the ngroup_max issue isn't specific to an active directory
environment. I found with samba 3.0.x, if you were in more than 16
groups, you might not have all the access you thought you should but you
could still logon. (samba didn't check the system ngroups_max.) With
samba 3.5.x if you are in more groups than "ngroups_max" you won't even
be able to logon to windows.
NFS is the limiting factor for ngroups_max. If you aren't using nfs you
can up ngroups_max. Of if you are using nfs with kerberos
authentication then I think you should also be able to up ngroups_max.
If you up ngroups_max and a user has > 16 groups, he would be able to
login to windows BUT non-krb nfs would be broken.
On 08/04/2010 09:50 AM, Marcis Lielturks wrote:
Hi!
You also can run into problems if you have AD environment (workgroup
mode could be affected as well btw) and users who are members of more
than 16 groups and are using ZFS acls. Faced this problem and could
not solve even by compiling samba 3.5.4, adding "ngroups_max=1024" in
/etc/system and doing other things.
On 08/ 4/10 04:44 PM, Gaiseric Vandal wrote:
Solaris 10 includes samba 3.0.x with zfs support. Sun backported
zfs modules from newer sun releases. If you were to download samba
from www.samba.org you would have to go with 3.4 or 3.5 for the zfs
module. In the short term, assuming you don't have Vista or Windows
7 clients and aren't doing domain trusts the Sun bundled version of
Samba should meet your needs.
I did have some issues when switching from UFS to ZFS. ZFS ACL model
is a lot more in line with Windows than UFS ACL's were. With UFS,
it looked like potential mismatches between Windows and UFS acl's
were ignored. With ZFS, you are more likely to run into permissions
being enforced inappropriately- especially with MS Office
documents. There are various posts in this forum on Solaris 10
(some from me) that address this.
You may want to set samba share parameters to include
vfs objects = zfsacl
nfs4: mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl: acesort = dontcare
You may also need to set ZFS permissions to allow the user to
read/write the following
a = read_attributes
R = read_xattr (exended attibutes)
c = read_acl
Although you can also set permissions via windows. You also want
to make sure that setting a file under solaris with e.g. "660" (ie.
user and group can read and write but no one else can ) doesn't end
up being interpreted by windows clients as "deny access to everyone
even despite rights granted to user or group."
I don't actually do quota checking in Windows. Free space info
seems OK. But I have several servers with autofs and symlinks under
the samba shared directories so I don't always expect samba directory
info to be correct. So this may be a cop out but you may need to
setup a test machine to verify for yourself.
There are a lot of features in ZFS that are big improvements over
UFS. Especially if you have RAID5 volumes- those are really easy
to destroy in UFS if you loose your raid configuration info on the
server.
On 08/04/2010 05:54 AM, Martin Rootes wrote:
Hi,
I've recently moved our student fileserver from a Solaris 10
server that was using UFS filesytems to a new Sun Cluster. As part
of the move I decided to employ ZFS for the filesystem so that I
could take advantage of some of ZFS's features. However, it now
seems that windows does not report the amount of space that the user
is actually using, or the amount of quota left, instead it reports
the total amount of space in use and free on the total filesystem.
I'm currently running and exceptionally old version of Samba (<3 !)
and have been planning to upgrade to the latest version of 3 prior
to the start of term. However, I'm concerned that this may be an
inherant issue with Samba and ZFS. Will any of the latest versions
of Samba correctly report a users usage and free space based on
their quota or am I going to have to look at moving all the data
back to UFS to get quota reporting working again?
Martin.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
