Hi Andrew, thanks for your quick reply! On 28/08/2017 21:32, Andrew Bartlett wrote:> On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: >> Good evening, >> >> Sorry if this question is too dumb, but is it possible to >> configure >> an AD and Fileserver using the same Samba (or server) or they need to >> be >> two separate thing? > We suggest separating them, because having them on the same server > implies you only have one AD DC, and that isn't a good idea.Giving my first question you may know I am a novice in regards to AD, I've only ran Samba as workgroup and simple file server. I guess your suggestion applies to any network, no matter what size, right? Because my network doesn't have more than 30 clients.> Additionally, folks often wish to upgrade the AD DC on a different > schedule to the file server. I'm sure others will pile on with the > other various reasons, but this is the core of it.Makes sense to have a spare DC and/or file server, can it be a different VM for example? If it matters, I will be using KVM, which seems to be as close to a real machine as possible.> > > Thanks, > > Andrew BartlettRegards, Flavio Silveira
On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote:> Hi Andrew, thanks for your quick reply! > > On 28/08/2017 21:32, Andrew Bartlett wrote: > > On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: > > > Good evening, > > > > > > Sorry if this question is too dumb, but is it possible to > > > configure > > > an AD and Fileserver using the same Samba (or server) or they > > > need to > > > be > > > two separate thing? > > > > We suggest separating them, because having them on the same server > > implies you only have one AD DC, and that isn't a good idea. > > Giving my first question you may know I am a novice in regards to > AD, > I've only ran Samba as workgroup and simple file server. I guess > your > suggestion applies to any network, no matter what size, right? > Because > my network doesn't have more than 30 clients.One of the reasons I suggest it is that if you ever get DB corruption, which is very rare, it doesn't tend to replicate. It also means you can upgrade without disrupting clients.> > Additionally, folks often wish to upgrade the AD DC on a different > > schedule to the file server. I'm sure others will pile on with the > > other various reasons, but this is the core of it. > > Makes sense to have a spare DC and/or file server, can it be a > different > VM for example?Yes, that is fine. Naturally, a larger organisation would spread it out over more hardware, but you will know what makes sense at your scale.> If it matters, I will be using KVM, which seems to be as > close to a real machine as possible.That should be fine. Just remember to keep taking backups with the samba_backup script also. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
On 29/08/2017 01:10, Andrew Bartlett wrote:> On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote: >> Hi Andrew, thanks for your quick reply! >> >> On 28/08/2017 21:32, Andrew Bartlett wrote: >>> On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: >>>> Good evening, >>>> >>>> Sorry if this question is too dumb, but is it possible to >>>> configure >>>> an AD and Fileserver using the same Samba (or server) or they >>>> need to >>>> be >>>> two separate thing? >>> We suggest separating them, because having them on the same server >>> implies you only have one AD DC, and that isn't a good idea. >> Giving my first question you may know I am a novice in regards to >> AD, >> I've only ran Samba as workgroup and simple file server. I guess >> your >> suggestion applies to any network, no matter what size, right? >> Because >> my network doesn't have more than 30 clients. > One of the reasons I suggest it is that if you ever get DB corruption, > which is very rare, it doesn't tend to replicate. It also means you > can upgrade without disrupting clients.Yes, I just saw one case here where the guy is trying to upgrade to 4.6.7 from 4.1.7 and his db is corrupted.>>> Additionally, folks often wish to upgrade the AD DC on a different >>> schedule to the file server. I'm sure others will pile on with the >>> other various reasons, but this is the core of it. >> Makes sense to have a spare DC and/or file server, can it be a >> different >> VM for example? > Yes, that is fine. Naturally, a larger organisation would spread it > out over more hardware, but you will know what makes sense at your > scale.Ok, I'm thinking on focusing on the file server for now, does that need a backup server as well or just one with backups can be enough? If one is not the case, here is the topology I thought: 1x HDD holding the VMs 2x HDD (RAID 1) for data file server 1 will use one of the data HDDs file server 2 will use the other I don't know if I can use RAID 1 if two distinct machines will use them, even though they are VMs>> If it matters, I will be using KVM, which seems to be as >> close to a real machine as possible. > That should be fine. Just remember to keep taking backups with the > samba_backup script also. > > Andrew BartlettThanks for reminding me about samba_backup, does that apply for a file server only as well? Regards, Flavio Silveira
On Tue, 2017-08-29 at 08:48 -0300, Flávio Silveira wrote:> > On 29/08/2017 01:10, Andrew Bartlett wrote: > > On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote: > > > Hi Andrew, thanks for your quick reply! > > > > > > On 28/08/2017 21:32, Andrew Bartlett wrote: > > > > On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: > > > > > Good evening, > > > > > > > > > > Sorry if this question is too dumb, but is it possible to > > > > > configure > > > > > an AD and Fileserver using the same Samba (or server) or they > > > > > need to > > > > > be > > > > > two separate thing? > > > > > > > > We suggest separating them, because having them on the same server > > > > implies you only have one AD DC, and that isn't a good idea. > > > > > > Giving my first question you may know I am a novice in regards to > > > AD, > > > I've only ran Samba as workgroup and simple file server. I guess > > > your > > > suggestion applies to any network, no matter what size, right? > > > Because > > > my network doesn't have more than 30 clients. > > > > One of the reasons I suggest it is that if you ever get DB corruption, > > which is very rare, it doesn't tend to replicate. It also means you > > can upgrade without disrupting clients. > > Yes, I just saw one case here where the guy is trying to upgrade to > 4.6.7 from 4.1.7 and his db is corrupted. > > > > > Additionally, folks often wish to upgrade the AD DC on a different > > > > schedule to the file server. I'm sure others will pile on with the > > > > other various reasons, but this is the core of it. > > > > > > Makes sense to have a spare DC and/or file server, can it be a > > > different > > > VM for example? > > > > Yes, that is fine. Naturally, a larger organisation would spread it > > out over more hardware, but you will know what makes sense at your > > scale. > > Ok, I'm thinking on focusing on the file server for now, does that need > a backup server as well or just one with backups can be enough? If one > is not the case, here is the topology I thought:Most organisations your size don't go for a clustered Samba for a file server, as it isn't really practical.> 1x HDD holding the VMs > 2x HDD (RAID 1) for data > > file server 1 will use one of the data HDDs > file server 2 will use the otherDo you mean AD DC 1/2?> I don't know if I can use RAID 1 if two distinct machines will use them, > even though they are VMsI'm a long way from start of the art sysadmin, but for the kind of setup you are trying, RAID 1 over 2xHDDs, an LVM PV on that, then putting the VMs system and data partitions as logical volumes on that PV would do fine. Remember, you are protecting against both logical and physical corruption, the logical corruption will be confined to the VM no matter the media, and the physical is confined (we hope) to a disk that dies.> > > If it matters, I will be using KVM, which seems to be as > > > close to a real machine as possible. > > > > That should be fine. Just remember to keep taking backups with the > > samba_backup script also. > > > > Andrew Bartlett > > Thanks for reminding me about samba_backup, does that apply for a file > server only as well?It is structured around the AD DC. But that reminds me, I need to find the patches someone posted to improve it. The fundamental task is to tdbbackup each tdb before the real backup. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba