On 16/07/2019 14:02, Jonathon Reinhart wrote:> Rowland, > > You could go another step further and run that with "notify" to > monitor for changes, instead of having to run it in a cron job. In my > experience, "notify" works using smbclient, but not so with > libsmbclient.Problem is, the script is written to be run on DC's that do not hold the PDC Emulator FSMO role, so it would have to be re-written.> > Another nice benefit of using smbclient + 'samba-tool ntacl > sysvolreset' over rsync is that you don't need worry about the > built-in user/group ID mappings, as documented here: > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_MappingsYes, I did consider this. Rowland
On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba <samba at lists.samba.org> wrote:> > On 16/07/2019 14:02, Jonathon Reinhart wrote: > > Rowland, > > > > You could go another step further and run that with "notify" to > > monitor for changes, instead of having to run it in a cron job. In my > > experience, "notify" works using smbclient, but not so with > > libsmbclient. > Problem is, the script is written to be run on DC's that do not hold the > PDC Emulator FSMO role, so it would have to be re-written.Why does the PDC emulator role matter? All non-PDC-emulators could simply watch for changes on the PDC Emulator, right? Am I missing something?> > > > Another nice benefit of using smbclient + 'samba-tool ntacl > > sysvolreset' over rsync is that you don't need worry about the > > built-in user/group ID mappings, as documented here: > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings > > Yes, I did consider this. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 16/07/2019 14:16, Jonathon Reinhart wrote:> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>> Rowland, >>> >>> You could go another step further and run that with "notify" to >>> monitor for changes, instead of having to run it in a cron job. In my >>> experience, "notify" works using smbclient, but not so with >>> libsmbclient. >> Problem is, the script is written to be run on DC's that do not hold the >> PDC Emulator FSMO role, so it would have to be re-written. > Why does the PDC emulator role matter? All non-PDC-emulators could > simply watch for changes on the PDC Emulator, right? Am I missing > something?It doesn't really matter, but it is probably best practise to only carry out GPO operations on one DC and the PDC Emulator DC is probably the best one to use. From my knowledge, inotify only works on the computer it is installed on, so how do you suggest that inotify could watch for something happening on another computer ? Of course, you could install another script on the PDC Emulator to watch Sysvol and then run something (smbclient ??) to run the sync script on other DC's Rowland