Re: [Samba] Does anyone think a mini-Samba server would be useful?
If you've Python there are plenty of webdav options: http://akadav.sourceforge.net/ (under Twisted) and https://code.google.com/p/pywebdav/ seem to be the most mature. Best of luck; Ben On 24 July 2013 20:59, Paul D. DeRocco pdero...@ix.netcom.com wrote: From: Chris Weiss [mailto:cwe...@gmail.com] On Wed, Jul 24, 2013 at 1:19 PM, Paul D. DeRocco pdero...@ix.netcom.com wrote: I wonder if there's a way to build such a mini-Samba out of the existing this is interesting... https://code.google.com/p/impacket/source/browse/#svn%2Ftags%2Fimpacket_0_9_ 10%2Fexamples%2Fsmbserverhttps://code.google.com/p/impacket/source/browse/#svn%2Ftags%2Fimpacket_0_9_10%2Fexamples%2Fsmbserver Yes it is, since Python is already there in both my builds. Thanks. -- Ciao, Paul D. DeRocco Paulmailto:pdero...@ix.netcom.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 PDC to BDC file replication
Without inviting too many anti-CDDL flames; if you have ZFS on Linux working on your samba 4 box, a zfs send and receive should do the job well; preserving all file attributes and only transferring deltas. Plus you get all the usual ZFS benefits (snapshots, copy-on-write, check-summing), assuming you've got the RAM to make it work smoothly. http://zfsonlinux.org/ Has anyone tried this configuration? Ben On 1 March 2013 23:46, Gregory Sloop gr...@sloop.net wrote: Thanks. I asked this a few weeks back and didn't get much response. The half-hearted consensus was that rsync wouldn't do the job. [It seemed to me it should, as long as you're replicating between two DC members, and not to a non DC member. (Because, as I figured it, a non DC member wouldn't have any idea about the users/groups, since it's not replicating and of the DC data, right?)] Glad for any light you can shed - and thanks for letting me know it should work. I'll tinker with it when I'm to that point. -Greg JA On Thu, Feb 28, 2013 at 09:13:39PM -0800, Gregory Sloop wrote: I'm in the same boat, and I'm only aware of two possibilities. 1) Robocopy - using a Windows client. BUT Robocopy doesn't do file deltas - changed files are copied in their entirety. Which isn't a problem if you don't have large files. But if you've got a 10G file that changes often, then this probably isn't the best alternative. 2) http://www.bvckup.com/support/ [Bvckup] This also appears to be a Windows utility, but does handle file delta's. I have never used this tool and so can't vouch for it in any way. If you find a functional solution, that preferably can be used on the two Linux/Samba boxes to do file-deltas and still maintain the permissions - that would be best. One other option that might work: Rsync the data, and use robocopy to simply duplicate the permissions structure. [I believe this is possible.] JA rsync using -A (preserve ACLs) and -X (preserve extended attributes) JA and -o (preserve owner (super-user only)) and -g (preserve group) JA should copy thing perfectly. -- Gregory Sloop, Principal: Sloop Network Computer Consulting Voice: 503.251.0452 x82 EMail: gr...@sloop.net http://www.sloop.net --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and AD sites
Is site support on the road map? Very useful for WAN-connected branch offices with local servers, or doing manual load-balancing with cloud servers. On 21 Sep 2012 07:34, Matthieu Patou m...@samba.org wrote: On 09/19/2012 12:02 PM, Kristofer wrote: I have several Samba 4 AD controllers set up at multiple sites. I set up sites and subnets. We have several /24's at each site, but each site is dedicated a /16, so I set up the Sites Subnets using the /16's. However, when I log into any system that is joined to the AD domain, it is using a DC at a different site. There doesn't seem to be any consistency to it, but it seems that the Sites Subnets are not working correctly. Samba didn't comply too much with sites, it means that it contacts DCs in other sites as if they were in the same site. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] splitting services in samba4
Assuming samba 4 supports them, watch out for your FSMO roles; each role will be specific to one server in the domain. Recovering from the loss of a server that currenty owns one or more of the FMSO roles is a little trickier than just booting another peer-DC to handle requests. On Wednesday, 11 July 2012, Gémes Géza wrote: Hi Quinn, Thanks for the quick response. So I guess if you wanted high availability, you would either have to implement a PDC/BDC solution with samba4 or use samba4 on top of a corosync/pacemaker cluster. Is this correct? br, Quinn On Wed, Jul 11, 2012 at 10:43 AM, Gémes Géza g...@kzsdabas.hu wrote: 2012-07-11 10:27 keltezéssel, Quinn Plattel írta: Question: Right now samba4 is great as in all-in-one solution (samba, kerberos, ldap, dns) into one service. Is it possible to split it up so that for example, I run openldap on one server, kerberos on another server, and then dns/samba on a third server? br, Quinn Short answer: NO Longer: Windows clients expect kerberos, ldap and samba rpc+filesharing services on the same host, so if you need AD functionality you couldn't separate them. They also expect a schema (the AD schema) which is incompatible with OpenLDAP. Regards Geza The multiple AD DC (in active directory every (non readonly) DC is a sort of PDC) is the tried and recommended method (even by M$) Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Netbios over VPN
Additionally on Sebastian's point: http://openvpn.net/index.php/open-source/faq/75-general/293-what-is-the-principle-behind-openvpn-tunnels.html People who are running applications that need the special features of ethernet (which won't work on an IP-only network) will often bridge their physical local ethernet with a tap device (using a utility such as brctl on Linux), then VPN the tap device to another similar setup at the other end. This allows OpenVPN to route ethernet broadcasts and non-IP protocols such as Windows NetBios over the VPN... -Ben. On 8 July 2012 23:27, Bob Miller b...@computerisms.ca wrote: Hello, I believe you can use WINS to solve this problem. It's been a while, my neurons may be rusty, but I had a similar set up using openswan. I believe winbind will do what you want; configure samba to use winbind and your road warriors with that as their wins server. If I remember correctly, the road warriors will register with the winbind server, then everyone on the network configured to use the winbind server should be able to find them... Check here for better information (or at least a place to start): http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2585378 On Thu, 2012-07-05 at 10:30 -0400, Andrew Mark wrote: I am attempting to utilize BackupPC on a Fedora 14 server to backup a remote client. As I understand, it's primary mechanism for finding clients is performing a nmblookup clientname This works fine for computers connected to the local network. My issue is extending ?Samba's? search to encompass our other network - the point-to-point VPNs Using OpenVPN, we have a number of road warriors who connect their VPN to gain access to the samba server. Each has a unique static IP address in the 10.30.251 range and when connected, I can find them but not samba i.e. # ping john_laptop --- john.inspirah.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 9.900/14.764/24.388/6.805 ms # nmblookup john_laptop querying john_laptop on 127.255.255.255 querying john_laptop on 10.30.7.255 name_query failed to find name john_laptop How to I configure Samba or whatever Linux service is necessary to query the 10.30.251.255 network as well -- Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3fs vs. zfs
Seconded (thirded? fourthed?) On 4 July 2012 05:40, Jeremy Allison j...@samba.org wrote: On Wed, Jul 04, 2012 at 04:32:16PM +1200, Jason Haar wrote: On 04/07/12 02:11, Luiz Gustavo dos S. Costa wrote: Hi all.. Is possible use the s3fs with ZFS (freebsd) ? how ? Is the Samba team aware there is already a s3fs system out there? A fuse filesystem to the Amazon S3 buckets. I must say I have been quite confused reading this thread due to this ;-) Oh yeah, we really should change what we call it :-). Sorry. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, and folder redirection (to MS-Server or samba/linux) is considered to be best-practice in every microsoft house I've ever come across. No-one uses roaming profiles without it, unless all their workstations are wired with 10GB ethernet to the most over-spec'd server I've ever seen, or their users don't actually roam more than once every six months... On 28 June 2012 20:09, Ben Metcalfe bwmetca...