Hi, in this thread:
https://lists.samba.org/archive/samba/2019-July/224365.html
Joachim Lindenberg reminded me that he was using smbclient to sync Sysvol.
He posted (in the link above) a link to his original post:
https://lists.samba.org/archive/samba/2019-July/224346.html
Here he posted a copy of his script. I personally would never have
thought about using smbclient, but it just goes to show how inventive
Samba users are.
I have tested the script (and altered it slightly), it seems to work, so
here is my version:
#------- script start ---------------------
#!/bin/bash
# prerequisite: apt-get install smbclient
# you need to be root or use sudo to run this script.
if [ "$EUID" -ne 0 ]; then
??? echo "Please run as root, or use sudo. Exiting now..."
??? exit 1
fi
sysvol="$(samba -b | grep "STATEDIR" | awk '{print
$NF}')/sysvol"
[[ -d $sysvol ]] || exit
pdc=$(host -t SRV _ldap._tcp.pdc._msdcs."$(hostname -d)" | awk
'{print
$NF}' | awk -F '.' '{print $1}')
thisdc=$(hostname -s)
if [ "$thisdc" = "$pdc" ]; then
??? echo "This is the DC holding the PDC Emulator role"
??? echo "Cannot continue...Exiting."
??? exit
fi
if [ ! -d /tmp/samba ]; then
??? mkdir /tmp/samba
??? if [ "$?" != 0 ]; then
??????? exit
??? fi
fi
if [ ! -f /tmp/samba/olddir ]; then
??? echo '0' > /tmp/samba/olddir
fi
smbclient --machine-pass -e --max-protocol SMB3 \\\\"$pdc"\\sysvol -c
"prompt; recurse; dir *" >/tmp/samba/newdir
cmp /tmp/samba/newdir /tmp/samba/olddir > /dev/null 2>&1
if [ $? -ne 0 ]; then
??? mkdir /tmp/samba/sysvol
??? cd /tmp/samba/sysvol || exit
??? smbclient --machine-pass -e --max-protocol SMB3
\\\\"$pdc"\\sysvol
-c "prompt; recurse; mget *"
??? mv "$sysvol" "$sysvol.old"
??? mv /tmp/samba/sysvol "$sysvol.old/.."
??? samba-tool ntacl sysvolreset
??? rm -r "$sysvol.old"
??? rm -f /tmp/samba/olddir
??? mv /tmp/samba/newdir /tmp/samba/olddir
fi
exit 0
#----------- script end ----------------
My version is a bit simpler and doesn't use ldb-tools.
Rowland
Automatic Sysvol replication through detection of filesystem events https://lists.samba.org/archive/samba/2016-April/199399.html This method automatically detects changes in the source sysvol, is very quick, and keeps the original permissions on files, no need for "samba-tool ntacl sysvolreset".
Rowland, You could go another step further and run that with "notify" to monitor for changes, instead of having to run it in a cron job. In my experience, "notify" works using smbclient, but not so with libsmbclient. Another nice benefit of using smbclient + 'samba-tool ntacl sysvolreset' over rsync is that you don't need worry about the built-in user/group ID mappings, as documented here: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings Jonathon On Tue, Jul 16, 2019 at 8:11 AM Rowland penny via samba <samba at lists.samba.org> wrote:> > Hi, in this thread: > https://lists.samba.org/archive/samba/2019-July/224365.html > > Joachim Lindenberg reminded me that he was using smbclient to sync Sysvol. > > He posted (in the link above) a link to his original post: > > https://lists.samba.org/archive/samba/2019-July/224346.html > > Here he posted a copy of his script. I personally would never have > thought about using smbclient, but it just goes to show how inventive > Samba users are. > > I have tested the script (and altered it slightly), it seems to work, so > here is my version: > > #------- script start --------------------- > #!/bin/bash > # prerequisite: apt-get install smbclient > > # you need to be root or use sudo to run this script. > if [ "$EUID" -ne 0 ]; then > echo "Please run as root, or use sudo. Exiting now..." > exit 1 > fi > > sysvol="$(samba -b | grep "STATEDIR" | awk '{print $NF}')/sysvol" > [[ -d $sysvol ]] || exit > > pdc=$(host -t SRV _ldap._tcp.pdc._msdcs."$(hostname -d)" | awk '{print > $NF}' | awk -F '.' '{print $1}') > thisdc=$(hostname -s) > if [ "$thisdc" = "$pdc" ]; then > echo "This is the DC holding the PDC Emulator role" > echo "Cannot continue...Exiting." > exit > fi > > if [ ! -d /tmp/samba ]; then > mkdir /tmp/samba > if [ "$?" != 0 ]; then > exit > fi > fi > > if [ ! -f /tmp/samba/olddir ]; then > echo '0' > /tmp/samba/olddir > fi > > smbclient --machine-pass -e --max-protocol SMB3 \\\\"$pdc"\\sysvol -c > "prompt; recurse; dir *" >/tmp/samba/newdir > > cmp /tmp/samba/newdir /tmp/samba/olddir > /dev/null 2>&1 > if [ $? -ne 0 ]; then > mkdir /tmp/samba/sysvol > cd /tmp/samba/sysvol || exit > smbclient --machine-pass -e --max-protocol SMB3 \\\\"$pdc"\\sysvol > -c "prompt; recurse; mget *" > mv "$sysvol" "$sysvol.old" > mv /tmp/samba/sysvol "$sysvol.old/.." > samba-tool ntacl sysvolreset > rm -r "$sysvol.old" > rm -f /tmp/samba/olddir > mv /tmp/samba/newdir /tmp/samba/olddir > fi > > exit 0 > #----------- script end ---------------- > > My version is a bit simpler and doesn't use ldb-tools. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 16/07/2019 13:53, miguel medalha wrote:> Automatic Sysvol replication through detection of filesystem events > > https://lists.samba.org/archive/samba/2016-April/199399.html > > This method automatically detects changes in the source sysvol, is > very quick, and keeps the original permissions on files, no need for > "samba-tool ntacl sysvolreset". > >Yes, but that still uses rsync ;-) Rowland
On 16/07/2019 14:02, Jonathon Reinhart wrote:> Rowland, > > You could go another step further and run that with "notify" to > monitor for changes, instead of having to run it in a cron job. In my > experience, "notify" works using smbclient, but not so with > libsmbclient.Problem is, the script is written to be run on DC's that do not hold the PDC Emulator FSMO role, so it would have to be re-written.> > Another nice benefit of using smbclient + 'samba-tool ntacl > sysvolreset' over rsync is that you don't need worry about the > built-in user/group ID mappings, as documented here: > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_MappingsYes, I did consider this. Rowland