Re: [Samba] Samba and ZFS
On 08/ 4/10 10:35 PM, David Magda wrote: On Wed, August 4, 2010 10:33, Gaiseric Vandal wrote: the ngroup_max issue isn't specific to an active directory environment.I found with samba 3.0.x, if you were in more than 16 groups, you might not have all the access you thought you should but you could still logon. (samba didn't check the system ngroups_max.) With samba 3.5.x if you are in more groups than ngroups_max you won't even be able to logon to windows. Well, I actually observed that user was able to login to windows. Problems started when he tried to access share where permissions was granted only for users groups (except primary or user itself). It could be Sambas bug/problem or it could be OpenSolaris, or maybe mix of both. I will try to investigate this further in my spare time (https://bugzilla.samba.org/show_bug.cgi?id=7588) NFS is the limiting factor for ngroups_max. If you aren't using nfs you can up ngroups_max. Of if you are using nfs with kerberos authentication then I think you should also be able to up ngroups_max. If you up ngroups_max and a user has 16 groups, he would be able to login to windows BUT non-krb nfs would be broken. ngroups_max has been expanded in recent versions of OpenSolaris, but this has not (yet?) been back-ported Solaris 10: Yes, sorry, forgot you're using Solaris10, ngroups_max limit increased to 1024 sometime near OpenSolaris snv_129, I think. http://www.c0t0d0s0.org/archives/6135-At-last-or-NGROUPS-revisited.html This change was done to help with the creation of the built-in CIFS server in OpenSolaris. The new limit is 1024, which is the same maximum as Windows has for groups. Actually for the case where I was unlucky with samba, built in CIFS didn't have problems with group limits. Even when the ngroups_max was left to default 16. I have some suspicion/idea that this might be due to EUID/EGID each daemon runs - samba is dropping privileges, don't know about smb/server, but suspect that it runs privileged all the time. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ZFS
Solaris 10 includes samba 3.0.x with zfs support. Sun backported zfs modules from newer sun releases.If you were to download samba from www.samba.org you would have to go with 3.4 or 3.5 for the zfs module. In the short term, assuming you don't have Vista or Windows 7 clients and aren't doing domain trusts the Sun bundled version of Samba should meet your needs. I did have some issues when switching from UFS to ZFS. ZFS ACL model is a lot more in line with Windows than UFS ACL's were. With UFS, it looked like potential mismatches between Windows and UFS acl's were ignored. With ZFS, you are more likely to run into permissions being enforced inappropriately- especially with MS Office documents.There are various posts in this forum on Solaris 10 (some from me) that address this. You may want to set samba share parameters to include vfs objects = zfsacl nfs4: mode = special nfs4:acedup = merge nfs4:chown = yes zfsacl: acesort = dontcare You may also need to set ZFS permissions to allow the user to read/write the following a = read_attributes R = read_xattr (exended attibutes) c = read_acl Although you can also set permissions via windows.You also want to make sure that setting a file under solaris with e.g. 660 (ie. user and group can read and write but no one else can ) doesn't end up being interpreted by windows clients as deny access to everyone even despite rights granted to user or group. I don't actually do quota checking in Windows. Free space info seems OK. But I have several servers with autofs and symlinks under the samba shared directories so I don't always expect samba directory info to be correct.So this may be a cop out but you may need to setup a test machine to verify for yourself. There are a lot of features in ZFS that are big improvements over UFS.Especially if you have RAID5 volumes- those are really easy to destroy in UFS if you loose your raid configuration info on the server. On 08/04/2010 05:54 AM, Martin Rootes wrote: Hi, I've recently moved our student fileserver from a Solaris 10 server that was using UFS filesytems to a new Sun Cluster. As part of the move I decided to employ ZFS for the filesystem so that I could take advantage of some of ZFS's features. However, it now seems that windows does not report the amount of space that the user is actually using, or the amount of quota left, instead it reports the total amount of space in use and free on the total filesystem. I'm currently running and exceptionally old version of Samba (3 !) and have been planning to upgrade to the latest version of 3 prior to the start of term. However, I'm concerned that this may be an inherant issue with Samba and ZFS. Will any of the latest versions of Samba correctly report a users usage and free space based on their quota or am I going to have to look at moving all the data back to UFS to get quota reporting working again? Martin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ZFS
