Re: [Samba] Custom VFS

[ivenhov]

Andrew.

On 24 July 2012 22:35, Andrew Scherpbier  wrote:

> The strategy I've used is to write a simple TCP protocol client (the VFS
> module) and server (a straight forward threaded Java server).
> Works like a charm.


I was considering pretty much the same technique using localhost and
sockets to separate native library from Java service.


> As long as the client side is abstracted enough so that its samba
> connection state is independent from the server connection state, there are
> no issues with restarting either.  (I started out using a statefull
> protocol, but ended up changing to a completely stateless one, where the
> individual messages contain enough information to establish context.  This
> way, if either end of the system goes down, recovery is the simple act of
> building a new TCP connection.)


That means you need to carry enough information to resume and also have
some sort of queue of messages on the client (VFS) that has not been
delivered yet.
Is that correct?

I originally looked into hosting the JVM in the VFS module, but that was
> going to be a problem because each smbd process would have to start its own
> JVM.  The JVM startup time (especially the server JVM) is very high and the
> memory overhead would not make it scalable.


Why do you need several smbd on single host? Is it because of high
availability or some latency issues you wanted to remove?
Or did I misinterpreted that?

>
> The system I'm working on now manages PB class storage (currently up to
> 10PB) with hundreds of concurrent clients and the VFS module does this
> without issues or much overhead.  We're regularly seeing write speeds in
> the 400-500MB/s range using 10GbE and multiple windows clients.


Do you use hot-standby Samba server for failover, clustered Samba etc? If
yes, how do you achieve that if you don't mind telling?

And quick question about notification. If in your system file appears or
was modified outside Samba, is there a way of notifying Samba clients about
that change?
Notification that goes from VFS layer so Samba and then to Windows clients
to refresh directory, Explorer view etc.
I think that mechanism exists in Samba via inotify but I may be wrong, I'm
Samba newbie.

Daniel


>




--
View this message in context: 
http://samba.2283325.n4.nabble.com/Custom-VFS-tp4634738p4634973.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Failing to get uids from AD

[Nick Triantos]

Hi Steve,

I'm running AD on Windows Server 2008 R2. Once you have the AD domain services 
role installed, there's a feature you can install called something like, 
"Server for NIS". See: 
http://technet.microsoft.com/en-us/library/cc755221.aspx, amongst many other 
postings from Microsoft.

regards,
-Nick


On Jul 24, 2012, at 4:15 AM, steve wrote:

> On 18/07/12 03:52, Nick Triantos wrote:
>> It looks like uidNumber is the attribute that gets set (I've queried it with 
>> ldapsearch). This is what AD Users & Computers sets when I use their GUI to 
>> configure a user.
>> 
> 
> Hi
> How do you get ADUC to display fields where you can enter uidNumber?
> Cheers,
> Steve
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba: read-only remote LDAP + additional local users

[Arokux B.]

On Tue, Jul 24, 2012 at 7:55 AM, Daniel Müller  wrote:
> Why do not have all users work within samba?
> What is the reason?

My server is a small private server of a small subdivision. Now and
then there are external people that come to us for short time and they
also need access to our Samba-shares. I cannot change anything on the
LDAP-Server and so cannot add them to it.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Help infomation to build the system as Microsoft Active Directory !

[Ha Minh Ai]

Dear Mr/Madam,
We have wanted to build the system for centralizal management: User
account, printer, policy, deploy softwares to client, manage update OS,
Single Sign On, 
I know there have a same system as Micrsoft Active Directory, but we
haven't a lot dollars.
Please help me to answer some questions as the below:
 - How is the solution (*OpenLDAP + Samba*) on Ubuntu, RHEL/CentOS or SUSE
server ?
 - How many user can the system support maximum ?
 - Could i build the system include Primary Domain Controller Server and
Additional Domain Controller ?
 - Does Samba/OpenLDAP has cost-edition for enterprise ? If yes, what is it
different from free-edition ?
I'm looking forward to supporting from you. Thanks so much

Best regards,
Aihm
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Custom VFS

[Jeremy Allison]

On Tue, Jul 24, 2012 at 02:35:28PM -0700, Andrew Scherpbier wrote:
> Hi Daniel,
> 
> Just a note of encouragement...
> I have so far written 2 filesystems in Java that use Samba for 2
> different companies, so you're not alone!  :-)
> 
> The strategy I've used is to write a simple TCP protocol client (the
> VFS module) and server (a straight forward threaded Java server).
> Works like a charm.  As long as the client side is abstracted enough
> so that its samba connection state is independent from the server
> connection state, there are no issues with restarting either.  (I
> started out using a statefull protocol, but ended up changing to a
> completely stateless one, where the individual messages contain
> enough information to establish context.  This way, if either end of
> the system goes down, recovery is the simple act of building a new
> TCP connection.)
> 
> I also attempted to use the Apache ActiveMQ C++ library for
> communication, but found it buggy and leaky.
> 
> I originally looked into hosting the JVM in the VFS module, but that
> was going to be a problem because each smbd process would have to
> start its own JVM.  The JVM startup time (especially the server JVM)
> is very high and the memory overhead would not make it scalable.
> 
> TCP through the loopback interface is very fast (at least on the
> linux system's I've developed for), so there was no need to
> implement some sort of shared memory interface.
> 
> The system I'm working on now manages PB class storage (currently up
> to 10PB) with hundreds of concurrent clients and the VFS module does
> this without issues or much overhead.  We're regularly seeing write
> speeds in the 400-500MB/s range using 10GbE and multiple windows
> clients.
> 
> Good luck!
> 
> P.S.:  Blatant plug for my current project:
> http://www.cuttedge.com/psca/index.html

Wow - that's really cool stuff !

I'm glad the VFS works so well for you. I wanted to give you
a heads-up on the changes we're making to the VFS moving
forward with 4.0.x and above - take a look at the changes
Volker made for the pread() -> pread_send_fn()/pread_recv_fn()
and pwrite() -> pwrite_send_fn()/pwrite_recv_fn() in order to
make the VFS async (and allow pthreaded implementations to
be hidden under the covers).

Sample implementations are in source3/modules/vfs_default.c
in:

vfswrap_pread_send()/vfswrap_asys_ssize_t_recv()
vfswrap_pwrite_send()/vfswrap_asys_ssize_t_recv()

It makes the VFS a little more complicated, but should
enable you to get more performance out of it.

We're also thinking longer term about changing the
model of keeping the current working directory as
the root of the exported service and changing the
internals of Samba to chdir() to the parent directory
of any path currently being processed - this allows
easier security checks inside smbd and reduces the
opportunity for pathname check race conditions.

Feedback very welcome - especially from someone
who has implemented a couple of production Samba
VFS modules already :-).

Thanks !

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Custom VFS

[Andrew Scherpbier]

Hi Daniel,

Just a note of encouragement...
I have so far written 2 filesystems in Java that use Samba for 2 
different companies, so you're not alone!  :-)


The strategy I've used is to write a simple TCP protocol client (the VFS 
module) and server (a straight forward threaded Java server).
Works like a charm.  As long as the client side is abstracted enough so 
that its samba connection state is independent from the server 
connection state, there are no issues with restarting either.  (I 
started out using a statefull protocol, but ended up changing to a 
completely stateless one, where the individual messages contain enough 
information to establish context.  This way, if either end of the system 
goes down, recovery is the simple act of building a new TCP connection.)


I also attempted to use the Apache ActiveMQ C++ library for 
communication, but found it buggy and leaky.


I originally looked into hosting the JVM in the VFS module, but that was 
going to be a problem because each smbd process would have to start its 
own JVM.  The JVM startup time (especially the server JVM) is very high 
and the memory overhead would not make it scalable.


