Re: [OpenIndiana-discuss] Illumos as a NAS
2012/9/7 Gordon Ross : > I'd also be curious what are the exact circumstances where you saw > idmap change its mapping for some SID to a different ephemeral ID. > Note that TTL expiration does not cause a mapping to be destroyed. It > only causes it to be re-checked via name lookup rules, etc. James didn't saw that, it was me. > That re-check should not come up with a different ID unless something > in the configuration changed, i.e. a new explicit mapping where one > did not exist before. If you saw something else happen, that might > be a bug. I think it boils down to: was the whole idmap stuff designed to be used with setuid/seteuid? I guess not. And it's this use case where I see unwanted behaviour which is probably not a bug, but misuse. -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On Thu, Sep 6, 2012 at 4:37 AM, James Relph wrote: >>> >> really? Can you elaborate? The thing is, I'm in the process of >> compiling and updated winbind from latest Samba sources (and >> documenting that process) in order to test with that if the problems >> with supplementary groups go away and if it works with Solaris CIFS. That's not going to be easy. > After I'd installed winbind and had that up and running, doing a svcadm start > smb just put it straight into maintenance mode. I didn't do much > investigation beyond that as it wasn't critical at the time, but I assumed > there was some kind of conflict in terms of ports. The native idmap service is called internally from both the zfs + smbsrv kernel modules, via the kidmap_* interface. Have you considered adding the winbind-style range mapping you want? The idmap service already supports a couple different mapping methods. One more method wouldn't hurt. I'd also be curious what are the exact circumstances where you saw idmap change its mapping for some SID to a different ephemeral ID. Note that TTL expiration does not cause a mapping to be destroyed. It only causes it to be re-checked via name lookup rules, etc. That re-check should not come up with a different ID unless something in the configuration changed, i.e. a new explicit mapping where one did not exist before. If you saw something else happen, that might be a bug. -- Gordon Ross Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
> Having winbind and Solaris CIFS joined to AD at the same time can not > be done by default, as both will try to associate the computer account > in AD with their own authentication system and change the machine > password. Back to square one. > -f Do you need CIFS to be joined to AD? Can you not just give it winbind as a pam module and leave it in Workgroup mode? James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
2012/9/6 Frank Lahm : > 2012/9/6 James Relph : >>> You need to post and/or analyse the errorlog of the smb service. >>> Assuming killed more cats than curiosity ;-) >> >> I know, but this had been a bit of a marathon getting to this point alone, >> and all I needed at the time was AFP. I will have another look when I get >> half an hour. > > Save your time, I'm just about to test this with an updated winbind > compiled from source. Having winbind and Solaris CIFS joined to AD at the same time can not be done by default, as both will try to associate the computer account in AD with their own authentication system and change the machine password. Back to square one. -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
2012/9/6 James Relph : >> You need to post and/or analyse the errorlog of the smb service. >> Assuming killed more cats than curiosity ;-) > > I know, but this had been a bit of a marathon getting to this point alone, > and all I needed at the time was AFP. I will have another look when I get > half an hour. Save your time, I'm just about to test this with an updated winbind compiled from source. I'm NOT running smbd, only windbindd! Unfortunately the updated winbindd still doesn't properly return supplementary groups. :/ -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
> You need to post and/or analyse the errorlog of the smb service. > Assuming killed more cats than curiosity ;-) > I know, but this had been a bit of a marathon getting to this point alone, and all I needed at the time was AFP. I will have another look when I get half an hour. James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
You need to post and/or analyse the errorlog of the smb service. Assuming killed more cats than curiosity ;-) -Original Message- From: James Relph [mailto:ja...@themacplace.co.uk] Sent: donderdag 6 september 2012 10:38 To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] Illumos as a NAS >> > really? Can you elaborate? The thing is, I'm in the process of > compiling and updated winbind from latest Samba sources (and > documenting that process) in order to test with that if the problems > with supplementary groups go away and if it works with Solaris CIFS. After I'd installed winbind and had that up and running, doing a svcadm start smb just put it straight into maintenance mode. I didn't do much investigation beyond that as it wasn't critical at the time, but I assumed there was some kind of conflict in terms of ports. Have you had any luck getting it working? Best regards, James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
>> > really? Can you elaborate? The thing is, I'm in the process of > compiling and updated winbind from latest Samba sources (and > documenting that process) in order to test with that if the problems > with supplementary groups go away and if it works with Solaris CIFS. After I'd installed winbind and had that up and running, doing a svcadm start smb just put it straight into maintenance mode. I didn't do much investigation beyond that as it wasn't critical at the time, but I assumed there was some kind of conflict in terms of ports. Have you had any luck getting it working? Best regards, James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
I'd have to buy a new Mac to get Thunderbolt. It's a new feature that only the newest Macs have. Most Macs in the field now still don't have that option. Time will change that, of course. Sent from my iPhone On Sep 5, 2012, at 8:58 AM, Didier Carlier wrote: > > On 05 Sep 2012, at 14:21, Magnus wrote: > >> >> On Sep 5, 2012, at 2:59 AM, Didier Carlier wrote: >>> >>> The use case described is handled perfectly by OSX server ($15 these >>> days...). >>> It might still be a good idea but don't believe that Mac users are waiting >>> for such a NAS without any alternatives… >> >> My iTunes library is pushing 2TB these days, and I'm not done backing up my >> large DVD collection yet. I've got a stack of external firewire drives >> attached to my Mac Mini that are slow (nature of Firewire) and suffer early >> thermal failure because these cases are designed more for looking slim and >> attractive on my desk than they are for actively cooling the disks within. >> If I want to add new disks to expand my volume, I can't really do that; I >> have to make a full backup, destroy my original volume, and create a new >> volume with more disks in it. >> >> I'm a beta tester for what was TensComplement so I have ZFS on there now, >> but I still have the limitations of firewire and the consumer level external >> disk thermal problems. >> >> I very much have an interest in moving my precious media library to >> something more robust and performant. >> >> OS X Server doesn't fix any of that. >> >> Meanwhile I've got a ~5 year old AMD machine that used to be a nice Linux >> desktop, now running Illumos (as of about 8 hours or so ago) and the long >> slow rsync from my Mac is still going. My disks will be actively cooled by a >> case with adequate fans. When my 2TB ZFS volume is a little closer to full, >> I can add another mirrored pair of 2TB disks to my pool in a matter of maybe >> half an hour tops (including time to physically install the disks). I've >> also got a pair of SSD's for slog and cache devices to put in there, once I >> source another SATA controller for the system. I can't do any of that with >> my Mac Mini. >> >> I'm also looking at the *five disks* on my desk right now around my monitor, >> and smiling knowing that they are going away soon. >> >> -M > > > I wasn't talking specifically about firewire, a Thunderbolt disk array like > the ones from Promise is much faster than firewire and support up to 12 TB. > That might be more expensive but functionally, a Mac mini plus this kind of > storage handles your load without any problem. > Now obviously I agree that ZFS has its advantages, but OSX has some too, at > least in a full Mac home or SME. > > > > > > ___ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On 05 Sep 2012, at 14:21, Magnus wrote: > > On Sep 5, 2012, at 2:59 AM, Didier Carlier wrote: >> >> The use case described is handled perfectly by OSX server ($15 these >> days...). >> It might still be a good idea but don't believe that Mac users are waiting >> for such a NAS without any alternatives… > > My iTunes library is pushing 2TB these days, and I'm not done backing up my > large DVD collection yet. I've got a stack of external firewire drives > attached to my Mac Mini that are slow (nature of Firewire) and suffer early > thermal failure because these cases are designed more for looking slim and > attractive on my desk than they are for actively cooling the disks within. > If I want to add new disks to expand my volume, I can't really do that; I > have to make a full backup, destroy my original volume, and create a new > volume with more disks in it. > > I'm a beta tester for what was TensComplement so I have ZFS on there now, but > I still have the limitations of firewire and the consumer level external disk > thermal problems. > > I very much have an interest in moving my precious media library to something > more robust and performant. > > OS X Server doesn't fix any of that. > > Meanwhile I've got a ~5 year old AMD machine that used to be a nice Linux > desktop, now running Illumos (as of about 8 hours or so ago) and the long > slow rsync from my Mac is still going. My disks will be actively cooled by a > case with adequate fans. When my 2TB