Discussion:
MSDFS on [homes] share for two samba servers
(too old to reply)
Michal Bruncko
2012-01-11 18:28:42 UTC
Permalink
Hello list,

we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
am trying to configure homedirectories for all of staff in this way:
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
to locate homedirs:
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality

fine, thats are requirements. So I have decided to use MSDFS in
combination with [homes] in this way:
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server B.

this is nice theory. but in practicle, is this feasible with current
version of samba 3.x?
What is the best practicles for cases like this mine? Is there any way
for dispatching homedirs to two/more servers?

thanks

michal
Daniel Müller
2012-01-12 11:04:19 UTC
Permalink
Hello,
just use a cluster file system or ex:
your host A has all the homes/shares of your users. Make it a host
msdfs=yes and define a root dfs on it for all share that should be unique
on both hosts.
Host B is linked by msdfs proxy=\\hostA\share-on-A.

That should do

Good luck
Daniel

On Wed, 11 Jan 2012 19:28:42 +0100, Michal Bruncko
Post by Michal Bruncko
Hello list,
we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality
fine, thats are requirements. So I have decided to use MSDFS in
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server B.
this is nice theory. but in practicle, is this feasible with current
version of samba 3.x?
What is the best practicles for cases like this mine? Is there any way
for dispatching homedirs to two/more servers?
thanks
michal
Michal Bruncko
2012-01-15 11:32:23 UTC
Permalink
Hello Daniel,

also thanks for your answer. Your second hint with msfds proxy: it can
be applied also for homedirectories/homes shares? Because it seems like
just whole share redirect (directly from configuration file) to another
server/share.

I think that maybe this can be applied on virtual server, but this
statements need to be added for everyone user in organization... so it
is little more laborious, but in result we can use the most simple url
for every user in form \\virtual.filesrv\user. And in configuration
there should be:

[user_on_B]
msdfs proxy=\\hostB\share-on-B

or

[user_on_A]
msdfs proxy=\\hostA\share-on-A

it is correct understanding of msdfs proxy?

thanks

michal


thanks

michal
Post by Daniel Müller
Hello,
your host A has all the homes/shares of your users. Make it a host
msdfs=yes and define a root dfs on it for all share that should be unique
on both hosts.
Host B is linked by msdfs proxy=\\hostA\share-on-A.
That should do
Good luck
Daniel
On Wed, 11 Jan 2012 19:28:42 +0100, Michal Bruncko
Post by Michal Bruncko
Hello list,
we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality
fine, thats are requirements. So I have decided to use MSDFS in
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server
B.
Post by Michal Bruncko
this is nice theory. but in practicle, is this feasible with current
version of samba 3.x?
What is the best practicles for cases like this mine? Is there any way
for dispatching homedirs to two/more servers?
thanks
michal
Jonathan Buzzard
2012-01-12 09:45:45 UTC
Permalink
Post by Michal Bruncko
Hello list,
we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality
fine, thats are requirements. So I have decided to use MSDFS in
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server B.
I don't think that will work because a share must be all MSDFS. So the
[homes] share on server A cannot serve up both home directory shares to
local users and do MSDFS redirection for none local users at the same
time.

The best way I know of is for their to be a third server say
homes.example.com that does MSDFS redirection for all users. It is not
doing much so a light weight virtual machine will do the job. That does
work and has been for a number of years now.

JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Michal Bruncko
2012-01-15 11:35:00 UTC
Permalink
Hello Jonathan,

thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?

You know, people are lazy and they will not be using longer path if the
know simplest one to their homedirs (we are not using this samba server
as domain controller (although it is so configured for this purpose) -
so there are not folder redirection nor policy using).

thanks

michal
Post by Jonathan Buzzard
Post by Michal Bruncko
Hello list,
we have two samba servers on two localities with bigger distance between
them. On both localities there are organizational staff working. And I
- all users will have same beginning part of URL path where is their
homedir located (i.e. \\files.example.com\loginname) for unification and
central acces
- but because the lower speed link between both localities there is need
-- for locality A - on server A on that locality
-- for locality B - on server B on that locality
fine, thats are requirements. So I have decided to use MSDFS in
- on server A (which will acts as "files.example.com") there will be
homedirs MSDFS links for users on locality B pointed to their real
homedirs on server B (with classic symlink syntax "user_on_locality_B"
-> "msdfs:IP_of_server_B\user_on_locality_B" )
So if user Bob from locality B will access its homedir, it will be
transparently redirected from Server A to its homedir on closest server B.
I don't think that will work because a share must be all MSDFS. So the
[homes] share on server A cannot serve up both home directory shares to
local users and do MSDFS redirection for none local users at the same
time.
The best way I know of is for their to be a third server say
homes.example.com that does MSDFS redirection for all users. It is not
doing much so a light weight virtual machine will do the job. That does
work and has been for a number of years now.
JAB.
Jonathan Buzzard
2012-01-16 14:50:14 UTC
Permalink
Post by Michal Bruncko
Hello Jonathan,
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
It is a while since I last did this and don't have a working test rig as
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.

I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.

The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.

Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.

JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Daniel Müller
2012-01-17 07:27:58 UTC
Permalink
THis is what is working:

Msdfs root and host msdfs and msdfs proxy are the things you need.
You have a server let's call A.
A is your redirection server to any share on other servers.

You need in you smb.conf ex:
[global]

host msdfs=yes

[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes

[docs]

Msdfs root=yes
Msdfs proxy= \serveronwhichyourdocsare\docs

The shares on the servers to which the users are redirected are quiet normal
shares
Ex:
[homes]

comment=homeshares %U
path= /yourpath/tohomeshares/%U
valid users=%S

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Jonathan Buzzard
Gesendet: Montag, 16. Januar 2012 15:50
An: samba at lists.samba.org
Betreff: Re: [Samba] MSDFS on [homes] share for two samba servers
Post by Michal Bruncko
Hello Jonathan,
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
It is a while since I last did this and don't have a working test rig as
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.

I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.

The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.

Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.

JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
David Roid
2012-01-17 08:08:07 UTC
Permalink
One question: amongst all those "other servers", how do we find which
server is the preferred one (by locality), in a programmatic way?

Cheers
-David

2012/1/17 Daniel M?ller <mueller at tropenklinik.de>
Post by Daniel Müller
Msdfs root and host msdfs and msdfs proxy are the things you need.
You have a server let's call A.
A is your redirection server to any share on other servers.
[global]
host msdfs=yes
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
[docs]
Msdfs root=yes
Msdfs proxy= \serveronwhichyourdocsare\docs
The shares on the servers to which the users are redirected are quiet normal
shares
[homes]
comment=homeshares %U
path= /yourpath/tohomeshares/%U
valid users=%S
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Jonathan Buzzard
Gesendet: Montag, 16. Januar 2012 15:50
An: samba at lists.samba.org
Betreff: Re: [Samba] MSDFS on [homes] share for two samba servers
Post by Michal Bruncko
Hello Jonathan,
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
\\virtual.filesrv\msdfs_share\user
?
It is a while since I last did this and don't have a working test rig as
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.
I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.
The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.
Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Daniel Müller
2012-01-17 08:32:32 UTC
Permalink
What do you mean with "preferred one".
If you live with samba you will have one PDC I think and all other servers are part of your domain.
So the users and groups are all the same in your domain and servers.
So if you logon to your PDC you will have your [homes] ex.:
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes

And a netlogon script under your [netlogon]
Will do the rest.


EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

Von: David Roid [mailto:dataroid at gmail.com]
Gesendet: Dienstag, 17. Januar 2012 09:08
An: mueller at tropenklinik.de
Cc: Jonathan Buzzard; samba at lists.samba.org
Betreff: Re: [Samba] MSDFS on [homes] share for two samba servers

One question: amongst all those "other servers", how do we find which server is the preferred one (by locality), in a programmatic way?

Cheers
-David
2012/1/17 Daniel M?ller <mueller at tropenklinik.de>
THis is what is working:

Msdfs root and host msdfs and msdfs proxy are the things you need.
You have a server let's call A.
A is your redirection server to any share on other servers.

You need in you smb.conf ex:
[global]

host msdfs=yes

[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes

[docs]

Msdfs root=yes
Msdfs proxy= \serveronwhichyourdocsare\docs

The shares on the servers to which the users are redirected are quiet normal
shares
Ex:
[homes]

comment=homeshares %U
path= /yourpath/tohomeshares/%U
valid users=%S

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Jonathan Buzzard
Gesendet: Montag, 16. Januar 2012 15:50
An: samba at lists.samba.org
Betreff: Re: [Samba] MSDFS on [homes] share for two samba servers
Post by Michal Bruncko
Hello Jonathan,
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
It is a while since I last did this and don't have a working test rig as
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.

I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.

The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.

Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.

JAB.

