samba - Nov 2022 - several offices: home dirs, local resources, ...

Op 22-11-2022 om 14:13 schreef Michael Tokarev:
> 22.11.2022 16:03, Kees van Vloten via samba wrote:
>
>>> Hi Norbert!? That seems like a very interesting way.? I just
configured
>>> [profiles] share on a DC, with msdfs root enabled, and created a
folder
>>> in it with `mjt' username, pointing to the right file server.
>>>
>> Are you aware of the source3 vs source4 differences, i.e. it is 
>> better not to host shares on a DC?
>
> I'm not aware of how source3 vs source4 is relevant to the question
> about hosting shares on a DC or not. Can you rephrase please?
>
Speaking about hosting shares on a DC.
>
> There's a wiki page about this which lists several caveats which
aren't
> relevant here --
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29
>
> (this basically says using DC as a File Server is optional).
Ssource3 has more functionality for being a fileserver, whereas source4 
has the focus on the DC functionality. Historically those two code 
branches lived separately to be merged properly and so it still lives on 
in the current source tree.

That is the reason that you see all sorts of disclaimers on file-sharing 
from a DC.

An example on the page you mention above is: "If you do use an AD DC as 
a fileserver, you must be aware that it can be problematic and can cause 
strange errors."

I remember on one of the wiki-pages is says (or said): suitable for 
development environments only.

>
> There's a recent thread about my attempt at using Samba DC as a file
> server, and here are the "why":
> https://lists.samba.org/archive/samba/2022-November/242802.html
>
> And finally, where does "\\domain.fqdn" points to, when samba
explicitly
> creates the A records for the domain?? It is *the* domain file hierarchy,
> which can be an MSDFS or can be file storage.
>
> Here, Norbert used \\domain.tld\profiles share as a DFS root. Isn't
> it always hosted on a DC?
>
> I'm confused by your reply.
>
> Thanks,
>
> /mjt

Op 22-11-2022 om 14:21 schreef Kees van Vloten:
>
> Op 22-11-2022 om 14:13 schreef Michael Tokarev:
>> 22.11.2022 16:03, Kees van Vloten via samba wrote:
>>
>>>> Hi Norbert!? That seems like a very interesting way.? I just 
>>>> configured
>>>> [profiles] share on a DC, with msdfs root enabled, and created
a
>>>> folder
>>>> in it with `mjt' username, pointing to the right file
server.
>>>>
>>> Are you aware of the source3 vs source4 differences, i.e. it is 
>>> better not to host shares on a DC?
>>
>> I'm not aware of how source3 vs source4 is relevant to the question
>> about hosting shares on a DC or not. Can you rephrase please?
>>
> Speaking about hosting shares on a DC.
>>
>> There's a wiki page about this which lists several caveats which
aren't
>> relevant here --
>>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29
>>
>> (this basically says using DC as a File Server is optional).
>
Source3 is final the source-tree of samba3, whereas source4 is the 
source tree of the separately developed AD-DC functionality, aka. 
samba4. Nowadays together known as samba4.
> Ssource3 has more functionality for being a fileserver, whereas 
> source4 has the focus on the DC functionality. Historically those two 
> code branches lived separately to be merged properly and so it still 
> lives on in the current source tree.
>
> That is the reason that you see all sorts of disclaimers on 
> file-sharing from a DC.
>
> An example on the page you mention above is: "If you do use an AD DC 
> as a fileserver, you must be aware that it can be problematic and can 
> cause strange errors."
>
> I remember on one of the wiki-pages is says (or said): suitable for 
> development environments only.
>
>
>>
>> There's a recent thread about my attempt at using Samba DC as a
file
>> server, and here are the "why":
>> https://lists.samba.org/archive/samba/2022-November/242802.html
>>
>> And finally, where does "\\domain.fqdn" points to, when samba
explicitly
>> creates the A records for the domain?? It is *the* domain file 
>> hierarchy,
>> which can be an MSDFS or can be file storage.
>>
>> Here, Norbert used \\domain.tld\profiles share as a DFS root. Isn't
>> it always hosted on a DC?
>>
>> I'm confused by your reply.
>>
>> Thanks,
>>
>> /mjt

22.11.2022 16:21, Kees van Vloten via samba wrote:
..
> Ssource3 has more functionality for being a fileserver, whereas source4 has
the focus on the DC functionality. Historically those two code branches
> lived separately to be merged properly and so it still lives on in the
current source tree.
I didn't know that, haven't realized so far. Thank you for letting me
know.
> That is the reason that you see all sorts of disclaimers on file-sharing
from a DC.
> 
> An example on the page you mention above is: "If you do use an AD DC
as a fileserver, you must be aware that it can be problematic and can cause
> strange errors."
> 
> I remember on one of the wiki-pages is says (or said): suitable for
development environments only.
I see.

Maybe this limited/probematic functionality is sufficient to host just
a DFS-root share, to be used to locate local user profiles?

I don't see any way to have local site-specific file server so far,
at all.  There are several ways to do that, but none of them works.
This was the closest, with a MSDFS share located on a DC which points
to the local file server (regular file server, not a DC).  But you're
just ruining this almost-working way.

What *is* the way to store user profiles on a site-specific server?
I mean, if a user logs in in siteA, his profile is retrieved from
FileserverA, but when it logs in in siteB, his profile is stored on
FileserverB.  I can't specify *both* fileservers in his account
settings..

And second question is how to specify short name for a fileserver
which is also location-aware, fs=fileserverA on siteA and fs=fileserverB
on siteB -- users got used to the name "fs" to mean *local* to them
fileserver, with lots of shortcuts everywhere.  If this one is
solved, first one is solved too.

(I tried to hack DNS for this, with unbound, - it turned out their
local-data override does not provide CNAMEs; when I asked about
this, they told to use AD-provided functionality for this, - which
I'm trying to implement, so far unsuccessfully).

It already took 2 weeks for me searching, but nothing working emerges.

Thanks!

/mjt