Samba4, zfs, nfsv4 rights problem

Sebulon

Aspiring Daemon

Thanks: 128
Messages: 709

#26
von_Gaden said:
What are the benefits from such separation?
I have many other VM's that run different things, like one for poudriere build server, puppetmaster, upnp media server, transmission server, mail, plus the storage that serves them (and physical clients) with NFS, SMB, AFP, iSCSI, and I really wanted to better define what resource was malfunctioning, in case something was wrong. More like the UNIX philosophy "do one thing and do it well". For the DC it was mostly because I already tried it on ZFS, felt that the provision was a little bit trickier and wanted to deploy it on dumb-old UFS instead (it´s all stored on ZFS anyway), and had no problems with it.

Then again, I´ve also added layers of complexity to it, so net sum is probably the same in the end :)

/Sebulon
 

Sebulon

Aspiring Daemon

Thanks: 128
Messages: 709

#28
von_Gaden said:
Can you "see" your AD DC on the network by browsing it from Windows workstations / domain members? If you can how did you achieved that? Do you build Samba with Avahi or Bonjour?
What DNS do you use - Samba internal, dns/bind98, dns/bind99 or dns/bind910?
The seeing you´re referring to, du you mean like, if the machines show up under "Network" in an explorer window? If yes, then no, they don´t, none of them do. But if I type in e.g. "\\dc" and hit enter, it connects and I can see sysvol and so on. All clients´s (physical and virtual) MAC addresses are registered to an IP in my DHCP, all clients use DHCP and all IP's are registered in SAMBA´s DNS. DHCP also sets the "search" parameter in client´s DNS settings, so I can type "dc" instead of "dc.foo.bar".

I chose SAMBA_INTERNAL for DNS, less fuss to set up. Here´s the options I use for net/samba41:
Code:
# This file is auto-generated by 'make config'.
# Options for samba41-4.1.7

_OPTIONS_READ=samba41-4.1.7
_FILE_COMPLETE_OPTIONS_LIST=ACL_SUPPORT ADS AIO_SUPPORT CUPS DEBUG DEVELOPER DNSUPDATE EXP_MODULES FAM_SUPPORT LDAP MANPAGES PAM_SMBPASS PTHREADPOOL QUOTAS SYSLOG UTMP NSUPDATE BIND98 BIND99 AVAHI MDNSRESPONDER
OPTIONS_FILE_SET+=ACL_SUPPORT
OPTIONS_FILE_SET+=ADS
OPTIONS_FILE_SET+=AIO_SUPPORT
OPTIONS_FILE_SET+=CUPS
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_UNSET+=DEVELOPER
OPTIONS_FILE_SET+=DNSUPDATE
OPTIONS_FILE_SET+=EXP_MODULES
OPTIONS_FILE_SET+=FAM_SUPPORT
OPTIONS_FILE_SET+=LDAP
OPTIONS_FILE_SET+=MANPAGES
OPTIONS_FILE_SET+=PAM_SMBPASS
OPTIONS_FILE_SET+=PTHREADPOOL
OPTIONS_FILE_SET+=QUOTAS
OPTIONS_FILE_SET+=SYSLOG
OPTIONS_FILE_SET+=UTMP
OPTIONS_FILE_SET+=NSUPDATE
OPTIONS_FILE_UNSET+=BIND98
OPTIONS_FILE_UNSET+=BIND99
OPTIONS_FILE_SET+=AVAHI
OPTIONS_FILE_UNSET+=MDNSRESPONDER
Haven´t configured avahi to broadcast anything though, but I always have these in smb.conf:
Code:
        netbios name = SERVERNAME
        interfaces = XXX.XXX.XXX.XXX/YY
Since nmbd´s running, might as well. HTH!

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

#29
I wanted to come back to this topic, and iI can say iI got it running fairly well! I dumped the idea to first copy ever[yth]ing within freebsd FreeBSD through an NFS server and then giving the right rights to the directory and files through Windows.
First iI make the ZFS (partition) with:
# zfs create -o casesensitivity=insensitive zdata/Special
# zfs set aclinherit=passthrough zdata/Special
# zfs set aclmode=passthrough zdata/Special

And then iI set the right rights to directory and copy with robocopy within Windows, this seems to work well and the rights are transferred correctly with the inherit option.

I only get double file names and directory's. Not always but some, also see this topic:
https://forums.freebsd.org/threads/...e-objects-is-shared-directory-listings.49652/

I also did a full reinstall of FreeBSD and now iI am working with FreeBSD 10.1

All the problems iI had where problems with the Highpoint RocketRAID 2740, Failing hard drives that works good, errors that not existed.... I sent this card back. This surely put a lot of confusion in the mix for me and you guys.
 
Top