On Tue, 2017-08-29 at 08:48 -0300, Flávio Silveira wrote:> > On 29/08/2017 01:10, Andrew Bartlett wrote: > > On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote: > > > Hi Andrew, thanks for your quick reply! > > > > > > On 28/08/2017 21:32, Andrew Bartlett wrote: > > > > On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: > > > > > Good evening, > > > > > > > > > > Sorry if this question is too dumb, but is it possible to > > > > > configure > > > > > an AD and Fileserver using the same Samba (or server) or they > > > > > need to > > > > > be > > > > > two separate thing? > > > > > > > > We suggest separating them, because having them on the same server > > > > implies you only have one AD DC, and that isn't a good idea. > > > > > > Giving my first question you may know I am a novice in regards to > > > AD, > > > I've only ran Samba as workgroup and simple file server. I guess > > > your > > > suggestion applies to any network, no matter what size, right? > > > Because > > > my network doesn't have more than 30 clients. > > > > One of the reasons I suggest it is that if you ever get DB corruption, > > which is very rare, it doesn't tend to replicate. It also means you > > can upgrade without disrupting clients. > > Yes, I just saw one case here where the guy is trying to upgrade to > 4.6.7 from 4.1.7 and his db is corrupted. > > > > > Additionally, folks often wish to upgrade the AD DC on a different > > > > schedule to the file server. I'm sure others will pile on with the > > > > other various reasons, but this is the core of it. > > > > > > Makes sense to have a spare DC and/or file server, can it be a > > > different > > > VM for example? > > > > Yes, that is fine. Naturally, a larger organisation would spread it > > out over more hardware, but you will know what makes sense at your > > scale. > > Ok, I'm thinking on focusing on the file server for now, does that need > a backup server as well or just one with backups can be enough? If one > is not the case, here is the topology I thought:Most organisations your size don't go for a clustered Samba for a file server, as it isn't really practical.> 1x HDD holding the VMs > 2x HDD (RAID 1) for data > > file server 1 will use one of the data HDDs > file server 2 will use the otherDo you mean AD DC 1/2?> I don't know if I can use RAID 1 if two distinct machines will use them, > even though they are VMsI'm a long way from start of the art sysadmin, but for the kind of setup you are trying, RAID 1 over 2xHDDs, an LVM PV on that, then putting the VMs system and data partitions as logical volumes on that PV would do fine. Remember, you are protecting against both logical and physical corruption, the logical corruption will be confined to the VM no matter the media, and the physical is confined (we hope) to a disk that dies.> > > If it matters, I will be using KVM, which seems to be as > > > close to a real machine as possible. > > > > That should be fine. Just remember to keep taking backups with the > > samba_backup script also. > > > > Andrew Bartlett > > Thanks for reminding me about samba_backup, does that apply for a file > server only as well?It is structured around the AD DC. But that reminds me, I need to find the patches someone posted to improve it. The fundamental task is to tdbbackup each tdb before the real backup. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On 29/08/2017 15:39, Andrew Bartlett wrote:> On Tue, 2017-08-29 at 08:48 -0300, Flávio Silveira wrote: >> On 29/08/2017 01:10, Andrew Bartlett wrote: >>> On Tue, 2017-08-29 at 00:06 -0300, Flávio Silveira via samba wrote: >>>> Hi Andrew, thanks for your quick reply! >>>> >>>> On 28/08/2017 21:32, Andrew Bartlett wrote: >>>>> On Mon, 2017-08-28 at 21:01 -0300, Flávio Silveira via samba wrote: >>>>>> Good evening, >>>>>> >>>>>> Sorry if this question is too dumb, but is it possible to >>>>>> configure >>>>>> an AD and Fileserver using the same Samba (or server) or they >>>>>> need to >>>>>> be >>>>>> two separate thing? >>>>> We suggest separating them, because having them on the same server >>>>> implies you only have one AD DC, and that isn't a good idea. >>>> Giving my first question you may know I am a novice in regards to >>>> AD, >>>> I've only ran Samba as workgroup and simple file server. I guess >>>> your >>>> suggestion applies to any network, no matter what size, right? >>>> Because >>>> my network doesn't have more than 30 clients. >>> One of the reasons I suggest it is that if you ever get DB corruption, >>> which is very rare, it doesn't tend to replicate. It also means you >>> can upgrade without disrupting clients. >> Yes, I just saw one case here where the guy is trying to upgrade to >> 4.6.7 from 4.1.7 and his db is corrupted. >> >>>>> Additionally, folks often wish to upgrade the AD DC on a different >>>>> schedule to the file server. I'm sure others will pile on with the >>>>> other various reasons, but this is the core of it. >>>> Makes sense to have a spare DC and/or file server, can it be a >>>> different >>>> VM for example? >>> Yes, that is fine. Naturally, a larger organisation would spread it >>> out over more hardware, but you will know what makes sense at your >>> scale. >> Ok, I'm thinking on focusing on the file server for now, does that need >> a backup server as well or just one with backups can be enough? If one >> is not the case, here is the topology I thought: > Most organisations your size don't go for a clustered Samba for a file > server, as it isn't really practical.Ok, so one it is!>> 1x HDD holding the VMs >> 2x HDD (RAID 1) for data >> >> file server 1 will use one of the data HDDs >> file server 2 will use the other > Do you mean AD DC 1/2?I meant file server, but as you said above it isn't really practical indeed.>> I don't know if I can use RAID 1 if two distinct machines will use them, >> even though they are VMs > I'm a long way from start of the art sysadmin, but for the kind of > setup you are trying, RAID 1 over 2xHDDs, an LVM PV on that, then > putting the VMs system and data partitions as logical volumes on that > PV would do fine. Remember, you are protecting against both logical > and physical corruption, the logical corruption will be confined to the > VM no matter the media, and the physical is confined (we hope) to a > disk that dies.Your idea makes perfect sense, thank you!> > >>>> If it matters, I will be using KVM, which seems to be as >>>> close to a real machine as possible. >>> That should be fine. Just remember to keep taking backups with the >>> samba_backup script also. >>> >>> Andrew Bartlett >> Thanks for reminding me about samba_backup, does that apply for a file >> server only as well? > It is structured around the AD DC. But that reminds me, I need to find > the patches someone posted to improve it. The fundamental task is to > tdbbackup each tdb before the real backup.Understood, so for a file server I should not worry about this, correct? Or does it work for file servers as well?> Andrew Bartlett >Also, should I create a new thread? Because this one was meant to see if it was possible to run AD DC and file server from the same server, but now I have file server related questions and I don't know if I can ask here or on a new thread. Off-topic: Do you still use IRC as abartlett? Regards, Flavio Silveira
On Wed, 30 Aug 2017 06:39:33 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote:> > It is structured around the AD DC. But that reminds me, I need to > find the patches someone posted to improve it. The fundamental task > is to tdbbackup each tdb before the real backup. > > Andrew Bartlett >There wasn't any patches (as far as I am aware), but there was the attached script that Louis Van Belle and myself worked on. Rowland
On Tue, 29 Aug 2017 16:04:14 -0300 Flávio Silveira via samba <samba at lists.samba.org> wrote:> Also, should I create a new thread? Because this one was meant to see > if it was possible to run AD DC and file server from the same server, > but now I have file server related questions and I don't know if I > can ask here or on a new thread. >Probably better if you create a new thread, running a Unix domain member is very different to running a DC. Rowland