Previous Versions in SAMBA with shadow_copy2 and ZFS snapsho

Sebulon

Sebulon

Hi,

This has to be my third or fourth time banging my head against this particular wall, but is something so great to have, so I´m willing to keep banging until I manage to break through:)

I´ve read through numerous threads like this one:
Samba 3.6 and Volume Shadow Copy/Previous Versions with ZFS

I have a similar setup copied all configurations, settings etc. but I cannot get it to work. Please look through this to see if I´ve missed something really obvoius.

FreeBSD 9.0-RELEASE-p4
samba36-3.6.7

Code: 
# zfs get -r aclmode,aclinherit pool2/storage | grep -v GMT
NAME                                            PROPERTY    VALUE          SOURCE
pool2/storage                                   aclmode     passthrough    local
pool2/storage                                   aclinherit  passthrough    local
pool2/storage/home                              aclmode     passthrough    inherited from pool2/storage
pool2/storage/home                              aclinherit  passthrough    inherited from pool2/storage
pool2/storage/netlogon                          aclmode     passthrough    inherited from pool2/storage
pool2/storage/netlogon                          aclinherit  passthrough    inherited from pool2/storage
pool2/storage/profile                           aclmode     passthrough    inherited from pool2/storage
pool2/storage/profile                           aclinherit  passthrough    inherited from pool2/storage
# zfs list -t snapshot
NAME                                                USED  AVAIL  REFER  MOUNTPOINT
...
pool2/storage@GMT-2012.09.27-08.21.15               0      -   298K  -
pool2/storage@GMT-2012.09.27-08.21.35               0      -   298K  -
pool2/storage@GMT-2012.09.27-08.21.55               0      -   298K  -
pool2/storage@GMT-2012.09.27-08.22.05               0      -   298K  -
pool2/storage/home@GMT-2012.09.27-08.21.15       156K      -   256K  -
pool2/storage/home@GMT-2012.09.27-08.21.35          0      -   270K  -
pool2/storage/home@GMT-2012.09.27-08.21.55          0      -   270K  -
pool2/storage/home@GMT-2012.09.27-08.22.05          0      -   270K  -
pool2/storage/netlogon@GMT-2012.09.27-08.21.15      0      -   256K  -
pool2/storage/netlogon@GMT-2012.09.27-08.21.35      0      -   256K  -
pool2/storage/netlogon@GMT-2012.09.27-08.21.55      0      -   270K  -
pool2/storage/netlogon@GMT-2012.09.27-08.22.05      0      -   270K  -
pool2/storage/profile@GMT-2012.09.27-08.21.15       0      -   256K  -
pool2/storage/profile@GMT-2012.09.27-08.21.35       0      -   256K  -
pool2/storage/profile@GMT-2012.09.27-08.21.55       0      -   256K  -
pool2/storage/profile@GMT-2012.09.27-08.22.05       0      -   270K  -
# df -h
...
pool2/storage                                      10T    312k     10T     0%    /export/storage
pool2/storage/home                                 10T    269k     10T     0%    /export/storage/home
pool2/storage/netlogon                             10T    269k     10T     0%    /export/storage/netlogon
pool2/storage/profile                              10T    269k     10T     0%    /export/storage/profile
[CMD="#"]ls -lah /export/storage/[/CMD]
drwxrwxrwx+ 3 root  wheel        3B Sep 27 08:21 home
drwxrwxrwx+ 3 root  wheel        3B Sep 27 08:21 netlogon
drwxrwxrwx+ 3 root  wheel        3B Sep 27 08:22 profile
# getfacl /export/storage/*
# file: /export/storage/home
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:rwxpDdaARWcCos:fd----:allow

# file: /export/storage/netlogon
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:rwxpDdaARWcCos:fd----:allow

# file: /export/storage/profile
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:rwxpDdaARWcCos:fd----:allow
Now, those are not what I would call good access permissions, but set for excluding access permissions as a source of failure.


