thr3ads.net - samba - [Samba] Two SMB Domain member gateways to CEPHFS [Mar 2021]

If this information is useful, please help other people find it:
Share via:

Oskari Koivisto

2021-Mar-30 09:58 UTC

[Samba] Two SMB Domain member gateways to CEPHFS

Hi,

the realm in the smb.conf defines the actual domain. And that is set with .local

As per samba documentation that?s the way it should be done.

So the ceph is used as a backend storage for windows-hosts. Samba is the only
way providing cephfs to windows-clients.

The shares from the samba are mapped to users as netdrives and windows
permissions should be set to the shares accordingly.

-Oskari
> On 30. Mar 2021, at 10.53, Rowland penny via samba <samba at
lists.samba.org> wrote:
> 
> On 30/03/2021 07:43, Oskari Koivisto wrote:
>> Hi,
>> 
>> yes workgroup and domain are the same.
>> 
>> the DC?s are Server 2012 R2.
>> 
> 
> You shouldn't be using a single label domain, see here:
> 
>
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/single-label-domains-support-policy
> 
> It might help if you described your set up, you say you are running a cephs
cluster, but how ? Where are the DC's in relation to the cluster ?
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Rowland penny

2021-Mar-30 10:52 UTC

head link

[Samba] Two SMB Domain member gateways to CEPHFS

On 30/03/2021 10:58, Oskari Koivisto wrote:> Hi,
>
> the realm in the smb.conf defines the actual domain. And that is set with
.local
>
> As per samba documentation that?s the way it should be done.

No, actually it isn't, the Samba wiki here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

Explicitly says to not use '.local':

Make sure that you provision the AD using a DNS domain that will not 
need to be changed. Samba does not support renaming the AD DNS zone and 
Kerberos realm. Do not use |.local| for the TLD, this is used by Avahi.

So is your dns domain 'mict.local' and your workgroup 'MICT' ?

Note that the Samba wiki advises using a subdomain instead of a 
registered domain e.g. ad.mict.local

Except that you shouldn't use '.local', even Microsoft says this is
a
bad idea.

>
> So the ceph is used as a backend storage for windows-hosts. Samba is the
only way providing cephfs to windows-clients.
>
> The shares from the samba are mapped to users as netdrives and windows
permissions should be set to the shares accordingly.

That should work (mapping shares, that is), it sounds like your problem 
is with cephs and it sounds like your cephs cluster is spread out 
globally, I don't think this is a good idea.

Rowland

samba - Mar 2021 - Two SMB Domain member gateways to CEPHFS

[Samba] Two SMB Domain member gateways to CEPHFS

[Samba] Two SMB Domain member gateways to CEPHFS