samba - Nov 2022 - several offices: home dirs, local resources, ...

Op 22-11-2022 om 12:23 schreef Michael Tokarev via
samba:
> 18.11.2022 02:25, Norbert Hanke via samba wrote:
>> Hi Michael,
>>
>> Location-specific DFS might help you: an UNC path looks the same across
>> all offices from the Windows client side, but it is resolves specific
>> for the office it is being accessed from.
>>
>> The concept is explained in Microsoft terms here:
>>
https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs-overview
>>
>> .
>>
>> Concluding from a different mail thread, you are working on AD sites
>> reflecting different offices. Once you have that working -
site-specific
>> AD-DCs in the various offices of your company, it will not be a big
step
>> to get site-specific "Folder Targets" (in Microsoft terms)
implemented.
>> E.g. \\your.domain.fqdn\profiles\userA will point to a share hosted in
>> the office of that user, or even \\your.domain.fqdn\profiles could be
>> site-specific. Technically on the samba DC it's just a matter of a
few
>> entries in smb.conf plus symbolic links in the file system of the DC.
>
> Hi Norbert!? That seems like a very interesting way.? I just configured
> [profiles] share on a DC, with msdfs root enabled, and created a folder
> in it with `mjt' username, pointing to the right file server.
>
Are you aware of the source3 vs source4 differences, i.e. it is better 
not to host shares on a DC?
> Now I wonder how to configure shares like \\domain.tld\profiles to work?
> And should it work with the short name (\\domain\profiles) ?
>
>
>> I tried to get DFS running with Samba DCs a few years ago. I was not
>> successful, and because it was not important for my use case I did not
>> try for long and gave up. In theory it should work, and maybe one or
the
>> other bug might have been resolved in the meantime.
>
> Do you mean the microsoft-tool-manageable DFS, like described in the
> doc you pointed to above?? I don't think I really need this so far, it
> is easy enough to crate the symlinks :) (btw, these names in the DFS
> root really act and shown as symlinks by windows).
>
> What I really want is a short fileserver name (FS) - which the users
> are used to, - to point to a site-specific server - this is the main
> goal, to register "FS" name local to each site.
>
> A seems-to-be-easier goal is to provide local (site-specific) storage
> for user profiles, but that one might be a bit easier since it can
> be configured in a single place which is not directly used by the
> users (so users wont have to reconfigure all their shortcuts for
> example).
>
>
>> And BTW, thank you for all your hard work for the Debian samba
packages!
>> You're doing a big favour to the samba community.
>
> You are welcome :)
>
> Thank you!
>
> /mjt
>

22.11.2022 16:03, Kees van Vloten via samba wrote:
>> Hi Norbert!? That seems like a very interesting way.? I just configured
>> [profiles] share on a DC, with msdfs root enabled, and created a folder
>> in it with `mjt' username, pointing to the right file server.
>>
> Are you aware of the source3 vs source4 differences, i.e. it is better not
to host shares on a DC?
I'm not aware of how source3 vs source4 is relevant to the question
about hosting shares on a DC or not. Can you rephrase please?

Speaking about hosting shares on a DC.

There's a wiki page about this which lists several caveats which aren't
relevant here --
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29
(this basically says using DC as a File Server is optional).

There's a recent thread about my attempt at using Samba DC as a file
server, and here are the "why":
https://lists.samba.org/archive/samba/2022-November/242802.html

And finally, where does "\\domain.fqdn" points to, when samba
explicitly
creates the A records for the domain?  It is *the* domain file hierarchy,
which can be an MSDFS or can be file storage.

Here, Norbert used \\domain.tld\profiles share as a DFS root. Isn't
it always hosted on a DC?

I'm confused by your reply.

Thanks,

/mjt