/usr/local/etc/smb.conf
Code: 
[global]

        max protocol = SMB2
        server string = %h server (Samba, FreeBSD)
        security = ads
        realm = DOMAIN.SOMETHING.SE
        workgroup = DOMAIN
        idmap config * : backend = tdb
        idmap config * : range   = 10000 - 1000000
        winbind enum users = yes
        winbind enum groups = yes
        winbind nested groups = yes
        winbind separator = .
        winbind offline logon = true
        winbind expand groups = 10
        template homedir = /usr/home/%U
        template shell = /usr/local/bin/bash
        username map = /usr/local/etc/samba/usermap
        log level = 10
        log file = /var/log/samba/samba.log
        max log size = 1024000
        syslog = 0
        enable core files = no

        netbios name = FILESERVER
        interfaces = xxx.xxx.xxx.xxx/24

	unix extensions = no
	follow symlinks = yes
	wide links = yes
	nt acl support = yes
	map acl inherit = yes
	inherit acls = yes
	inherit permissions = yes
	inherit owner = no
	ea support = yes
	store dos attributes = yes
	map hidden = no
	map system = no
	map archive = no
	case sensitive = no


[netlogon$]
	comment = Network Logon Service
	path = /export/storage/netlogon
	guest ok = yes
	writable = yes
	vfs objects = zfsacl, shadow_copy2
	nfs4:acedup = merge
	nfs4:mode = special
	nfs4:chown = yes
	shadow: format = GMT-%Y.%m.%d-%H.%M.%S
	shadow: sort = desc
	shadow: snapdir = .zfs/snapshot

[home$]
	comment = Network Home Directory
	path = /export/storage/home
	writable = yes
	valid users = %U
	vfs objects = zfsacl, shadow_copy2
	nfs4:acedup = merge
	nfs4:mode = special
	nfs4:chown = yes
	shadow: format = GMT-%Y.%m.%d-%H.%M.%S
	shadow: sort = desc
	shadow: snapdir = .zfs/snapshot

[profile$]
	comment = Network Profile Directory
	path = /export/storage/profile
	writeable = yes
	csc policy = disable
	valid users = %U @"Domain Admins"
	vfs objects = zfsacl
	nfs4:acedup = merge
	nfs4:mode = special
	nfs4:chown = yes

Log level 10 makes the server waaay slower but needed to see any information at all regarding shadow_copy2.

When I map either home$ or netlogon$, I right-click the share or any of the subfolders, choose Properties and click on "Previous Versions" it replies "There are no previous versions available". During this time, I am tailing samba.log like:
# tail -f /var/log/samba/samba.log | egrep '(copy2|2012.09.27-08.21.15|2012.09.27-08.21.35|2012.09.27-08.21.55|2012.09.27-08.22.05)'
To catch anything useful, and this is what I get back:
shadow_copy2.log
Code: 
...
[2012/09/27 09:18:10.513795,  6] modules/vfs_shadow_copy2.c:495(convert_shadow2_name)
  convert_shadow2_name: '@GMT-2012.09.27-08.22.05/test1' -> '/export/storage/home/.zfs/snapshot/GMT-2012.09.27-08.22.05/test1'
  open_file_ntcreate: fname=@GMT-2012.09.27-08.22.05/test1, after mapping access_mask=0x80
  grant_fsp_oplock_type: oplock type 0x0 on file @GMT-2012.09.27-08.22.05/test1
  acl(ACE_GETACLCNT, @GMT-2012.09.27-08.22.05/test1): No such file or directory smbd_check_open_rights: Could not get acl on @GMT-2012.09.27-08.22.05/test1: NT_STATUS_OBJECT_NAME_NOT_FOUND
  open_file: smbd_check_open_rights on file @GMT-2012.09.27-08.22.05/test1 returned NT_STATUS_OBJECT_NAME_NOT_FOUND


On a sidenote that I don´t know if it matters, is that I can´t browse the ".zfs/snapshot"-folder mapped in Windows with Explorer, but it works with smbclient in a terminal, or mapped as a SMB share in my Mac with Finder.

I have tried with snapdir=hidden,visible; didn´t make a difference. I have tried with/without the patch mentioned in the linked thread at the top, that didn´t make any difference either.

Suggestions anyone?

/Sebulon
 
@drumgeek

You know man, I so funking love you right now, words just can´t express it. Yes, that was it; SMB2. I removed it and low and behold, there they were!

And to think that you register and make your first post a real life-saver! I see greatness in your future:)

/Sebulon
 
Big update to this topic, I managed to figure out how to get the best of both worlds; SMB2 and Previous Versions working at the same time! The solution is perhaps the silliest yet but here goes:

Not Working
/usr/local/etc/smb.conf
Code: 
[Global]
    ...
    max protocol = SMB2
    ...