Hi! You also can run into problems if you have AD environment (workgroup mode could be affected as well btw) and users who are members of more than 16 groups and are using ZFS acls. Faced this problem and could not solve even by compiling samba 3.5.4, adding ngroups_max=1024 in /etc/system and doing other things. On 08/ 4/10 04:44 PM, Gaiseric Vandal wrote: Solaris 10 includes samba 3.0.x with zfs support. Sun backported zfs modules from newer sun releases.If you were to download samba from www.samba.org you would have to go with 3.4 or 3.5 for the zfs module. In the short term, assuming you don't have Vista or Windows 7 clients and aren't doing domain trusts the Sun bundled version of Samba should meet your needs. I did have some issues when switching from UFS to ZFS. ZFS ACL model is a lot more in line with Windows than UFS ACL's were. With UFS, it looked like potential mismatches between Windows and UFS acl's were ignored. With ZFS, you are more likely to run into permissions being enforced inappropriately- especially with MS Office documents. There are various posts in this forum on Solaris 10 (some from me) that address this. You may want to set samba share parameters to include vfs objects = zfsacl nfs4: mode = special nfs4:acedup = merge nfs4:chown = yes zfsacl: acesort = dontcare You may also need to set ZFS permissions to allow the user to read/write the following a = read_attributes R = read_xattr (exended attibutes) c = read_acl Although you can also set permissions via windows.You also want to make sure that setting a file under solaris with e.g. 660 (ie. user and group can read and write but no one else can ) doesn't end up being interpreted by windows clients as deny access to everyone even despite rights granted to user or group. I don't actually do quota checking in Windows. Free space info seems OK. But I have several servers with autofs and symlinks under the samba shared directories so I don't always expect samba directory info to be correct.So this may be a cop out but you may need to setup a test machine to verify for yourself. There are a lot of features in ZFS that are big improvements over UFS.Especially if you have RAID5 volumes- those are really easy to destroy in UFS if you loose your raid configuration info on the server. On 08/04/2010 05:54 AM, Martin Rootes wrote: Hi, I've recently moved our student fileserver from a Solaris 10 server that was using UFS filesytems to a new Sun Cluster. As part of the move I decided to employ ZFS for the filesystem so that I could take advantage of some of ZFS's features. However, it now seems that windows does not report the amount of space that the user is actually using, or the amount of quota left, instead it reports the total amount of space in use and free on the total filesystem. I'm currently running and exceptionally old version of Samba (3 !) and have been planning to upgrade to the latest version of 3 prior to the start of term. However, I'm concerned that this may be an inherant issue with Samba and ZFS. Will any of the latest versions of Samba correctly report a users usage and free space based on their quota or am I going to have to look at moving all the data back to UFS to get quota reporting working again? Martin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ZFS
the ngroup_max issue isn't specific to an active directory environment.I found with samba 3.0.x, if you were in more than 16 groups, you might not have all the access you thought you should but you could still logon. (samba didn't check the system ngroups_max.) With samba 3.5.x if you are in more groups than ngroups_max you won't even be able to logon to windows. NFS is the limiting factor for ngroups_max. If you aren't using nfs you can up ngroups_max. Of if you are using nfs with kerberos authentication then I think you should also be able to up ngroups_max. If you up ngroups_max and a user has 16 groups, he would be able to login to windows BUT non-krb nfs would be broken. On 08/04/2010 09:50 AM, Marcis Lielturks wrote: Hi! You also can run into problems if you have AD environment (workgroup mode could be affected as well btw) and users who are members of more than 16 groups and are using ZFS acls. Faced this problem and could not solve even by compiling samba 3.5.4, adding ngroups_max=1024 