On 16/07/2019 14:16, Jonathon Reinhart wrote:> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>> Rowland, >>> >>> You could go another step further and run that with "notify" to >>> monitor for changes, instead of having to run it in a cron job. In my >>> experience, "notify" works using smbclient, but not so with >>> libsmbclient. >> Problem is, the script is written to be run on DC's that do not hold the >> PDC Emulator FSMO role, so it would have to be re-written. > Why does the PDC emulator role matter? All non-PDC-emulators could > simply watch for changes on the PDC Emulator, right? Am I missing > something?It doesn't really matter, but it is probably best practise to only carry out GPO operations on one DC and the PDC Emulator DC is probably the best one to use. From my knowledge, inotify only works on the computer it is installed on, so how do you suggest that inotify could watch for something happening on another computer ? Of course, you could install another script on the PDC Emulator to watch Sysvol and then run something (smbclient ??) to run the sync script on other DC's Rowland
On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba <samba at lists.samba.org> wrote:> > On 16/07/2019 14:16, Jonathon Reinhart wrote: > > On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > > <samba at lists.samba.org> wrote: > >> On 16/07/2019 14:02, Jonathon Reinhart wrote: > >>> Rowland, > >>> > >>> You could go another step further and run that with "notify" to > >>> monitor for changes, instead of having to run it in a cron job. In my > >>> experience, "notify" works using smbclient, but not so with > >>> libsmbclient. > >> Problem is, the script is written to be run on DC's that do not hold the > >> PDC Emulator FSMO role, so it would have to be re-written. > > Why does the PDC emulator role matter? All non-PDC-emulators could > > simply watch for changes on the PDC Emulator, right? Am I missing > > something? > > It doesn't really matter, but it is probably best practise to only carry > out GPO operations on one DC and the PDC Emulator DC is probably the > best one to use.Absolutely, all of my plans and scripts assume this. I also enforce it by marking Sysvol and netlogon as "read only = yes" on non-PDC-Emulators.> > From my knowledge, inotify only works on the computer it is installed > on, so how do you suggest that inotify could watch for something > happening on another computer ?I'm not referring to inotify; I'm talking about the smbcient "notify" command, or libsmbclient smbc_notify() API.> > Of course, you could install another script on the PDC Emulator to watch > Sysvol and then run something (smbclient ??) to run the sync script on > other DC's > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 16/07/2019 16:40, Jonathon Reinhart wrote:> On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:16, Jonathon Reinhart wrote: >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba >>> <samba at lists.samba.org> wrote: >>>> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>>>> Rowland, >>>>> >>>>> You could go another step further and run that with "notify" to >>>>> monitor for changes, instead of having to run it in a cron job. In my >>>>> experience, "notify" works using smbclient, but not so with >>>>> libsmbclient. >>>> Problem is, the script is written to be run on DC's that do not hold the >>>> PDC Emulator FSMO role, so it would have to be re-written. >>> Why does the PDC emulator role matter? All non-PDC-emulators could >>> simply watch for changes on the PDC Emulator, right? Am I missing >>> something? >> It doesn't really matter, but it is probably best practise to only carry >> out GPO operations on one DC and the PDC Emulator DC is probably the >> best one to use. > Absolutely, all of my plans and scripts assume this. I also enforce it > by marking Sysvol and netlogon as "read only = yes" on > non-PDC-Emulators. > >> From my knowledge, inotify only works on the computer it is installed >> on, so how do you suggest that inotify could watch for something >> happening on another computer ? > I'm not referring to inotify; I'm talking about the smbcient "notify" > command, or libsmbclient smbc_notify() API.I don't think this does what you think, from 'man smbclient': ?????? notify <dir name> ?????????? Query a directory for change notifications. This command issues a ?????????? recursive filechangenotify call for all possible changes. As ?????????? changes come in will print one line per change. See ?????????? https://msdn.microsoft.com/en-us/library/dn392331.aspx for a ?????????? description of the action numbers that this command prints. ?????????? This command never ends, it waits for event indefinitely. So I think for this to work, you would have to keep a connection open to sysvol on the PDC Emulator at all times. I have never used 'notify', so I am guessing here, the above seems to be the total of the documentation available. It could just be the most underused part of Samba ;-) Rowland