@gmail.com wrote: Here's a decent summary of roaming profiles on the latest windows iterations. http://technet.microsoft.com/en-us/library/hh848267 Branche cache may also be relevant: http://technet.microsoft.com/en-us/library/hh831696 WIthout the original windows admin here to query its difficult to be sure, but he might well have been talking about having offline files enabled on redirected folders attached to roaming profiles, which will display an rsync-like behaviour when reconnected. Offline files works on my illumos-based ZFS/samba NAS (the last time I checked) indistinguishably from the way it does against microsoft smb shares though, so I can't see any reason why it shouldn't work on linux samba... or maybe I'm not testing it rigourously. http://windowsteamblog.com/windows/b/springboard/archive/2010/04/19/understanding-user-state-virtualization-improvements-in-windows-7.aspx Here's an old (but still applicable?) HOWTO for enabling Vista's specific offline files efficiently against samba/linux: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx YMMV on Windows 7 and 8. On 28 June 2012 16:26, Chris Weiss cwe...@gmail.com wrote: On Thu, Jun 28, 2012 at 10:19 AM, Dave Ewart da...@ceu.ox.ac.uk wrote: On Thursday, 28.06.2012 at 11:07 -0400, Steve Thompson wrote: On Thu, 28 Jun 2012, Todor Fassl wrote: Our Windows guy insists samba is slow but I don't believe it. He claims that when you load a roamng profile, Windows downloads only files that have changed and samba downloads everything. But he doesn't know anything about samba and I don't know where he got that from. However native speed won't be important if, under Samba, a full roaming profile is downloaded on each login whereas under Windows an rsync-like action takes place to only download minimal changes. I don't know whether that's the case or not, whether it's configurable behaviour under either Samba or Windows Server, but it's certainly an interesting point. is it possible that unix file timestamps having a greater precision than ntfs is causing windows to see a change? I know rsync has an option to combat this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
...and apologies for doing the reply to sender/reply to list thing as well. :) On 28 June 2012 20:15, Ben Metcalfe bwmetca...@gmail.com wrote: That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, and folder redirection (to MS-Server or samba/linux) is considered to be best-practice in every microsoft house I've ever come across. No-one uses roaming profiles without it, unless all their workstations are wired with 10GB ethernet to the most over-spec'd server I've ever seen, or their users don't actually roam more than once every six months... On 28 June 2012 20:09, Ben Metcalfe bwmetca...@gmail.com wrote: Here's a decent summary of roaming profiles on the latest windows iterations. http://technet.microsoft.com/en-us/library/hh848267 Branche cache may also be relevant: http://technet.microsoft.com/en-us/library/hh831696 WIthout the original windows admin here to query its difficult to be sure, but he might well have been talking about having offline files enabled on redirected folders attached to roaming profiles, which will display an rsync-like behaviour when reconnected. Offline files works on my illumos-based ZFS/samba NAS (the last time I checked) indistinguishably from the way it does against microsoft smb shares though, so I can't see any reason why it shouldn't work on linux samba... or maybe I'm not testing it rigourously. http://windowsteamblog.com/windows/b/springboard/archive/2010/04/19/understanding-user-state-virtualization-improvements-in-windows-7.aspx Here's an old (but still applicable?) HOWTO for enabling Vista's specific offline files efficiently against samba/linux: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx YMMV on Windows 7 and 8. On 28 June 2012 16:26, Chris Weiss cwe...@gmail.com wrote: On Thu, Jun 28, 2012 at 10:19 AM, Dave Ewart da...@ceu.ox.ac.uk wrote: On Thursday, 28.06.2012 at 11:07 -0400, Steve Thompson wrote: On Thu, 28 Jun 2012, Todor Fassl wrote: Our Windows guy insists samba is slow but I don't believe it. He claims that when you load a roamng profile, Windows downloads only files that have changed and samba downloads everything. But he doesn't know anything about samba and I don't know where he got that from. However native speed won't be important if, under Samba, a full roaming profile is downloaded on each login whereas under Windows an rsync-like action takes place to only download minimal changes. I don't know whether that's the case or not, whether it's configurable behaviour under either Samba or Windows Server, but it's certainly an interesting point. is it possible that unix file timestamps having a greater precision than ntfs is causing windows to see a change? I know rsync has an option to combat this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] speed of samba vs Windows
