samba - Apr 2013 - Rsyncing Samba4 Roaming Profiles between servers

Hi folks,

I've got a bit of an issue with roaming profiles and I wondered if someone
might be able to help please? :-)

We've started rolling out Samba 4 across our network.  Currently it's on
3
of our 4 sites, one site has two Samba servers and two sites have one Samba
server each (well one site has two Samba 4 servers but one of the servers
was an oldish test box which I'm planning on removing from AD when I can
work out how to, but that's a separate issue).

I've managed to get roaming profiles working for the users on each site. 
Each user is currently configured to store their roaming profile on the
server on the site that they're based at.  This seems to work pretty well
with our Windows 7 clients and the users are happy that they can now login
to any PC and get their desktop icons etc.

Now my boss would like the ability to be able to login to a PC on a remote
site (as in, not the site where his roaming profile is stored) and have the
profile available.  It seems to work without making any changes but it is
quite slow logging on and off (I put this down to the fairly slow ADSL
links we have between the sites).

I was giving the issue some thought and tried creating a test user and
changing the profile path to %logonserver%\profiles\user.name which when
logging on created a profile on the logon server of whichever site I was
at.

However, I tried then rsyncing this profile across from one server at one
site to another server (I've also tried it between two servers on the same
site) but the permissions seem to get corrupted...

If I look at the permissions in a Linux terminal I get the following...

Output from ls -lh on Server 1:
drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2

Output from ls -lh on Server 2:
drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2

So the permissions look okay to me unless I'm missing something.

If I check the permissions of the two profile folders in Windows 7 I get
the following:

Server 1 Permissions:

SYSTEM - Full Control
Charles.Carmichael - Full Control

Server 2 Permissions:

Everyone - None
RANDOMPC$ - Full Control
Random Group - Full Control
Domain Users - None
CREATOR OWNER - Special
CREATOR GROUP - Special

On Server 1 the owner is the user of the profile, on Server 2 the owner is
RANDOMPC$.

Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64
with the kernel 2.6.32-5-amd64.  If it helps the filesystems are ext4 and
have the options user_xattr,acl,barrier=1 in fstab.

What we'd like to do is run an rsync overnight and copy the differences
between the servers, but as we're coming across these issues we're a bit
stuck.

If anyone could help, or maybe suggest another way of syncing the roaming
profiles between the servers that would be great.

Thanks in advance,

Rob

See the plus on drwxrwx---+, that means you have either extended attributes
or ACL's (my guess would be ACL's) so, I am willing to bet you
haven't told
rsync to preserve xattribs or acl's in your script. getfacl, setfacl,
getfattr, and setfattr will be helpful in sorting this out.

Good luck,
Ricky


On Wed, Apr 17, 2013 at 10:32 AM, Rob Beard <rob at mareandfoal.org>
wrote:
> Hi folks,
>
> I've got a bit of an issue with roaming profiles and I wondered if
someone
> might be able to help please? :-)
>
> We've started rolling out Samba 4 across our network.  Currently
it's on 3
> of our 4 sites, one site has two Samba servers and two sites have one Samba
> server each (well one site has two Samba 4 servers but one of the servers
> was an oldish test box which I'm planning on removing from AD when I
can
> work out how to, but that's a separate issue).
>
> I've managed to get roaming profiles working for the users on each
site.
> Each user is currently configured to store their roaming profile on the
> server on the site that they're based at.  This seems to work pretty
well
> with our Windows 7 clients and the users are happy that they can now login
> to any PC and get their desktop icons etc.
>
> Now my boss would like the ability to be able to login to a PC on a remote
> site (as in, not the site where his roaming profile is stored) and have the
> profile available.  It seems to work without making any changes but it is
> quite slow logging on and off (I put this down to the fairly slow ADSL
> links we have between the sites).
>
> I was giving the issue some thought and tried creating a test user and
> changing the profile path to %logonserver%\profiles\user.name which when
> logging on created a profile on the logon server of whichever site I was
> at.
>
> However, I tried then rsyncing this profile across from one server at one
> site to another server (I've also tried it between two servers on the
same
> site) but the permissions seem to get corrupted...
>
> If I look at the permissions in a Linux terminal I get the following...
>
> Output from ls -lh on Server 1:
> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>
> Output from ls -lh on Server 2:
> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>
> So the permissions look okay to me unless I'm missing something.
>
> If I check the permissions of the two profile folders in Windows 7 I get
> the following:
>
> Server 1 Permissions:
>
> SYSTEM - Full Control
> Charles.Carmichael - Full Control
>
> Server 2 Permissions:
>
> Everyone - None
> RANDOMPC$ - Full Control
> Random Group - Full Control
> Domain Users - None
> CREATOR OWNER - Special
> CREATOR GROUP - Special
>
> On Server 1 the owner is the user of the profile, on Server 2 the owner is
> RANDOMPC$.
>
> Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64
> with the kernel 2.6.32-5-amd64.  If it helps the filesystems are ext4 and
> have the options user_xattr,acl,barrier=1 in fstab.
>
> What we'd like to do is run an rsync overnight and copy the differences
> between the servers, but as we're coming across these issues we're
a bit
> stuck.
>
> If anyone could help, or maybe suggest another way of syncing the roaming
> profiles between the servers that would be great.
>
> Thanks in advance,
>
> Rob
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 17/04/2013 16:32, Rob Beard wrote:
> Hi folks,
>
> I've got a bit of an issue with roaming profiles and I wondered if
someone
> might be able to help please? :-)
>
> We've started rolling out Samba 4 across our network.  Currently
it's on 3
> of our 4 sites, one site has two Samba servers and two sites have one Samba
> server each (well one site has two Samba 4 servers but one of the servers
> was an oldish test box which I'm planning on removing from AD when I
can
> work out how to, but that's a separate issue).
>
> I've managed to get roaming profiles working for the users on each
site.
> Each user is currently configured to store their roaming profile on the
> server on the site that they're based at.  This seems to work pretty
well
> with our Windows 7 clients and the users are happy that they can now login
> to any PC and get their desktop icons etc.
>
> Now my boss would like the ability to be able to login to a PC on a remote
> site (as in, not the site where his roaming profile is stored) and have the
> profile available.  It seems to work without making any changes but it is
> quite slow logging on and off (I put this down to the fairly slow ADSL
> links we have between the sites).
>
> I was giving the issue some thought and tried creating a test user and
> changing the profile path to %logonserver%\profiles\user.name which when
> logging on created a profile on the logon server of whichever site I was
> at.
>
> However, I tried then rsyncing this profile across from one server at one
> site to another server (I've also tried it between two servers on the
same
> site) but the permissions seem to get corrupted...
>
> If I look at the permissions in a Linux terminal I get the following...
>
> Output from ls -lh on Server 1:
> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>
> Output from ls -lh on Server 2:
> drwxrwx---+ 14 3000060 users 4.0K Apr 17 16:15 charles.carmichael.V2
>
> So the permissions look okay to me unless I'm missing something.
>
> If I check the permissions of the two profile folders in Windows 7 I get
> the following:
>
> Server 1 Permissions:
>
> SYSTEM - Full Control
> Charles.Carmichael - Full Control
>
> Server 2 Permissions:
>
> Everyone - None
> RANDOMPC$ - Full Control
> Random Group - Full Control
> Domain Users - None
> CREATOR OWNER - Special
> CREATOR GROUP - Special
>
> On Server 1 the owner is the user of the profile, on Server 2 the owner is
> RANDOMPC$.
>
> Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64
> with the kernel 2.6.32-5-amd64.  If it helps the filesystems are ext4 and
> have the options user_xattr,acl,barrier=1 in fstab.
>
> What we'd like to do is run an rsync overnight and copy the differences
> between the servers, but as we're coming across these issues we're
a bit
> stuck.
>
> If anyone could help, or maybe suggest another way of syncing the roaming
> profiles between the servers that would be great.
>
> Thanks in advance,
>
> Rob
>
Hi folks,

Further to Ricky's reply, I've had a look at the xattr's and
acl's of
the profiles folder after running an rsync with the -p, -A and -X switches.

Checking the permissions on both servers they appear to be the same, the 
have the same owner and groups.  Having checked the acls and xattrs they 
match on both servers.

I've restarted Samba on the second server after rsyncing to it and 
checked the permissions again but I'm still getting the incorrect 
permissions :-(

I wondered if there might be anywhere I can check where the permissions 
might be stored?

Ta,

Rob