Hi folks, I've got a bit of an issue with roaming profiles and I wondered if someone might be able to help please? :-) We've started rolling out Samba 4 across our network. Currently it's on 3 of our 4 sites, one site has two Samba servers and two sites have one Samba server each (well one site has two Samba 4 servers but one of the servers was an oldish test box which I'm planning on removing from AD when I can work out how to, but that's a separate issue). I've managed to get roaming profiles working for the users on each site. Each user is currently configured to store their roaming profile on the server on the site that they're based at. This seems to work pretty well with our Windows 7 clients and the users are happy that they can now login to any PC and get their desktop icons etc. Now my boss would like the ability to be able to login to a PC on a remote site (as in, not the site where his roaming profile is stored) and have the profile available. It seems to work without making any changes but it is quite slow logging on and off (I put this down to the fairly slow ADSL links we have between the sites). I was giving the issue some thought and tried creating a test user and changing the profile path to %logonserver%\profiles\user.name which when logging on created a profile on the logon server of whichever site I was at. However, I tried then rsyncing this profile across from one server at one site to another server (I've also tried it between two servers on the same site) but the permissions seem to get corrupted... If I look at the permissions in a Linux terminal I get the following... Output from ls -lh on Server 1: drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 Output from ls -lh on Server 2: drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 So the permissions look okay to me unless I'm missing something. If I check the permissions of the two profile folders in Windows 7 I get the following: Server 1 Permissions: SYSTEM - Full Control Charles.Carmichael - Full Control Server 2 Permissions: Everyone - None RANDOMPC$ - Full Control Random Group - Full Control Domain Users - None CREATOR OWNER - Special CREATOR GROUP - Special On Server 1 the owner is the user of the profile, on Server 2 the owner is RANDOMPC$. Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64 with the kernel 2.6.32-5-amd64. If it helps the filesystems are ext4 and have the options user_xattr,acl,barrier=1 in fstab. What we'd like to do is run an rsync overnight and copy the differences between the servers, but as we're coming across these issues we're a bit stuck. If anyone could help, or maybe suggest another way of syncing the roaming profiles between the servers that would be great. Thanks in advance, Rob
Ricky Nance
2013-Apr-17 23:45 UTC
[Samba] Rsyncing Samba4 Roaming Profiles between servers
See the plus on drwxrwx---+, that means you have either extended attributes or ACL's (my guess would be ACL's) so, I am willing to bet you haven't told rsync to preserve xattribs or acl's in your script. getfacl, setfacl, getfattr, and setfattr will be helpful in sorting this out. Good luck, Ricky On Wed, Apr 17, 2013 at 10:32 AM, Rob Beard <rob at mareandfoal.org> wrote:> Hi folks, > > I've got a bit of an issue with roaming profiles and I wondered if someone > might be able to help please? :-) > > We've started rolling out Samba 4 across our network. Currently it's on 3 > of our 4 sites, one site has two Samba servers and two sites have one Samba > server each (well one site has two Samba 4 servers but one of the servers > was an oldish test box which I'm planning on removing from AD when I can > work out how to, but that's a separate issue). > > I've managed to get roaming profiles working for the users on each site. > Each user is currently configured to store their roaming profile on the > server on the site that they're based at. This seems to work pretty well > with our Windows 7 clients and the users are happy that they can now login > to any PC and get their desktop icons etc. > > Now my boss would like the ability to be able to login to a PC on a remote > site (as in, not the site where his roaming profile is stored) and have the > profile available. It seems to work without making any changes but it is > quite slow logging on and off (I put this down to the fairly slow ADSL > links we have between the sites). > > I was giving the issue some thought and tried creating a test user and > changing the profile path to %logonserver%\profiles\user.name which when > logging on created a profile on the logon server of whichever site I was > at. > > However, I tried then rsyncing this profile across from one server at one > site to another server (I've also tried it between two servers on the same > site) but the permissions seem to get corrupted... > > If I look