS server, with a zone of type 'forward' pointing at your Samba DC. You don't have to make Samba's internal DNS server the choke point regarding DNS for your whole network if you are having issues. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba