Univention Bugzilla – Full Text Bug Listing |
Summary: | Site support for SYSVOL | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Samba4 | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | bj, gohmann, jmm |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Large environments, UCS Performance | |
Max CVSS v3 score: | |||
Attachments: |
dfs_samba4_randomize_referrals.patch
dfs_samba4_preferlogondc.patch |
Description
Arvid Requate
2014-03-12 16:02:36 CET
Created attachment 5829 [details]
dfs_samba4_randomize_referrals.patch
After enabling the Samba4 DFS referral generator for the sysvol, it currently returns a referal list which is ordered statically (as retrived from the samdb backend). This would direct all clients in a certain site to the first DC on that list (which is in that site, if any DC is present there).
The attached patch based on the samba 4.1.0 source randomizes this list.
Created attachment 5830 [details] dfs_samba4_preferlogondc.patch Native Windows AD DCs offer a registry setting PreferLogonDC, to always put the logon DC on top of the referral list ( http://support.microsoft.com/kb/831201/en-us ). The attached additional patch is a first attempt to do the same in Samba: It puts the logon dc on top of the list (and randomizes the other DCs). In my tests it seemed to work fine. I guess it would be good to make this configurable via smb.conf, but this is not implemented yet. It's not hard, but let's first discuss priorities here. Native Windows DCs also offer the configuration of additional metrics to sort the referral list, see http://blogs.technet.com/b/instan/archive/2009/12/21/optimizing-dfs-referrals-sitecostedreferrals-and-preferlogondc.aspx , but IMHO this has a lower priority currently. It's even simpler than initially assumed. *If* the server indicates that he supports DFS, then Windows 7 client connect to the IPC$ share and ask for DFS referrals for //domain.local/sysvol. This can be seen in log.smbd at log level 8 and above: ==================================================================== dfs_samba4: Requested DFS name: \ar321.qa\sysvol utf16-length: 32 [...] Doing a dfs referral for master.ar321.qa with this value \master.ar321.qa\sysvol requested \ar321.qa\sysvol ==================================================================== The IPC$ share already explicitely loads the vfs object dfs_samba4. So, all that is needed is to enable msdfs support in general. The postinst of univention-samba4 now sets samba/enable-msdfs?yes. The patch from comment #1 has been applied via Bug 34370. The patch from comment #2 has been split of as Bug 34429. Advisory: 2014-03-31-univention-samba4.yaml OK - samba/enable-msdfs is set to yes during the update and for new installations OK - YAML |