samba - Nov 2022 - several offices: home dirs, local resources, ...

Op 22-11-2022 om 14:35 schreef Michael Tokarev:
> 22.11.2022 16:21, Kees van Vloten via samba wrote:
> ..
>> Ssource3 has more functionality for being a fileserver, whereas 
>> source4 has the focus on the DC functionality. Historically those two 
>> code branches lived separately to be merged properly and so it still 
>> lives on in the current source tree.
>
> I didn't know that, haven't realized so far. Thank you for letting
me
> know.
>
>> That is the reason that you see all sorts of disclaimers on 
>> file-sharing from a DC.
>>
>> An example on the page you mention above is: "If you do use an AD
DC
>> as a fileserver, you must be aware that it can be problematic and can 
>> cause strange errors."
>>
>> I remember on one of the wiki-pages is says (or said): suitable for 
>> development environments only.
>
> I see.
>
> Maybe this limited/probematic functionality is sufficient to host just
> a DFS-root share, to be used to locate local user profiles?
>
I have no clue, after I read the disclaimer, I thought that I would 
better stick to the advice on the wiki.

I have set up lxc privileged containers (samba does not work in 
unprivileged containers) to separate the functionalities of DC and 
file-server. That prevents running into issues you have been warned about...

> I don't see any way to have local site-specific file server so far,
> at all.? There are several ways to do that, but none of them works.
> This was the closest, with a MSDFS share located on a DC which points
> to the local file server (regular file server, not a DC).? But you're
> just ruining this almost-working way.
>
> What *is* the way to store user profiles on a site-specific server?
> I mean, if a user logs in in siteA, his profile is retrieved from
> FileserverA, but when it logs in in siteB, his profile is stored on
> FileserverB.? I can't specify *both* fileservers in his account
> settings..
>
> And second question is how to specify short name for a fileserver
> which is also location-aware, fs=fileserverA on siteA and fs=fileserverB
> on siteB -- users got used to the name "fs" to mean *local* to
them
> fileserver, with lots of shortcuts everywhere.? If this one is
> solved, first one is solved too.
>
> (I tried to hack DNS for this, with unbound, - it turned out their
> local-data override does not provide CNAMEs; when I asked about
> this, they told to use AD-provided functionality for this, - which
> I'm trying to implement, so far unsuccessfully).
>
> It already took 2 weeks for me searching, but nothing working emerges.
>
> Thanks!
>
> /mjt

22.11.2022 16:42, Kees van Vloten via samba wrote:
..
>> Maybe this limited/probematic functionality is sufficient to host just
>> a DFS-root share, to be used to locate local user profiles?
>>
> I have no clue, after I read the disclaimer, I thought that I would better
stick to the advice on the wiki.
> 
> I have set up lxc privileged containers (samba does not work in
unprivileged containers) to separate the functionalities of DC and file-server.
That
> prevents running into issues you have been warned about...
I use containers (systemd-nspawn) for this, - exactly because
people suggest not to use DC as a file server.  Systemd-nspawn
works fine, including spawning just the samba service in a new
namespace (not requiring to install whole separate OS).

But the thing is: it is the Samba DC who registers domain-wide
*file* services in DNS. The ones I mentioned already, \\domain.tld\ -
which are essential for the domain functionality as far as I can see.
If it doesn't work, maybe samba should not do that?

/mjt