ZFS volume is a little closer to full, I > can add another mirrored pair of 2TB disks to my pool in a matter of maybe > half an hour tops (including time to physically install the disks). I've also > got a pair of SSD's for slog and cache devices to put in there, once I source > another SATA controller for the system. I can't do any of that with my Mac > Mini. > > I'm also looking at the *five disks* on my desk right now around my monitor, > and smiling knowing that they are going away soon. > > -M I wasn't talking specifically about firewire, a Thunderbolt disk array like the ones from Promise is much faster than firewire and support up to 12 TB. That might be more expensive but functionally, a Mac mini plus this kind of storage handles your load without any problem. Now obviously I agree that ZFS has its advantages, but OSX has some too, at least in a full Mac home or SME. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On Sep 5, 2012, at 2:59 AM, Didier Carlier wrote: > > The use case described is handled perfectly by OSX server ($15 these days...). > It might still be a good idea but don't believe that Mac users are waiting > for such a NAS without any alternatives… My iTunes library is pushing 2TB these days, and I'm not done backing up my large DVD collection yet. I've got a stack of external firewire drives attached to my Mac Mini that are slow (nature of Firewire) and suffer early thermal failure because these cases are designed more for looking slim and attractive on my desk than they are for actively cooling the disks within. If I want to add new disks to expand my volume, I can't really do that; I have to make a full backup, destroy my original volume, and create a new volume with more disks in it. I'm a beta tester for what was TensComplement so I have ZFS on there now, but I still have the limitations of firewire and the consumer level external disk thermal problems. I very much have an interest in moving my precious media library to something more robust and performant. OS X Server doesn't fix any of that. Meanwhile I've got a ~5 year old AMD machine that used to be a nice Linux desktop, now running Illumos (as of about 8 hours or so ago) and the long slow rsync from my Mac is still going. My disks will be actively cooled by a case with adequate fans. When my 2TB ZFS volume is a little closer to full, I can add another mirrored pair of 2TB disks to my pool in a matter of maybe half an hour tops (including time to physically install the disks). I've also got a pair of SSD's for slog and cache devices to put in there, once I source another SATA controller for the system. I can't do any of that with my Mac Mini. I'm also looking at the *five disks* on my desk right now around my monitor, and smiling knowing that they are going away soon. -M ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
2012/9/5 James Relph : > >> what about using winbind? Works with Netatalk and I guess it will also >> work with Solaris CIFS. >> >> We haven't been able to get supplementary groups working, but I'm >> pretty sure that could be solved, possibly by installing an updated >> winbind from sources. > > Winbind worked straight away with netatalk, and was tons more > reliable/configurable (you can just give it a UID range to use). The problem > was getting the Solaris CIFS server to work with it, which didn't seem to be > possible. really? Can you elaborate? The thing is, I'm in the process of compiling and updated winbind from latest Samba sources (and documenting that process) in order to test with that if the problems with supplementary groups go away and if it works with Solaris CIFS. Thanks! -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
> what about using winbind? Works with Netatalk and I guess it will also > work with Solaris CIFS. > > We haven't been able to get supplementary groups working, but I'm > pretty sure that could be solved, possibly by installing an updated > winbind from sources. Hi Frank, Winbind worked straight away with netatalk, and was tons more reliable/configurable (you can just give it a UID range to use). The problem was getting the Solaris CIFS server to work with it, which didn't seem to be possible. James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
Hey James! 2012/9/4 James Relph : > >> AD issues are going to require someone tenacious, motivated, and a bit >> masochistic as it's historically been a bit of a moving target. > > AD seems reasonably stable these days, and in fact the current Illumos > strategy works 90% of the way, it's the idmap that actually breaks down > because of the approach taken with ephemeral UIDs. It's the only system that > I've seen use that approach, and it just seems almost guaranteed to make it > difficult for apps that don't have the special hooks that the CIFS server > uses. The opendirectoryd (Mac OS X) and winbind approaches seems much more > reliable - map a user to a generated UID which will be the same across the > domain. Then apps don't need to worry about local or AD users, they just > work. what about using winbind? Works with Netatalk