in /etc/system and doing other things. On 08/ 4/10 04:44 PM, Gaiseric Vandal wrote: Solaris 10 includes samba 3.0.x with zfs support. Sun backported zfs modules from newer sun releases.If you were to download samba from www.samba.org you would have to go with 3.4 or 3.5 for the zfs module. In the short term, assuming you don't have Vista or Windows 7 clients and aren't doing domain trusts the Sun bundled version of Samba should meet your needs. I did have some issues when switching from UFS to ZFS. ZFS ACL model is a lot more in line with Windows than UFS ACL's were. With UFS, it looked like potential mismatches between Windows and UFS acl's were ignored. With ZFS, you are more likely to run into permissions being enforced inappropriately- especially with MS Office documents.There are various posts in this forum on Solaris 10 (some from me) that address this. You may want to set samba share parameters to include vfs objects = zfsacl nfs4: mode = special nfs4:acedup = merge nfs4:chown = yes zfsacl: acesort = dontcare You may also need to set ZFS permissions to allow the user to read/write the following a = read_attributes R = read_xattr (exended attibutes) c = read_acl Although you can also set permissions via windows.You also want to make sure that setting a file under solaris with e.g. 660 (ie. user and group can read and write but no one else can ) doesn't end up being interpreted by windows clients as deny access to everyone even despite rights granted to user or group. I don't actually do quota checking in Windows. Free space info seems OK. But I have several servers with autofs and symlinks under the samba shared directories so I don't always expect samba directory info to be correct.So this may be a cop out but you may need to setup a test machine to verify for yourself. There are a lot of features in ZFS that are big improvements over UFS.Especially if you have RAID5 volumes- those are really easy to destroy in UFS if you loose your raid configuration info on the server. On 08/04/2010 05:54 AM, Martin Rootes wrote: Hi, I've recently moved our student fileserver from a Solaris 10 server that was using UFS filesytems to a new Sun Cluster. As part of the move I decided to employ ZFS for the filesystem so that I could take advantage of some of ZFS's features. However, it now seems that windows does not report the amount of space that the user is actually using, or the amount of quota left, instead it reports the total amount of space in use and free on the total filesystem. I'm currently running and exceptionally old version of Samba (3 !) and have been planning to upgrade to the latest version of 3 prior to the start of term. However, I'm concerned that this may be an inherant issue with Samba and ZFS. Will any of the latest versions of Samba correctly report a users usage and free space based on their quota or am I going to have to look at moving all the data back to UFS to get quota reporting working again? Martin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ZFS
On Wed, August 4, 2010 10:33, Gaiseric Vandal wrote: the ngroup_max issue isn't specific to an active directory environment.I found with samba 3.0.x, if you were in more than 16 groups, you might not have all the access you thought you should but you could still logon. (samba didn't check the system ngroups_max.) With samba 3.5.x if you are in more groups than ngroups_max you won't even be able to logon to windows. NFS is the limiting factor for ngroups_max. If you aren't using nfs you can up ngroups_max. Of if you are using nfs with kerberos authentication then I think you should also be able to up ngroups_max. If you up ngroups_max and a user has 16 groups, he would be able to login to windows BUT non-krb nfs would be broken. ngroups_max has been expanded in recent versions of OpenSolaris, but this has not (yet?) been back-ported Solaris 10: http://www.c0t0d0s0.org/archives/6135-At-last-or-NGROUPS-revisited.html This change was done to help with the creation of the built-in CIFS server in OpenSolaris. The new limit is 1024, which is the same maximum as Windows has for groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and ZFS
On Wed, August 4, 2010 09:44, Gaiseric Vandal wrote: I did have some issues when switching from UFS to ZFS. ZFS ACL model is a lot more in line with Windows than UFS ACL's were. With UFS, it looked like potential mismatches between Windows and UFS acl's were ignored. ZFS model = NFSv4 model ~= Windows model. http://blogs.sun.com/lisaweek/entry/nfsv4_and_zfs_acls I believe these are a super-set of even the POSIX-draft ACL model. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
