Prev: PDC Migration
Next: Error: Incorrect password length
From: Gaiseric Vandal on 4 Aug 2010 09:50 Solaris 10 includes samba 3.0.x with zfs support. Sun backported zfs modules from newer sun releases. If you were to download samba from www.samba.org you would have to go with 3.4 or 3.5 for the zfs module. In the short term, assuming you don't have Vista or Windows 7 clients and aren't doing domain trusts the Sun bundled version of Samba should meet your needs. I did have some issues when switching from UFS to ZFS. ZFS ACL model is a lot more in line with Windows than UFS ACL's were. With UFS, it looked like potential mismatches between Windows and UFS acl's were ignored. With ZFS, you are more likely to run into permissions being enforced inappropriately- especially with MS Office documents. There are various posts in this forum on Solaris 10 (some from me) that address this. You may want to set samba share parameters to include vfs objects = zfsacl nfs4: mode = special nfs4:acedup = merge nfs4:chown = yes zfsacl: acesort = dontcare You may also need to set ZFS permissions to allow the user to read/write the following a = read_attributes R = read_xattr (exended attibutes) c = read_acl Although you can also set permissions via windows. You also want to make sure that setting a file under solaris with e.g. "660" (ie. user and group can read and write but no one else can ) doesn't end up being interpreted by windows clients as "deny access to everyone even despite rights granted to user or group." I don't actually do quota checking in Windows. Free space info seems OK. But I have several servers with autofs and symlinks under the samba shared directories so I don't always expect samba directory info to be correct. So this may be a cop out but you may need to setup a test machine to verify for yourself. There are a lot of features in ZFS that are big improvements over UFS. Especially if you have RAID5 volumes- those are really easy to destroy in UFS if you loose your raid configuration info on the server. On 08/04/2010 05:54 AM, Martin Rootes wrote: > Hi, > > I've recently moved our student fileserver from a Solaris 10 server > that was using UFS filesytems to a new Sun Cluster. As part of the > move I decided to employ ZFS for the filesystem so that I could take > advantage of some of ZFS's features. However, it now seems that > windows does not report the amount of space that the user is actually > using, or the amount of quota left, instead it reports the total > amount of space in use and free on the total filesystem. I'm currently > running and exceptionally old version of Samba (<3 !) and have been > planning to upgrade to the latest version of 3 prior to the start of > term. However, I'm concerned that this may be an inherant issue with > Samba and ZFS. Will any of the latest versions of Samba correctly > report a users usage and free space based on their quota or am I going > to have to look at moving all the data back to UFS to get quota > reporting working again? > > Martin. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Marcis Lielturks on 4 Aug 2010 10:00 Hi! You also can run into problems if you have AD environment (workgroup mode could be affected as well btw) and users who are members of more than 16 groups and are using ZFS acls. Faced this problem and could not solve even by compiling samba 3.5.4, adding "ngroups_max=1024" in /etc/system and doing other things. On 08/ 4/10 04:44 PM, Gaiseric Vandal wrote: > > > Solaris 10 includes samba 3.0.x with zfs support. Sun backported zfs > modules from newer sun releases. If you were to download samba from > www.samba.org you would have to go with 3.4 or 3.5 for the zfs > module. In the short term, assuming you don't have Vista or Windows 7 > clients and aren't doing domain trusts the Sun bundled version of > Samba should meet your needs. > > I did have some issues when switching from UFS to ZFS. ZFS ACL model > is a lot more in line with Windows than UFS ACL's were. With UFS, > it looked like potential mismatches between Windows and UFS acl's were > ignored. With ZFS, you are more likely to run into permissions being > enforced inappropriately- especially with MS Office documents. > There are various posts in this forum on Solaris 10 (some from me) > that address this. > > You may want to set samba share parameters to include > > vfs objects = zfsacl > nfs4: mode = special > nfs4:acedup = merge > nfs4:chown = yes > zfsacl: acesort = dontcare > > > You may also need to set ZFS permissions to allow the user to > read/write the following > > a = read_attributes > R = read_xattr (exended attibutes) > c = read_acl > > > > Although you can also set permissions via windows. You also want to > make sure that setting a file under solaris with e.g. "660" (ie. user > and group can read and write but no one else can ) doesn't end up > being interpreted by windows clients as "deny access to everyone even > despite rights granted to user or group." > > > > > I don't actually do quota checking in Windows. Free space info seems > OK. But I have several servers with autofs and symlinks under the > samba shared directories so I don't always expect samba directory info > to be correct. So this may be a cop out but you may need to setup a > test machine to verify for yourself. > > > There are a lot of features in ZFS that are big improvements over > UFS. Especially if you have RAID5 volumes- those are really easy > to destroy in UFS if you loose your raid configuration info on the > server. > > > > > > > > On 08/04/2010 05:54 AM, Martin Rootes wrote: >> Hi, >> >> I've recently moved our student fileserver from a Solaris 10 >> server that was using UFS filesytems to a new Sun Cluster. As part of >> the move I decided to employ ZFS for the filesystem so that I could >> take advantage of some of ZFS's features. However, it now seems that >> windows does not report the amount of space that the user is actually >> using, or the amount of quota left, instead it reports the total >> amount of space in use and free on the total filesystem. I'm >> currently running and exceptionally old version of Samba (<3 !) and >> have been planning to upgrade to the latest version of 3 prior to the >> start of term. However, I'm concerned that this may be an inherant >> issue with Samba and ZFS. Will any of the latest versions of Samba >> correctly report a users usage and free space based on their quota or >> am I going to have to look at moving all the data back to UFS to get >> quota reporting working again? >> >> Martin. >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on 4 Aug 2010 10:40 the ngroup_max issue isn't specific to an active directory environment. I found with samba 3.0.x, if you were in more than 16 groups, you might not have all the access you thought you should but you could still logon. (samba didn't check the system ngroups_max.) With samba 3.5.x if you are in more groups than "ngroups_max" you won't even be able to logon to windows. NFS is the limiting factor for ngroups_max. If you aren't using nfs you can up ngroups_max. Of if you are using nfs with kerberos authentication then I think you should also be able to up ngroups_max. If you up ngroups_max and a user has > 16 groups, he would be able to login to windows BUT non-krb nfs would be broken. On 08/04/2010 09:50 AM, Marcis Lielturks wrote: > Hi! > > You also can run into problems if you have AD environment (workgroup > mode could be affected as well btw) and users who are members of more > than 16 groups and are using ZFS acls. Faced this problem and could > not solve even by compiling samba 3.5.4, adding "ngroups_max=1024" in > /etc/system and doing other things. > > On 08/ 4/10 04:44 PM, Gaiseric Vandal wrote: >> >> >> Solaris 10 includes samba 3.0.x with zfs support. Sun backported >> zfs modules from newer sun releases. If you were to download samba >> from www.samba.org you would have to go with 3.4 or 3.5 for the zfs >> module. In the short term, assuming you don't have Vista or Windows >> 7 clients and aren't doing domain trusts the Sun bundled version of >> Samba should meet your needs. >> >> I did have some issues when switching from UFS to ZFS. ZFS ACL model >> is a lot more in line with Windows than UFS ACL's were. With UFS, >> it looked like potential mismatches between Windows and UFS acl's >> were ignored. With ZFS, you are more likely to run into permissions >> being enforced inappropriately- especially with MS Office >> documents. There are various posts in this forum on Solaris 10 >> (some from me) that address this. >> >> You may want to set samba share parameters to include >> >> vfs objects = zfsacl >> nfs4: mode = special >> nfs4:acedup = merge >> nfs4:chown = yes >> zfsacl: acesort = dontcare >> >> >> You may also need to set ZFS permissions to allow the user to >> read/write the following >> >> a = read_attributes >> R = read_xattr (exended attibutes) >> c = read_acl >> >> >> >> Although you can also set permissions via windows. You also want >> to make sure that setting a file under solaris with e.g. "660" (ie. >> user and group can read and write but no one else can ) doesn't end >> up being interpreted by windows clients as "deny access to everyone >> even despite rights granted to user or group." >> >> >> >> >> I don't actually do quota checking in Windows. Free space info >> seems OK. But I have several servers with autofs and symlinks under >> the samba shared directories so I don't always expect samba directory >> info to be correct. So this may be a cop out but you may need to >> setup a test machine to verify for yourself. >> >> >> There are a lot of features in ZFS that are big improvements over >> UFS. Especially if you have RAID5 volumes- those are really easy >> to destroy in UFS if you loose your raid configuration info on the >> server. >> >> >> >> >> >> >> >> On 08/04/2010 05:54 AM, Martin Rootes wrote: >>> Hi, >>> >>> I've recently moved our student fileserver from a Solaris 10 >>> server that was using UFS filesytems to a new Sun Cluster. As part >>> of the move I decided to employ ZFS for the filesystem so that I >>> could take advantage of some of ZFS's features. However, it now >>> seems that windows does not report the amount of space that the user >>> is actually using, or the amount of quota left, instead it reports >>> the total amount of space in use and free on the total filesystem. >>> I'm currently running and exceptionally old version of Samba (<3 !) >>> and have been planning to upgrade to the latest version of 3 prior >>> to the start of term. However, I'm concerned that this may be an >>> inherant issue with Samba and ZFS. Will any of the latest versions >>> of Samba correctly report a users usage and free space based on >>> their quota or am I going to have to look at moving all the data >>> back to UFS to get quota reporting working again? >>> >>> Martin. >>> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: David Magda on 4 Aug 2010 15:40 On Wed, August 4, 2010 09:44, Gaiseric Vandal wrote: > I did have some issues when switching from UFS to ZFS. ZFS ACL model is > a lot more in line with Windows than UFS ACL's were. With UFS, it > looked like potential mismatches between Windows and UFS acl's were > ignored. ZFS model = NFSv4 model ~= Windows model. http://blogs.sun.com/lisaweek/entry/nfsv4_and_zfs_acls I believe these are a super-set of even the POSIX-draft ACL model. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Marcis Lielturks on 5 Aug 2010 03:00 On 08/ 4/10 10:35 PM, David Magda wrote: > On Wed, August 4, 2010 10:33, Gaiseric Vandal wrote: > >> the ngroup_max issue isn't specific to an active directory >> environment. I found with samba 3.0.x, if you were in more than 16 >> groups, you might not have all the access you thought you should but you >> could still logon. (samba didn't check the system ngroups_max.) With >> samba 3.5.x if you are in more groups than "ngroups_max" you won't even >> be able to logon to windows. >> Well, I actually observed that user was able to login to windows. Problems started when he tried to access share where permissions was granted only for users groups (except primary or user itself). It could be Sambas bug/problem or it could be OpenSolaris, or maybe mix of both. I will try to investigate this further in my spare time (https://bugzilla.samba.org/show_bug.cgi?id=7588) >> NFS is the limiting factor for ngroups_max. If you aren't using nfs you >> can up ngroups_max. Of if you are using nfs with kerberos >> authentication then I think you should also be able to up ngroups_max. >> If you up ngroups_max and a user has> 16 groups, he would be able to >> login to windows BUT non-krb nfs would be broken. >> > ngroups_max has been expanded in recent versions of OpenSolaris, but this > has not (yet?) been back-ported Solaris 10: > Yes, sorry, forgot you're using Solaris10, ngroups_max limit increased to 1024 sometime near OpenSolaris snv_129, I think. > http://www.c0t0d0s0.org/archives/6135-At-last-or-NGROUPS-revisited.html > > This change was done to help with the creation of the built-in CIFS server > in OpenSolaris. The new limit is 1024, which is the same maximum as > Windows has for groups. > Actually for the case where I was unlucky with samba, built in CIFS didn't have problems with group limits. Even when the ngroups_max was left to default "16". I have some suspicion/idea that this might be due to EUID/EGID each daemon runs - samba is dropping privileges, don't know about smb/server, but suspect that it runs privileged all the time. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: PDC Migration Next: Error: Incorrect password length |