SAMBA - Réplication du partage SYSVOL
Sommaire
What is it?
TIS Sysvolsync is a solution for sync'ing the sysvol share on domain controlers running Samba4 Active Directory. The sysvol share is a special share on an Active Directory server where are stored netlogon scripts and GPO definitions.
The standard sysvol sync'ing technology on Microsoft is based on DFS-R which is not currently implemented in Samba. This synchronisation method is not compatible with DFS-R.
Tested on Debian 8 and CentOS 7. Packages available at the url below.
SysvolSync is based on syncthing (https://syncthing.net/), a great synchronisation tool. Syncthing can send events to an http url, which is leveraged by sysvolsync by triggering a samba-tool ntacl sysvolreset. This process is not very efficient since it reset ACL on all the sysvol tree. We will make it more precise in the future.
Licensing
Copyright: Tranquil It Systems http://www.tranquil-it-systems.fr/ License: GPL v3.0
Code
https://github.com/tranquilit/tis-sysvolsync
Packages
For Debian 9 Stretch
For Centos7
Get the packcage
The easy way : with our repo
Add in /etc/apt/sources.list.d/tisdeb.list the line
deb [trusted=yes] http://srvinstallation.tranquil.it/tisdeb/binary/ ./
Then update your machine and install tis-sysvolsync
apt-get update apt-get install tis-sysvolsync
Or Building packages from source
build scripts downloads syncthing from the interweb, be sure to have your http_proxy/https_proxy enviroment variable configured if necessary.
On Debian (validated on debian 8 64bit)
sudo apt-get install git python-requests python-lxml python-ldap git clone https://github.com/tranquilit/tis-sysvolsync cd tis-sysvolsync/deb sh createdeb.sh ls tis-sysvolsync-*.deb
On Centos (validated on Centos7 64bit)
yum install rpm-build git python-requests python-lxml python-ldap git clone https://github.com/tranquilit/tis-sysvolsync cd tis-sysvolsync/rpm sh build.sh ls *.rpm
Installation
On debian9-64bit with installation from source
Install package and enable services on ALL the DCs first before doing the configuration below (configuration connects to other DCs for key exchange, hence it has to be installed first).
apt-get install python-requests python-lxml python-ldap procps ldb-tools dpkg -i tis-sysvolsync-*.deb systemctl restart tis-sysvolsync systemctl restart tis-sysvolacl
On debian9-64bit with installation from our repo
systemctl restart tis-sysvolsync systemctl restart tis-sysvolacl
On Centos7
Install package and enable services on ALL the DCs first before doing the configuration below (configuration connects to other DCs for key exchange, hence it has to be installed first).
yum install tis-sysvolsync-*.el7.centos.x86_64.rpm systemctl enable tis-sysvolsync systemctl enable tis-sysvolacl systemctl restart tis-sysvolsync systemctl restart tis-sysvolacl
Configuration
Once you have done the installation on ALL the DCs, then you can proceed to the configuration of TIS-SysvolSync. The configure process will ask for ssh authentication to other DCs in order to process syncthing key exchange
/opt/tis-sysvolsync/sysvolsync.py configure
SysvolSync synchronization topology is based on the one defined by the KCC (ntdsconnection objects). So if you have a star topology network, sysvolsync will also to a star topology.