Well, that is not going to happen. Needs to happen for stuff to work right. Vista and Windows 7 needs to be told how to handle time stamps on Samba shares or data gets copied twice *needlessly* during the logon process. Setting up the correct registry entry *RoundUpWriteTimeOnSync* in some very simple group policy should be trivial for your windows guy and roughly double your logon speed. You all win, and he won't have broken anything. He can follow a microsoft approved technique from technet.com: http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx or just ask him to search as follows: https://www.google.co.uk/search?q=RoundUpWriteTimeOnSync and he'll be convinced. On 28 June 2012 21:08, Todor Fassl fassl@gmail.com wrote: From: Ben Metcalfe bwmetca...@gmail.com To: samba@lists.samba.org Sent: Thursday, June 28, 2012 2:24 PM Subject: Re: [Samba] speed of samba vs Windows On 28 June 2012 20:15, Ben Metcalfe bwmetca...@gmail.com wrote: That's the point. I am pushing the idea that our problem is not using folder redirection and the Windows guy is pushing the idea that its samba itself. Spot-on. Your windows guy just needs to implement a few AD registry tweaks (see below etc) to get things working sweetly, Well, that is not going to happen. Eh -- maybe if I can persuade the boss. But I think if this is going to get fixed, I am going to have to fix it myself. But that is probably fair because I think I probably messed it up. I believe folder redirection was working at one time under my predecessor. I believe I messed it up when I built a new file server. I have a vague memory of choosing to not copy some files in the root of the netlogon share over to the new server not knowing what they were for. My predecessor left a lot of stuff just lying around. I mean, who doesn't? So I thought they were extraneous and when the domain seemed to work find for a few months, I figured it was okay to reformat the hard drive on the old server. We are just now making the switch from XP to Win7. I understand that XP and Win7 profiles are not compatible. If we have to have our Windows users (and there aren't that many) create new profiles, maybe I can make sure they get created with full folder redirection implemented. Even if we have to migrate the profiles (and I have no idea oif that is even possible) maybe we can also add the appropriate registry keys. I already know way more than I want to about Windows systems admin. Guess I'll have to learn about setting registry keys and default user profiles, etc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
Indeed. No need to guess or waste time. Pinpoint the exact file and process / network transaction with pSexec and process monitor. HOWTO: http://blogs.technet.com/b/markrussinovich/archive/2010/01/13/3305263.aspx On Thursday, 17 May 2012, Cain, Marc wrote: On May 12, 2012, at 1:12 PM, steve wrote: On 05/12/2012 09:57 PM, Jorell wrote: On 5/12/2012 8:54 AM, John Drescher wrote: On Sat, May 12, 2012 at 11:47 AM, Christian Meierch2...@arcor.de wrote: Hi, we're using Samba 3.5.6 (Debian). Windows 7 clients often create new roaming profiles for existing users for no identifiable reason. Windows XP isn't affected. the end. Is this a known problem? I have never ever had that happen in the 2+ years I had windows 7 machines on my samba based domain. John When Windows 7 creates the new profile is it creating %USERNAME%.V2? Hi Yes. That's what we observe. xp creates %USERNAME% and win7 creates the same but with .V2 at the end. They are _extremely_ permission sensitive folders. win7 seems unable to load the profile from the server if the hive at NTUSER.DAT has been changed, e.g. even simply moved from one place to another. One workaround we use is to put the profile in the home folder of the user. Then it always seem to work. HTH Steve The creation of a new profile with a .V2 extension is is a Windows 7 feature that prevents Windows 7 from overwriting incompatible settings in earlier Windows profile versions. Windows user profile folders need full permissions for the user and ownership by user. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 often creates new user profiles