at the permissions in a Linux terminal I get the following... > > Output from ls -lh on Server 1: > drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 > > Output from ls -lh on Server 2: > drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 > > So the permissions look okay to me unless I'm missing something. > > If I check the permissions of the two profile folders in Windows 7 I get > the following: > > Server 1 Permissions: > > SYSTEM - Full Control > Charles.Carmichael - Full Control > > Server 2 Permissions: > > Everyone - None > RANDOMPC$ - Full Control > Random Group - Full Control > Domain Users - None > CREATOR OWNER - Special > CREATOR GROUP - Special > > On Server 1 the owner is the user of the profile, on Server 2 the owner is > RANDOMPC$. > > Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64 > with the kernel 2.6.32-5-amd64. If it helps the filesystems are ext4 and > have the options user_xattr,acl,barrier=1 in fstab. > > What we'd like to do is run an rsync overnight and copy the differences > between the servers, but as we're coming across these issues we're a bit > stuck. > > If anyone could help, or maybe suggest another way of syncing the roaming > profiles between the servers that would be great. > > Thanks in advance, > > Rob > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 17/04/2013 16:32, Rob Beard wrote:> Hi folks, > > I've got a bit of an issue with roaming profiles and I wondered if someone > might be able to help please? :-) > > We've started rolling out Samba 4 across our network. Currently it's on 3 > of our 4 sites, one site has two Samba servers and two sites have one Samba > server each (well one site has two Samba 4 servers but one of the servers > was an oldish test box which I'm planning on removing from AD when I can > work out how to, but that's a separate issue). > > I've managed to get roaming profiles working for the users on each site. > Each user is currently configured to store their roaming profile on the > server on the site that they're based at. This seems to work pretty well > with our Windows 7 clients and the users are happy that they can now login > to any PC and get their desktop icons etc. > > Now my boss would like the ability to be able to login to a PC on a remote > site (as in, not the site where his roaming profile is stored) and have the > profile available. It seems to work without making any changes but it is > quite slow logging on and off (I put this down to the fairly slow ADSL > links we have between the sites). > > I was giving the issue some thought and tried creating a test user and > changing the profile path to %logonserver%\profiles\user.name which when > logging on created a profile on the logon server of whichever site I was > at. > > However, I tried then rsyncing this profile across from one server at one > site to another server (I've also tried it between two servers on the same > site) but the permissions seem to get corrupted... > > If I look at the permissions in a Linux terminal I get the following... > > Output from ls -lh on Server 1: > drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 > > Output from ls -lh on Server 2: > drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2 > > So the permissions look okay to me unless I'm missing something. > > If I check the permissions of the two profile folders in Windows 7 I get > the following: > > Server 1 Permissions: > > SYSTEM - Full Control > Charles.Carmichael - Full Control > > Server 2 Permissions: > > Everyone - None > RANDOMPC$ - Full Control > Random Group - Full Control > Domain Users - None > CREATOR OWNER - Special > CREATOR GROUP - Special > > On Server 1 the owner is the user of the profile, on Server 2 the owner is > RANDOMPC$. > > Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64 > with the kernel 2.6.32-5-amd64. If it helps the filesystems are ext4 and > have the options user_xattr,acl,barrier=1 in fstab. > > What we'd like to do is run an rsync overnight and copy the differences > between the servers, but as we're coming across these issues we're a bit > stuck. > > If anyone could help, or maybe suggest another way of syncing the roaming > profiles between the servers that would be great. > > Thanks in advance, > > Rob >Hi folks, Further to Ricky's reply, I've had a look at the xattr's and acl's of the profiles folder after running an rsync with the -p, -A and -X switches. Checking the permissions on both servers they appear to be the same, the have the same owner and groups. Having checked the acls and xattrs they match on both servers. I've restarted Samba on the second server after rsyncing to it and checked the permissions again but I'm still getting the incorrect permissions :-( I wondered if there might be anywhere I can check where the permissions might be stored? Ta, Rob