TCP through the loopback interface is very fast (at least on the linux 
system's I've developed for), so there was no need to implement some 
sort of shared memory interface.


The system I'm working on now manages PB class storage (currently up to 
10PB) with hundreds of concurrent clients and the VFS module does this 
without issues or much overhead.  We're regularly seeing write speeds in 
the 400-500MB/s range using 10GbE and multiple windows clients.


Good luck!

P.S.:  Blatant plug for my current project: 
http://www.cuttedge.com/psca/index.html


On 07/24/2012 01:15 PM, ivenhov wrote:

Thanks Michael, great link.
Exactly what I was looking for. Does not answer my JNI question (creating
file system in Java is not that common),
but it's a great starting point.

Daniel

On 24 July 2012 19:51, Michael Wood-8 [via Samba] <
ml-node+s2283325n4634960...@n4.nabble.com> wrote:


Hi

On 19 July 2012 11:39, Daniel Iwan <[hidden 
email]>
wrote:


Hi

I would like to  create custom VFS that would redirect all calls to my
backend.

Few questions:

1) is it possible to use Java with JNI wrapper to communicate with my
backend or does it have to be pure C/C++ ?

As far as I know, a Samba VFS must be a shared library.  i.e. a .so
file, so I don't think Java would work (although I don't know much
about JNI.)


2) are the notifications (file deletion/creation etc.) available in VFS,
in
other words notifying samba server and applications that directory has
changed?

3) are there any examples/tutorials/walkthroughs or up to date
documentation for VFS?

Try this:

http://www.samba.org/~sharpe/The-Samba-VFS.pdf

--
Michael Wood <[hidden 
email]>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
  If you reply to this email, your message will be added to the discussion
below:
http://samba.2283325.n4.nabble.com/Custom-VFS-tp4634738p4634960.html
  To unsubscribe from Custom VFS, click 
here
.
NAML





--
View this message in context: 
http://samba.2283325.n4.nabble.com/Custom-VFS-tp4634738p4634963.html
Sent from the Samba - General mailing list archive at Nabble.com.


--
Andrew Scherpbier
and...@scherpbier.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Custom VFS

[ivenhov]

Thanks Michael, great link.
Exactly what I was looking for. Does not answer my JNI question (creating
file system in Java is not that common),
but it's a great starting point.

Daniel

On 24 July 2012 19:51, Michael Wood-8 [via Samba] <
ml-node+s2283325n4634960...@n4.nabble.com> wrote:

> Hi
>
> On 19 July 2012 11:39, Daniel Iwan <[hidden 
> email]>
> wrote:
>
> >
> > Hi
> >
> > I would like to  create custom VFS that would redirect all calls to my
> > backend.
> >
> > Few questions:
> >
> > 1) is it possible to use Java with JNI wrapper to communicate with my
> > backend or does it have to be pure C/C++ ?
>
> As far as I know, a Samba VFS must be a shared library.  i.e. a .so
> file, so I don't think Java would work (although I don't know much
> about JNI.)
>
> > 2) are the notifications (file deletion/creation etc.) available in VFS,
> > in
> > other words notifying samba server and applications that directory has
> > changed?
> >
> > 3) are there any examples/tutorials/walkthroughs or up to date
> > documentation for VFS?
>
> Try this:
>
> http://www.samba.org/~sharpe/The-Samba-VFS.pdf
>
> --
> Michael Wood <[hidden 
> email]>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> --
>  If you reply to this email, your message will be added to the discussion
> below:
> http://samba.2283325.n4.nabble.com/Custom-VFS-tp4634738p4634960.html
>  To unsubscribe from Custom VFS, click 
> here
> .
> NAML
>




--
View this message in context: 
http://samba.2283325.n4.nabble.com/Custom-VFS-tp4634738p4634963.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] (no subject)

[rodrigo tavares]

Hello People !

I´m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba.
But when i try log in windows machine, i enter with user and password, after 
click,
show the message for change your password, so come the message say: you not 
have permission to change the password. See mys commands:

root@debian:~# smbclient -L localhost -U secretary
Enter secretary's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

root@debian# smbclient -L localhost -U rodrigo
Enter rodrigo's password:
session setup failed: NT_STATUS_LOGON_FAILURE

-

In the first the user is samba user, and second posix.

root@debian-fileserver:~# ldapsearch -xLLL uid=secretaria
dn: uid=secretaria,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: secretaria
sn: secretaria
givenName: secretaria
uid: secretaria
uidNumber: 1009
gidNumber: 513
homeDirectory: /home/secretaria
loginShell: /bin/bash
gecos: Secretaria
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: secretaria
sambaSID: S-1-5-21-3973246732-289451499-211008055-3018
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\secretaria
sambaHomePath: \\PDC-SRV\secretaria
sambaHomeDrive: H:
sambaLMPassword: 86A5FB68C21C24D3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA
sambaPwdLastSet: 1343154178
sambaPwdMustChange: 1347042178
shadowMax: 45

root@debian-fileserver:~# ldapsearch -xLLL uid=rodrigo
dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: rodrigo
sn: rodrigo
givenName: rodrigo
uid: rodrigo
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/rodrigo
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: rodrigo
sambaSID: S-1-5-21-3973246732-289451499-211008055-3004
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\rodrigo
sambaHomePath: \\PDC-SRV\rodrigo
sambaHomeDrive: H:
sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD
sambaPwdLastSet: 1343157675
sambaPwdMustChange: 1347045675
shadowMax: 45


I have a red about sambaActFlags, I change this value with 0. But is not 
resolve.


My Smb.conf


[global]
    workgroup = DEFENSORIABH
    netbios name = DEFENSORIA
    server string = %h server
    interfaces = 127.0.0.0/8, eth0
    bind interfaces only = Yes
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    name resolve order = lmhosts host wins bcast
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    delete user script = /usr/sbin/smbldap-userdel "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
    set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /usr/sbin/smbldap-useradd -w "%u"
    logon script = logon.cmd
    logon path = \\%N\profiles\%U
    logon drive = H:
    domain logons = Yes
    os level = 35
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins support = Yes
    ldap admin dn = cn=admin,dc=defensoria,dc=net
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=people
    ldap suffix = dc=defensoria,dc=net
    ldap ssl = no
    ldap user suffix = ou=people
    panic action = /usr/share/samba/panic-action %d
    idmap backend = ldap:ldap://10.26.7.46
    idmap uid = 1-2
    idmap gid = 1-2

    My /etc/ldap/slapd.conf

include  /etc/ldap/schema/core.schema
include  /etc/ldap/schema/cosine.schema
include  /etc/ldap/schema/nis.schema
include  /etc/ldap/schema/inetorgperson.schema
#include /etc/ldap/schema/samba.schema
include  /etc/

Re: [Samba] Custom VFS

[Michael Wood]

Hi

On 19 July 2012 11:39, Daniel Iwan  wrote:
>
> Hi
>
> I would like to  create custom VFS that would redirect all calls to my
> backend.
>
> Few questions:
>
> 1) is it possible to use Java with JNI wrapper to communicate with my
> backend or does it have to be pure C/C++ ?

As far as I know, a Samba VFS must be a shared library.  i.e. a .so
file, so I don't think Java would work (although I don't know much
about JNI.)

> 2) are the notifications (file deletion/creation etc.) available in VFS,
> in
> other words notifying samba server and applications that directory has
> changed?
>
> 3) are there any examples/tutorials/walkthroughs or up to date
> documentation for VFS?