There's a thread here: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/a9ef96fb-1e20-469c-b1ea-306846f46181 ...that implicates the winlogon process, and indicates a few possible fixes and troubleshooting options. Aside from the ideas mentioned, I've had good results in similar situations logging access/activity with Mark Russinovich's (sysinternals) Process Monitor and ADinsight: http://technet.microsoft.com/en-us/sysinternals/bb897539 Best of luck. On 14 May 2012 13:54, Donny Brooks dbro...@mdah.state.ms.us wrote: On Saturday, May 12, 2012 04:48 PM CDT, Christian Meier ch2...@arcor.de wrote: On Sat, 12 May 2012 17:47:02 +0200 Christian Meier ch2...@arcor.de wrote: Windows 7 clients often create new roaming profiles for existing users for no identifiable reason. Windows XP isn't affected. Some reasons for this behavior I googled: 1. insufficient permissions for profile-folder 2. trust relationship between this workstation and the primary domain failed. -- dis-join and rejoin the workstation 3. .bak is appended in registry at HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT\CurrentVersion\ProfileList. Remove the other SIDs and the .bak extension. 4. do not use roaming profiles. (But there are other problems with folder redirection [1].) [1] http://wiki.samba.org/index.php/Samba__Windows_Profiles#Folder_Redirection -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba We too have seen this behavior but only on one of our pc's. It is not the server side that gets the rename as someone else mentioned but rather on the PC side. If you look in C:\Users\ you will see: username username.DOMAIN username.DOMAIN.000 username.DOMAIN.001 username.DOMAIN.002 etc The profile seems to be pulling/writing to the server just fine. We have tried removing all the entries in the registry for all users on the machine except the local administrator one, removing/rejoining the pc to the domain, and double checking permissions all to no avail. It will do right for a few weeks and then it will start doing the multiple profiles again. To this date we have not found a way to fix the issue. -- Donny B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
There's a thread here: https://github.com/zfsonlinux/zfs/issues/170 (I'm posting as *fireappleblackhttps://github.com/fireappleblack )* ...Which implies that the hold-up (from a zfs-linux perspective) is the lack of richacls support in the mainstream kernel at the moment. (E.g. OpenSuse supports richacls out of the box, few other distros have included the patches yet). Richacls should neatly sidestep the CDDL/GPL problem. Im still trying to fully understand the break(s) in the chain between non-solaris/illumos Samba/CIFS and ZFS. Getting there slowly. My medium term aim is a linux-based appliance that'll run on generic hardware (even more generic than Illumos allows) with a ZFS filestore and AD domain controller functionality, without having to do heavy duty virtualisation and run disparate environment (e.g. running a linux Samba 4 DC as a KVM DomU under an Openindiana Dom0; way too complex). On 1 May 2012 04:06, Jeremy Allison j...@samba.org wrote: On Mon, Apr 30, 2012 at 12:44:25PM +0100, Ben Metcalfe wrote: Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Yeah, that should work. Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. What API's does ZFS-Linux have to access the ZFS ACLs ? None, I'd bet :-(. Which unfortunately makes transparent support quite hard. Plus there's the whole CDDL vs GPL licensing thing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. (Note to mod: now emailing via newly-subscribed email address instead of the old +addressed one). On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*The data area passed to a system call is too small*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same broken folder to an EXT4 file system via the server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ‘O:S-1-5-21-1345677-x-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
‘O:S-1-5-21-1345677-x-2594716733-500G..etc’ /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Samba is running in stdout debug more: sudo /usr/local/samba/sbin/samba -i
-M single and throws no errors during the course of the problem.
I've set the zpool's aclinherit flag to =passthrough with no difference
detected in the behaviour.
I'll try on another samba 3 + zfs machine tomorrow to see if I can
replicate this.
Any ideas welcome in the mean time (I *should* be able to alter permissions
on Samba 4 shares from XP Pro; don't need Windows 7 to administer?).
Thanks,
Ben.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