--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jonathan Buzzard
2012-01-17 11:42:27 UTC
Permalink
Post by Daniel Müller
What do you mean with "preferred one".
If you live with samba you will have one PDC I think and all other servers are part of your domain.
So the users and groups are all the same in your domain and servers.
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
And a netlogon script under your [netlogon]
Will do the rest.
You are presuming the presence of a PDC and that all machines are PDC
joined.

The way I read it is that the OP wants to be able to tell all his users
to go to say \\homes.mycorp.com\homes and then depending on where their
normal work location is have them map their home drive from a server at
the local site, no PDC or AD involved.

If you have a PDC it would be simpler to just set the home directory for
each user to the correct server and forget about DFS and netlogon
scripts.

JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Michal Bruncko
2012-01-17 15:22:05 UTC
Permalink
Yes, that is correct Johnatan what you have saying. We are not using our
samba server as Domain controller for user domain autentification i.e.
into workstations.
That server is just standalone file server with user level
autentification... of course, if user have same credentials to its
personal computer like credentials to file server, autentication will be
transpared, but thats all - any login scripts, any drive mapping
(right.. this feature should solved my problem if I will use it, but...).

So I just looking for solution of mapping user home directories from ONE
unifed URL to real location (on second or third server) based on user
location information (from db/manual).

thanks for responses

michal
Post by Jonathan Buzzard
Post by Daniel Müller
What do you mean with "preferred one".
If you live with samba you will have one PDC I think and all other servers are part of your domain.
So the users and groups are all the same in your domain and servers.
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
And a netlogon script under your [netlogon]
Will do the rest.
You are presuming the presence of a PDC and that all machines are PDC
joined.
The way I read it is that the OP wants to be able to tell all his users
to go to say \\homes.mycorp.com\homes and then depending on where their
normal work location is have them map their home drive from a server at
the local site, no PDC or AD involved.
If you have a PDC it would be simpler to just set the home directory for
each user to the correct server and forget about DFS and netlogon
scripts.
JAB.
Jonathan Buzzard
2012-01-17 08:31:26 UTC
Permalink
Post by Daniel Müller
Msdfs root and host msdfs and msdfs proxy are the things you need.
You have a server let's call A.
A is your redirection server to any share on other servers.
[global]
host msdfs=yes
[homes]
Msfds root=yes
Msdfs proxy= \serveronwhichyourhomesharesare\homes
That is not going to work for the requested setup as the server on which
homes share resides is different for different users. For example users
tom and dick could be on servera while user harry could be on serverb.

This setup would proxy all the homes shares to one server.

JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Michal Bruncko
2012-01-17 19:59:11 UTC
Permalink
Thank you for summary all available options in this situation. I have
just two additional questions:

- which way pass data flow between user and MSDFS redirected share
(i.e. MSDFS from virtualserver\share -> anotherserver\share)? The data
will flow directly between source (user) and real destination? Or MSDFS
is just simple redirect so flow will goes in this path: client - MSDFS
share on virtualserver - real share on anotherserver?

- second question: it is possible to use variable substitutions (i.e.
like %U) directly in section name like [%U]? Is this possible?

ps: probably I will look (due to simplicity:)) on option with explicit
share name for every users. This organization have 50+ staffs so it is
not soo complicated for realisation.

Thanks

michal
Post by Jonathan Buzzard
Post by Michal Bruncko
Hello Jonathan,
thank you for answer. You have right, that is good idea with making
standalone (virtual) redirection server for all people. But here is
another question: it is possible creates this redirection shares on that
virtual server with the most simple path like \\virtual.filesrv\user ?
Or i need to using something like this: \\virtual.filesrv\msdfs_share\user ?
It is a while since I last did this and don't have a working test rig as
at my current job we have this horrid automounter/NFS combo that I am
working to get rid of. Therefore you would have to test this out for
yourself, though in the past when I did this it did not matter as the
home directory path was recovered from AD as part of the login process.
I would try start with a "template homedir = /homes/%u" on your virtual
server, create all the necessary symlinks in the /homes directory for
all your users so they point to the correct physical server and then add
to the [homes] share on your virtual server an "msdfs root = yes" option
and see if it works. I suspect it won't however.
The other option is to create explicit shares for each users home
directory and add an msdfs proxy option to each share definition. Rather
less manageable though.
Option one would be good for a CTBD setup as you can publish a "\
\homes.mycorp.com\homes" share for your users to use, and then under the
hood load balance across your servers using a "exec
= /usr/local/sbin/mklnk.pl %u" with an appropriate script that creates
as required an MSDFS style link when you first connect randomly to one
of your CTDB IP addresses.
JAB.
Continue reading on narkive:
Loading...