and I guess it will also work with Solaris CIFS. We haven't been able to get supplementary groups working, but I'm pretty sure that could be solved, possibly by installing an updated winbind from sources. -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On 04 Sep 2012, at 18:37, wrote: > > > On Tue, 04 Sep 2012 17:06:06 +0100, "James Relph" > wrote: > >> This to some extent goes back to something I've been talking about >> recently. The current version of netatalk (v3) is actually excellent on >> OI. NetAFP added cross-protocol file locking with the native CIFS client >> and netatalk will use ZFS xattrs to store Mac xattrs.The actual >> problem has turned out to be the Windows integration, because it's > either: > > AD issues are going to require someone tenacious, motivated, and a bit > masochistic as it's historically been a bit of a moving target. > > Low hanging fruit is to ignore the AD integration for now, make this a good > NAS for home users without the AD integration issues resolved. Example of a > common use case: iTunes media library. 2+ TB of music, movies, books, > podcasts, etc. becomes more than a bit unwieldy to handle natively on a > Mac, but Illumos is well suited to handle this workload. No AD integration > is necessary for this use case. Local system auth is "good enough". The use case described is handled perfectly by OSX server ($15 these days...). It might still be a good idea but don't believe that Mac users are waiting for such a NAS without any alternatives... ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On Tue, 04 Sep 2012 15:26:31 -0600, fi...@linuxbsdos.com wrote: > My response is not necessarily specific to this thread, but has any > body looked at what OmniOs guys are doing, and see if there is a > possibility of pooling resources. So there is a sort of scope to OmniOS where I would think that the answer to that would be that OmniOS already does all of the things it's going to want to do to support being used as a NAS, and there are some docs on how to set up a third party package repo to add the rest of the prereqs onto it. The only place where I think OmniOS might benefit heavily from some collaboration is with its installer, and possibly-maybe OI and OmniOS could mutually benefit from that. But with one of the stated goals of OmniOS being: "A simple and supported environment for managing custom repositories with your software packages", I think it would be more consistent with that distro's vision to figure out how to bolt on the NAS functionality as third party packages. Such an effort could be of mutual benefit to OI, potentially, if the packages are made with due care. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
My response is not necessarily specific to this thread, but has any body looked at what OmniOs guys are doing, and see if there is a possibility of pooling resources. Merge efforts, so that there are more resources to direct at what we are trying to do. Of course, it means that some people will have to compromise on certain issues, but for the good of the community, these things have to be done. Right now, PC-BSD and FreeBSD are just about the only real, free means of playing with ZFS, but not in a very user-friendly manner. The market (free and commercial) for what ZFS brings to the table is too big to be ignored. http://omnios.omniti.com/ Just my 2 cents! -- finid On 2012-09-04 14:59, James Relph wrote: AD issues are going to require someone tenacious, motivated, and a bit masochistic as it's historically been a bit of a moving target. AD seems reasonably stable these days, and in fact the current Illumos strategy works 90% of the way, it's the idmap that actually breaks down because of the approach taken with ephemeral UIDs. It's the only system that I've seen use that approach, and it just seems almost guaranteed to make it difficult for apps that don't have the special hooks that the CIFS server uses. The opendirectoryd (Mac OS X) and winbind approaches seems much more reliable - map a user to a generated UID which will be the same across the domain. Then apps don't need to worry about local or AD users, they just Low hanging fruit is to ignore the AD integration for now, make this a good NAS for home users without the AD integration issues resolved. Example of a common use case: iTunes media library. 