[share]
    ...
    vfs objects = zfsacl, shadow_copy2
    nfs4:acedup = merge
    nfs4:mode = special
    nfs4:chown = yes
    shadow: format = auto-%Y-%m-%d_%H.%M.%S--28d
    shadow: sort = desc
    shadow: snapdir = .zfs/snapshot
    ...

Working
/usr/local/etc/smb.conf
Code: 
[Global]
    ...
    max protocol = SMB2
    ...

[share]
    ...
    vfs objects = shadow_copy2, zfsacl
    shadow: format = auto-%Y-%m-%d_%H.%M.%S--28d
    shadow: sort = desc
    shadow: snapdir = .zfs/snapshot
    nfs4:acedup = merge
    nfs4:mode = special
    nfs4:chown = yes
    ...

Notice that the only difference there is the order of the two modules, and their associated options. This was done on a machine running samba-3.6.12, and have also tried doing the exact same changes working in effect on another machine running an older samba-3.6.9. But since this is currently "Works for meâ„¢", I would really appreciate if anyone else tries this out, that you report back here regardless of whether it worked or not.

/Sebulon
 
Re: Previous Versions in SAMBA with shadow_copy2 and ZFS sna

Didn't work for me

Code: 
[Share]
  comment     = Some Storage
  path        = /mnt/Share
  guest ok    = No
  read only   = No
  valid users = @mygroup
  force group = mygroup
  vfs objects = shadow_copy2, zfsacl, streams_xattr, recycle
  shadow:format  = @GMT-%Y.%m.%d-%H.%M.%S
  shadow:sort    = desc
  shadow:snapdir = .zfs/snapshot
  zfsacl:acesort = dontcare
  nfs4:mode      = special
  nfs4:acedup    = merge
  nfs4:chown     = yes
  recycle:repository     = /mnt/Share/.Trashes
  recycle:directory_mode = 0770
  recycle:keeptree       = Yes
  recycle:versions       = Yes
  recycle:touch          = Yes
  recycle:touch_mtime    = No
  recycle:exclude        = ?~$*,~$*,._*,.smbdelete*

... I still don't see any versions in my windows properties of the Network share neither in the properties of a folder within the "Share". I tried
Code: 
zfs set snapdir=hidden zStar
# as well as
zfs set snapdir=visible zStar
... but either way I can't access it through windows browser like \\192.168.10.50\Share\.zfs\
 
Re: Previous Versions in SAMBA with shadow_copy2 and ZFS sna

Hi @Leander!

Yes, it´s broken again :( But we´ve at least managed to bug report it:
https://bugzilla.samba.org/show_bug.cgi?id=10395

Note that changing from SMB2 to NT1 makes the previous versions reappear, except that SMB2 is something we really want/need to have so... :(

Oh and no, "you" can´t access the .zfs/snapshots "folder" that way, only root can. Then you´d have to set up one share to access one specific snapshot, like:
Code: 
[Share-Snapshot-GMT-2014.08.27-13.37.00]
  comment     = Some Storage snapshot from 2014.08.27-13.37.00
  path        = /mnt/Share/.zfs/snapshot/GMT-2014.08.27-13.37.00/
  guest ok    = No
  read only   = Yes
  valid users = @mygroup
  force group = mygroup

But what a hassle that´d be...

/Sebulon
 
Last edited by a moderator:
Re: Previous Versions in SAMBA with shadow_copy2 and ZFS sna

Big update #2 !

Apparently, this has been fixed in net/samba41. Only consideration is to make sure to preserve the id mapping when going from 3.6 to 4.1. Here´s how:

Code: 
# net idmap dump > /root/idmap.out
# service samba stop
# pkg delete -y samba36
# pkg install -y samba41
# pkg upgrade -y
# sed -i '' 's/samba_enable="YES"/samba_server_enable="YES"/' /etc/rc.conf
# cd /usr/local/etc/
# ln -s smb.conf smb4.conf
# testparm
(Check the settings, in case it whines about anything)

# net ads join -U <username>
(To rejoin the machine to the domain)

# net idmap restore < /root/idmap.out
# service samba_server start

/Sebulon
 
You must log in or register to reply here.
Back
Top