Try this:

http://www.samba.org/~sharpe/The-Samba-VFS.pdf

--
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba Digest, Vol 115, Issue 23

[luis aravena]

Estimado,

Estare fuera de la oficina los dias 24,25,y 26 de Julio.
Para cualquier requerimiento favor dirigirse a
Freddy Arevalo o Roberto Vargas.

atte
Luis
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] rsync folder permissions

[steve]

On 24/07/12 13:49, Thomas Mueller wrote:

Am Mon, 23 Jul 2012 13:57:56 +0200 schrieb steve:


H Yes. I was missing the -a switch:
rsync -auzv source destination works fine but I found that the owner and
group are not synced until the last moment. Impatience perhaps.
Cheers,
Steve


you should also consider -X (xatters) -H (hardlinks) and -A (ACL's).

- Thomas


Hi Thomas
Would that be:
rsync -auzvXHA source destination

Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] rsync folder permissions

[Thomas Mueller]

Am Mon, 23 Jul 2012 13:57:56 +0200 schrieb steve:

> H Yes. I was missing the -a switch:
> rsync -auzv source destination works fine but I found that the owner and
> group are not synced until the last moment. Impatience perhaps.
> Cheers,
> Steve

you should also consider -X (xatters) -H (hardlinks) and -A (ACL's).

- Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Failing to get uids from AD

[steve]

On 18/07/12 03:52, Nick Triantos wrote:

It looks like uidNumber is the attribute that gets set (I've queried it with 
ldapsearch). This is what AD Users & Computers sets when I use their GUI to 
configure a user.



Hi
How do you get ADUC to display a field where you can enter uidNumber? We 
can only do that from ldapmodify over here.

Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Failing to get uids from AD

[steve]

On 18/07/12 03:52, Nick Triantos wrote:

It looks like uidNumber is the attribute that gets set (I've queried it with 
ldapsearch). This is what AD Users & Computers sets when I use their GUI to 
configure a user.



Hi
How do you get ADUC to display fields where you can enter uidNumber?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] default extended file attributes on ZFS [samba 3.6.5 / freebsd ]

[Joeri Vanthienen]

I'm running the latest FreeBSD 10.0-CURRENT with samba 3.6.5.
I'm sharing some folders from a ZFS file system

properties of the zfs filesystem:
tank/users  aclmode   passthrough  inherited from
tank
tank/users  aclinheritpassthrough  received

When I create a file via a windows client on the shared volume following
ACL is applied:

getfacl New\ Text\ Document.txt
# file: New Text Document.txt
# owner: administrator
# group: domain users
owner@:rw-p--aARWcCo-:--:allow
group@:rw-p--a-R-c---:--:allow
 everyone@:--a-R-c---:--:allow

 ls -l New\ Text\ Document.txt
-rw-rw+ 1 administrator  domain users  0 Jul 24 10:46 New Text
Document.txt

I don't want to see the everyone listed in the ACL ( with following aces:
read attributes, Read extended attrbiutes, Read permissions) on the windows
clients.
Is this " everyone@:--a-R-c---:--:allow" implemented by FreeBSD by
default? Can I filter this or change the default extended attributes? Is
this defined by the the NFSv4 standard?
Default umask on freebsd is 022.
I'm using the zfsacl vfs objects module.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Config doubt

[NdK]

Hello all.

Is it right to have:
idmap backend = tdb
idmap uid = 2000-
idmap gid = 2000-
idmap config PERSONALE:backend = rid
idmap config PERSONALE:base_rid  = 500
idmap config PERSONALE:range = 10 - 4999
idmap config STUDENTI:backend = rid
idmap config STUDENTI:base_rid  = 500
idmap config STUDENTI:range = 5000 - 
in smb.conf to use the given ranges for PERSONALE and STUDENTI,
reserving the (small) range 2000- for every other domain?

I'm only interested in users and groups from the two "big" domains, but
I've had clashes with groups in another domain making "id user.name"
return numeric-only GIDs (since they mapped to two different groups in
two domains).

If it's the wrong solution, which is the right one (except defining a
range for every domain in the forest: I can't do that)?

Tks,
 Diego.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba