Univention Bugzilla – Bug 34326
Site support for SYSVOL
Last modified: 2022-01-01 22:23:32 CET
Site support for SYSVOL may reduce Windows Client latencies in some domains. Looks like we can activate this by adjusting the sysvol share configuration. It may be as simple as removing the "vfs modules" line from the share definition.
Created attachment 5829 [details] dfs_samba4_randomize_referrals.patch After enabling the Samba4 DFS referral generator for the sysvol, it currently returns a referal list which is ordered statically (as retrived from the samdb backend). This would direct all clients in a certain site to the first DC on that list (which is in that site, if any DC is present there). The attached patch based on the samba 4.1.0 source randomizes this list.
Created attachment 5830 [details] dfs_samba4_preferlogondc.patch Native Windows AD DCs offer a registry setting PreferLogonDC, to always put the logon DC on top of the referral list ( http://support.microsoft.com/kb/831201/en-us ). The attached additional patch is a first attempt to do the same in Samba: It puts the logon dc on top of the list (and randomizes the other DCs). In my tests it seemed to work fine. I guess it would be good to make this configurable via smb.conf, but this is not implemented yet. It's not hard, but let's first discuss priorities here. Native Windows DCs also offer the configuration of additional metrics to sort the referral list, see http://blogs.technet.com/b/instan/archive/2009/12/21/optimizing-dfs-referrals-sitecostedreferrals-and-preferlogondc.aspx , but IMHO this has a lower priority currently.
It's even simpler than initially assumed. *If* the server indicates that he supports DFS, then Windows 7 client connect to the IPC$ share and ask for DFS referrals for //domain.local/sysvol. This can be seen in log.smbd at log level 8 and above: ==================================================================== dfs_samba4: Requested DFS name: \ar321.qa\sysvol utf16-length: 32 [...] Doing a dfs referral for master.ar321.qa with this value \master.ar321.qa\sysvol requested \ar321.qa\sysvol ==================================================================== The IPC$ share already explicitely loads the vfs object dfs_samba4. So, all that is needed is to enable msdfs support in general. The postinst of univention-samba4 now sets samba/enable-msdfs?yes. The patch from comment #1 has been applied via Bug 34370. The patch from comment #2 has been split of as Bug 34429. Advisory: 2014-03-31-univention-samba4.yaml
OK - samba/enable-msdfs is set to yes during the update and for new installations OK - YAML
http://errata.univention.de/ucs/3.2/84.html