Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: nickpiggott on May 28, 2018, 12:38:03 pm
-
I'm hoping this is a common enough problem for people to have a few ideas about solving it.
I have users provisioned with Windows Roaming Profiles, and based on two sites linked with a (slow) VPN link. There is a PDC on one site, and a BDC on the other site, both running Zentyal 5.1. I use unison to keep the filesystems of the two machines continuously synchronised.
The profilePath item for the user in LDAP depends on which server I have created them - if I create the user on the PDC, it says \\pdc\profiles\username, if I create them on the BDC it says \\bdc\profiles\username
The problem comes when a user is working on the "other" LAN (e.g. someone who's profile was created on the BDC comes and works on the LAN with the PDC - which is linked to the other LAN using a slow VPN). Because their profile says \\bdc\profiles\username, it loads their Windows profile very very slowly (hours to login) over the VPN from the BDC, rather than loading it from the LAN on the PDC.
I've tried putting in local alias entries into the local DNS servers - FS pointing to the same ip address as the PDC on one lan, and pointing to the BDC on the other lan - and then manually editing the profilePath to point to \\fs\profiles\username - but Samba notices that it's an alias and refuses to load the profile. (I assume it's worried that a machine is spoofing the PDC / BDC)
Any thoughts on how I can put a workaround in for this problem?
-
A follow up for later thread-readers.
I added a new host entry to each of the two servers by editing
/usr/share/zentyal/stubs/samba/smb.conf.mas
and adding the line
netbios aliases = fs
However, I still have a problem. If I add fs a hostname alias to the DNS server on both boxes, then they sychronise across the two sites, and it's pot luck which IP address I get when resolving fs / fs.DOMAIN.COM
My workaround is to add
192.168.x.y fs fs.domain.com
to the \windows\system32\drivers\etc\hosts file on each and every machine on the network, where it's hard coded to point to the local server for that LAN.
My idea solution would be for the local PDC / BDC to give out its local IP address as fs, but I can't see a way of adding a DNS record into SAMBA that doesn't replicate to the other site.