Hi, no no, Samba is NOT an AD DC.
it?s only a member in Domain and should only be used to authenticate user to the
shares.
the ceph clusters are in 2 separate locations but both cluster are mainly
accessed via different users and groups.
There is only few services that actually connects to both cluster.
Regards,
-Oskari
> On 30. Mar 2021, at 13.52, Rowland penny via samba <samba at
lists.samba.org> wrote:
>
> On 30/03/2021 10:58, Oskari Koivisto wrote:
>> Hi,
>>
>> the realm in the smb.conf defines the actual domain. And that is set
with .local
>>
>> As per samba documentation that?s the way it should be done.
>
>
> No, actually it isn't, the Samba wiki here:
>
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> Explicitly says to not use '.local':
>
> Make sure that you provision the AD using a DNS domain that will not need
to be changed. Samba does not support renaming the AD DNS zone and Kerberos
realm. Do not use |.local| for the TLD, this is used by Avahi.
>
> So is your dns domain 'mict.local' and your workgroup
'MICT' ?
>
> Note that the Samba wiki advises using a subdomain instead of a registered
domain e.g. ad.mict.local
>
> Except that you shouldn't use '.local', even Microsoft says
this is a bad idea.
>
>
>>
>> So the ceph is used as a backend storage for windows-hosts. Samba is
the only way providing cephfs to windows-clients.
>>
>> The shares from the samba are mapped to users as netdrives and windows
permissions should be set to the shares accordingly.
>
>
> That should work (mapping shares, that is), it sounds like your problem is
with cephs and it sounds like your cephs cluster is spread out globally, I
don't think this is a good idea.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba