Aller à : navigation, rechercher

SAMBA - Réplication du partage SYSVOL

What is it?

TIS Sysvolsync is a solution for sync'ing the sysvol share on domain controlers running Samba4 Active Directory. The sysvol share is a special share on an Active Directory server where are stored netlogon scripts and GPO definitions.

The standard sysvol sync'ing technology on Microsoft is based on DFS-R which is not currently implemented in Samba. This synchronisation method is not compatible with DFS-R.

Tested on Debian 8 and CentOS 7. Packages available at the url below.

SysvolSync is based on syncthing (https://syncthing.net/), a great synchronisation tool. Syncthing can send events to an http url, which is leveraged by sysvolsync by triggering a samba-tool ntacl sysvolreset. This process is not very efficient since it reset ACL on all the sysvol tree. We will make it more precise in the future.

Licensing

Copyright: Tranquil It Systems http://www.tranquil-it-systems.fr/ License: GPL v3.0

Code

https://github.com/tranquilit/tis-sysvolsync

Packages

For Debian 9 Stretch

For Centos7

Building packages from source

build scripts downloads syncthing from the interweb, be sure to have your http_proxy/https_proxy enviroment variable configured if necessary.

On Debian (validated on debian 8 64bit)

sudo apt-get install git python-requests python-lxml python-ldap
git clone  https://github.com/tranquilit/tis-sysvolsync
cd tis-sysvolsync/deb
sh createdeb.sh
ls tis-sysvolsync-*.deb

On Centos (validated on Centos7 64bit)

yum install rpm-build git python-requests python-lxml python-ldap
git clone  https://github.com/tranquilit/tis-sysvolsync
cd tis-sysvolsync/rpm
sh build.sh
ls *.rpm

Installation

On debian9-64bit

Install package and enable services on ALL the DCs first before doing the configuration below (configuration connects to other DCs for key exchange, hence it has to be installed first).

apt-get install python-requests python-lxml python-ldap procps ldb-tools
dpkg -i tis-sysvolsync-*.deb
systemctl restart tis-sysvolsync
systemctl restart tis-sysvolacl

On Centos7

Install package and enable services on ALL the DCs first before doing the configuration below (configuration connects to other DCs for key exchange, hence it has to be installed first).

yum install tis-sysvolsync-*.el7.centos.x86_64.rpm
systemctl enable tis-sysvolsync
systemctl enable tis-sysvolacl
systemctl restart tis-sysvolsync
systemctl restart tis-sysvolacl

Configuration

Once you have done the installation on ALL the DCs, then you can proceed to the configuration of TIS-SysvolSync. The configure process will ask for ssh authentication to other DCs in order to process syncthing key exchange

/opt/tis-sysvolsync/sysvolsync.py configure

SysvolSync synchronization topology is based on the one defined by the KCC (ntdsconnection objects). So if you have a star topology network, sysvolsync will also to a star topology.