2+ TB of music, movies, books, podcasts, etc. becomes more than a bit unwieldy to handle natively on a Mac, but Illumos is well suited to handle this workload. No AD integration is necessary for this use case. Local system auth is "good enough". The home market is definitely interesting, but from our point of view, Apple have basically stopped selling all but basic server systems, and we're seeing a lot of small/medium businesses (10-50 users) and at the other end of the scale enterprise users (1000+ users) who are looking to replace Xserves. OI with ZFS and netatalk 3 is *awesome* for that (seriously, customers used to Xserves using HFS+ with no snapshotting, native compression, scrubbing etc. see ZFS as almost magical). The problem is that a lot of these companies have an AD of one form of another (SBS or full blown multi-site forests). We're just viewing this from the perspective of a Mac consultancy, and we're really seeing lots of opportunities that involve AD integration, if you add in the number of full Windows businesses it's a massive potential market. The other thing is - because we've got a commercial opportunity here we're willing to support that kind of development financially - and I've offered bounties (and asked if anyone knows any developers looking for contract work) on this exact problem - and we'd be willing to talk pretty decent amounts - we are seeing a lot of interest in ZFS based systems! I think that's the main benefit of looking at commercial opportunities like AD integration because you can get businesses willing to fund developments that benefit the entire community (and Linux in particular has benefitted massively from the support of companies like IBM and RedHat). James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
> AD issues are going to require someone tenacious, motivated, and a bit > masochistic as it's historically been a bit of a moving target. AD seems reasonably stable these days, and in fact the current Illumos strategy works 90% of the way, it's the idmap that actually breaks down because of the approach taken with ephemeral UIDs. It's the only system that I've seen use that approach, and it just seems almost guaranteed to make it difficult for apps that don't have the special hooks that the CIFS server uses. The opendirectoryd (Mac OS X) and winbind approaches seems much more reliable - map a user to a generated UID which will be the same across the domain. Then apps don't need to worry about local or AD users, they just > Low hanging fruit is to ignore the AD integration for now, make this a good > NAS for home users without the AD integration issues resolved. Example of a > common use case: iTunes media library. 2+ TB of music, movies, books, > podcasts, etc. becomes more than a bit unwieldy to handle natively on a > Mac, but Illumos is well suited to handle this workload. No AD integration > is necessary for this use case. Local system auth is "good enough". The home market is definitely interesting, but from our point of view, Apple have basically stopped selling all but basic server systems, and we're seeing a lot of small/medium businesses (10-50 users) and at the other end of the scale enterprise users (1000+ users) who are looking to replace Xserves. OI with ZFS and netatalk 3 is *awesome* for that (seriously, customers used to Xserves using HFS+ with no snapshotting, native compression, scrubbing etc. see ZFS as almost magical). The problem is that a lot of these companies have an AD of one form of another (SBS or full blown multi-site forests). We're just viewing this from the perspective of a Mac consultancy, and we're really seeing lots of opportunities that involve AD integration, if you add in the number of full Windows businesses it's a massive potential market. The other thing is - because we've got a commercial opportunity here we're willing to support that kind of development financially - and I've offered bounties (and asked if anyone knows any developers looking for contract work) on this exact problem - and we'd be willing to talk pretty decent amounts - we are seeing a lot of interest in ZFS based systems! I think that's the main benefit of looking at commercial opportunities like AD integration because you can get businesses willing to fund developments that benefit the entire community (and Linux in particular has benefitted massively from the support of companies like IBM and RedHat). James. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
On Tue, 4 Sep 2012 10:41:47 -0700 (PDT), Reginald Beardsley wrote: > I think this is an excellent point. Start small and build up from there. > The home/SOHO market is a lot of units. Witness Iomega is a subsidiary of > EMC. Illumos + Netatalk + management interface could be more of a Drobo killer, if anything, I think. I used iTunes as an example, but video production houses could also stand to gain much from something like this. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Illumos as a NAS
--- On Tue, 9/4/12, mag...@yonderway.com wrote: [snip] > > Low hanging fruit is to ignore the AD integration for now, > make this a good > NAS for home users without the AD integration issues > resolved. Example of a > common use case: iTunes media library. 2+ TB of music, > movies, books, > podcasts, etc. becomes more than a bit unwieldy to handle > natively on a > Mac, but Illumos is well suited to handle this workload. No > AD integration > is necessary for this use case. Local system auth is "good > enough". I think this is an excellent point. Start small and build up from there. The home/SOHO market is a lot of units. Witness Iomega is a subsidiary of EMC. If OI were to displace Linux and get built into a commercial offering for the SOHO market it would produce funding to support OI development. Have Fun! Reg ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
