Re: [Samba] support for new zfs user/group quotas
Jeremy Allison wrote: On Wed, Nov 11, 2009 at 10:36:39AM -0800, Tom Lieuallen wrote: Are there plans for supporting the user and group quotas that Solaris ZFS now supports as of Solaris 10 11/09? I'm testing with samba 3.3.7, compiled with '--with-quotas' that works with UFS quotas. Windows clients see the overall ZFS file system usage and capacity, not the user's personal usage and space. One can use 'quota -v' to check a user's zfs quota; the same command one uses for UFS quotas. I highly suspect they just changed the quota command to support both and similar changes would be necessary to the quota support in samba. I also tried using the 'get quota command', but it's not working for me. I wonder if it's because samba was compiled with '--with-quotas'. Any ideas? What is the difference in the quota API for ZFS ? We need someone to donate quota supporting code for that API and I'll add it for 3.5.0. Jeremy. I have looked around for the ZFS API, but it appears like Sun hasn't released it; at least not into the wild. Perhaps those in the 'Sun Developer' camp have access to such things. If there is a defined relationship between Sun and samba, perhaps there is a contact that could put this on their todo list or pony up the needed information. Meanwhile, I have submitted a request to Sun, but I wouldn't bet that would come of anything anytime soon. thank you Tom Lieuallen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] support for new zfs user/group quotas
Are there plans for supporting the user and group quotas that Solaris ZFS now supports as of Solaris 10 11/09? I'm testing with samba 3.3.7, compiled with '--with-quotas' that works with UFS quotas. Windows clients see the overall ZFS file system usage and capacity, not the user's personal usage and space. One can use 'quota -v' to check a user's zfs quota; the same command one uses for UFS quotas. I highly suspect they just changed the quota command to support both and similar changes would be necessary to the quota support in samba. I also tried using the 'get quota command', but it's not working for me. I wonder if it's because samba was compiled with '--with-quotas'. Any ideas? thank you Tom Lieuallen Oregon State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] zfs acls and MS office applications
I'm trying to use zfs acls in solaris 10. I've looked at past posts regarding this and some online help, but am stuck. I'm currently using samba 3.3.9; I've had the same problem with 3.3.7. samba is compiled and running as an Active Directory member server (compiled with ldap and kerberos). The zfs disk is local. I'm not using winbind. I compiled with zfsacl module. Permissions appear just fine in solaris. Plus I can read/write with notepad and use other applications such as acrobat. However, Microsoft Office 2007 won't open or save files. I haven't tried other versions of Office; they're not handy. The following is the configuration for the share: [testzfs] comment = test path = /moe2 browseable = true public = false writable = true inherit permissions = yes acl check permissions = False vfs objects = zfsacl inherit acls = yes nfs4: mode = simple nfs4: acedup = merge zfsacl: acesort = dontcare map archive = no map hidden = no map read only = no map system = no The zfs permissions I'm testing look like this. This is for the parent directory; files within have the same permissions (sans the inheritance). moe-lh /moe2/office/student_workers 546# ls -vd . drwxrws---+ 2 toml cefac 5 Oct 20 18:36 ./ 0:group:cefac:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow 1:group:cefac:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 2:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow 3:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 4:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 5:owner@::deny 6:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 7:group@::deny 8:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 9:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 10:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow thank you Tom Lieuallen Oregon State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using winbind to map existing unix to AD users
Andrew Chaplin wrote: idmap backend = nss It took me a while to figure that one out and I only got it after someone posted something on this list that was somewhat related. I'm using it with 3.0.33 included in Solaris 10 and it works like a charm for win clients. OSX clients are a different story due to issues with Finder. This appears to be the right answer for our situation. It didn't work for me with samba 3.3.0, but it did with 3.3.1. thank you Tom Lieuallen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using winbind to map existing unix to AD users
Christian McHugh wrote: On Tuesday 24 February 2009 09:23:57 Tom Lieuallen wrote: It seems winbind is the solution for this, however it seems to want to generate the uids rather than using getpwent to look that up. There are a few different plugins winbind can use to perform the uid<->sid mapping. By default samba uses the tdb mapper which, as you describe, will generate uid maps on the fly. In my environment we have uid/gid info populated in active directory so our samba server is able to use the idmap_ad or idmap_adex modules to lookup uid info from ad. Depending on your environment you may be able to use the idmap_nss or idmap_ldap modules. See the idmap man pages on http://us6.samba.org/samba/docs/man/manpages-3/ Christian McHugh Northern Arizona University I looked at idmap_ldap and idmap_ad, but from the documentation, it seemed that those were just used by winbindd as a central storage mechanism for the mapping. It would obviously use that for looking up maps that it had already defined, however it isn't clear to me how or if that fits in with an existing LDAP or AD account repository. While one would assume those modules would be pretty similar, the little documentation is different. The AD one mentions some schema, but the LDAP doc does not. The AD one says it is read-only, but there is no mention of that with LDAP. The docs make no mention of looking up existing (unix) UIDs. It sounds like winbind still uses the configurable range of available UIDs to generate its own mapping (which it would refer to in the future). Until I see some details, I'm going to assume this will be containerized in LDAP in its own area and not merged in with existing entries. Plus, I still don't see anything to lead me to believe that it will do a getpwent to lookup a UID before randomly choosing a uid from the available range. thanks Tom Lieuallen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] using winbind to map existing unix to AD users
On our campus, we have an AD forest. Our particular department has a number of samba servers that authenticate to one tree of that AD forest. All of our users have accounts in LDAP for unix and AD for windows. We don't want/need winbind for authentication. However, we would like the ability of setting ACLs on the samba server from windows clients. So, I assume I need a mapping of unix uid to AD SID. It seems winbind is the solution for this, however it seems to want to generate the uids rather than using getpwent to look that up. Is there something simple that I'm overlooking? Otherwise, I'm considering using idmap_ldap and pre-filling that ldap directory base with the mappings myself. :-( Perhaps setup winbind with anon bind or something so that it _can't_ add anything itself; just look things up. I also saw one can use a 'net' command to pre-fill gid->sid mappings. That might be nice/easy too, but I don't see anything similar for uid->sid mappings. thank you Tom Lieuallen Oregon State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba