Hi,
It's indeed a pity that there is not built-in sysvol sync but it's not
too hard to work around it, given your environment is not too complex
(i.e. an overseeable number of DCs).
rsync can be used without an rsync server but use ssh instead: no server
that you need to set up. You need to create a keypair on every DC and
register the private key on all other DCs in root's
~/.ssh/authorized_keys file.
You need to be careful that you define GPOs, maintain DFS symbolic links
and the like only on your FSMO master DC.
With the above I have, on both of my DCs, a cronjob that executes every
minute:
* * * * *?? /usr/local/bin/sysvolsync
See that script below. It creates only output if it had to transfer
something or runs into an error: most of the time it is silent and you
won't notice that it runs at all. Works like this since a few years
without any problem.
#!/bin/bash
set -e
myhostname=dc1
otherhostname=dc2
stdout=/tmp/sysvolsync-$$.out
stderr=/tmp/sysvolsync-$$.err
sysvoldir=/usr/local/samba/var/locks/sysvol
sysvoldirparent=$(dirname $sysvoldir)
#exit if I don't hold any FSMO roles
samba-tool fsmo show 2>&1 | grep -i "CN=$myhostname"
>/dev/null || exit
rsyncstatus=0
rsync -avAX --delete $sysvoldir $otherhostname:$sysvoldirparent >$stdout
2>$stderr || rsyncstatus=$?
cat $stdout | \
?? sed -e "/^sending incremental file list\$/ d" \
?????? -e "/^sent / d" \
?????? -e "/^total size is / d" \
?????? -e "/^\$/ d" \
?? >$stdout.2
[ $rsyncstatus = 0 ] && [ `wc -l $stderr|sed "s/ .*//"` = 0 ]
&& [ `wc
-l $stdout.2|sed "s/ .*//"` = 0 ] || {
cat <<EOF
rsync -avAX --delete $sysvoldir $otherhostname:$sysvoldirparent
returns $rsyncstatus
stdout:
$(cat $stdout)
stderr:
$(cat $stderr)
EOF
}
rm -rf $stdout $stderr $stdout.2
On 25.10.2019 20:31, S?rgio Basto via samba wrote:> Hi,
> For me this is the most important feature that we miss in Samba4 AD [1]
> .
> First, IMHO , I don't see mounting a rsync server as the most easy way
> but in that page have a crucial clue [2] which is just write GPO(s) in
> the master.
>
> But we need not forget [3] "To use a Sysvol Replication workaround,
all
> domain controllers (DC) must use the same ID mappings for built-in
> users and groups". This sentence should be also write in [1] , I
missed
> this in one DC and just some months after I did the sync of Built-in
> User & Group ID Mappings, after this should I run a full replications
> or something like that ? don't have this feature is a big confusion ...
>
> Also in [4], we have unison in Centos 7, so for me is the easy way ,
> although unison can sweep all data in seconds (when we copy with
> preserve dates it is tricky) so it is more than recommend backup all
> file system first. And a better detail of what rsync parameter does on
> "Add to Crontab on DC1 Add to Crontab on DC1".
> Lastly we may add a notes IIRC for Sync with multiple servers [5]
>
> Thanks.
>
>
> [1]
> https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
>
> [2]
>
https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround#Information_on_rsync-based_replication
>
> [3]
>
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
>
> [4]
>
https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround
>
> [5]
>
https://unix.stackexchange.com/questions/248668/sync-muliple-pcs-with-unison/546309#546309
>
> On Fri, 2019-10-25 at 12:31 +0200, Ivan Juri?i? via samba wrote:
>> Any plane in future to build-in Samba SysVol replication (DFS-R) ?
>>
>> For now we have this workaround at link:
>>
>>
https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround
> -- ,
> S?rgio M. B.
>
>