Edouard Guigné
2019-Apr-10 15:08 UTC
[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
Hello Rowland, Yes, this is an Unix Domain member. Below, my smb.conf : [global] security = ads realm = IPGAD.MYDOMAIN.FR workgroup = IPGAD kerberos method = secrets and keytab server signing = mandatory client signing = mandatory client use spnego = yes hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X. hosts deny = 10.9.X. 10.9.X. log file = /var/log/samba/%m.log max log size = 5000 log level = 10 local master = no domain master = no preferred master = no wins support = no wins proxy = no dns proxy = yes name resolve order = wins bcast host lmhosts use sendfile = true encrypt passwords = yes load printers = no cups options = raw printcap name = /dev/null disable spoolss = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes idmap config * : backend = tdb idmap config * : range = 15000-99999 winbind nss info = rfc2307 idmap config IPGAD : backend = ad idmap config IPGAD : schema_mode = rfc2307 idmap config IPGAD : range = 1-14999 idmap config IPGAD : unix_nss_info = yes idmap config IPGAD : unix_primary_group = yes client min protocol = SMB2 client max protocol = SMB3 #[myshare] [groups] comment = jaguar2 path = /var/datashared public = no writable = yes guest ok = no valid users = @"utilisateurs du domaine at IPGAD.MYDOMAIN.FR" # SHADOW COPY vfs objects = acl_xattr streams_xattr shadow_copy2 shadow:snapdir = /data/datashared/snapshots shadow:basedir = /var/datashared shadow:sort = desc shadow:localtime = yes [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 valid users = @"utilisateurs du domaine at IPGAD.MYDOMAIN.FR" path = /home hide files = /~*.tmp/profile/desktop.ini/~$*/ browseable = no public = no guest ok = no [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = root create mask = 0664 directory mask = 0775 EdG -------- Message transféré -------- Sujet : Re: [Samba] Ressources needed (cpus, ram, etc.) for a Samba server Date : Wed, 10 Apr 2019 15:53:00 +0100 De : Rowland Penny via samba <samba at lists.samba.org> Répondre à : Rowland Penny <rpenny at samba.org> Pour : samba at lists.samba.org On Wed, 10 Apr 2019 10:43:34 -0300 Edouard Guigné via samba <samba at lists.samba.org> wrote:> Dear Samba Users, > > I am preparing a Samba box as standalone server (only files server, > centos 7). > > This Samba box is a domain member server, and is dedicaded to serve > files to about 80 domain users.Which is it, a standalone server or a Unix domain member, it cannot be both ;-)> > I am wondering if there are some special requirements for this > purpose in terms of CPUs, Memory ?This is easy, the biggest most powerful CPU possible, as much memory as possible and the biggest HD possible ;-)> The Samba box is a Vmware virtual machine, so I can easely configure > this.To be honest, it all depends on the number of users and just how they are going to use the Samba machine.> > I noticed also in some Samba configurations, parameter socket options > is set with TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819 > Does it worth still setting this parameter on recent linux system ? > According to the wiki > https://wiki.samba.org/index.php/Performance_Tuning : "The Samba team > highly-recommends not setting the parameters described in this > section without understanding the technical background and knowing > the consequences. In most environments, setting these parameters or > changing the defaults decreases the Samba network performance."The kernel has got a lot smarter and you should probably just leave it up to it. It might help if you could post your proposed smb.conf, we could then point out any problems or suggest improvements. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2019-Apr-10 15:38 UTC
[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
On Wed, 10 Apr 2019 12:08:55 -0300 Edouard Guigné via samba <samba at lists.samba.org> wrote:> Hello Rowland, > > Yes, this is an Unix Domain member. > > Below, my smb.conf : > > [global] > security = ads > realm = IPGAD.MYDOMAIN.FR > workgroup = IPGAD > kerberos method = secrets and keytab > server signing = mandatory > client signing = mandatory > hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X. > hosts deny = 10.9.X. 10.9.X. > > log file = /var/log/samba/%m.log > max log size = 5000 > > log level = 10 > local master = no > domain master = no > preferred master = no > use sendfile = true > load printers = no > cups options = raw > printcap name = /dev/null > > disable spoolss = yes > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > idmap config * : backend = tdb > idmap config * : range = 15000-99999 > > winbind nss info = rfc2307 > idmap config IPGAD : backend = ad > idmap config IPGAD : schema_mode = rfc2307 > idmap config IPGAD : range = 1-14999 > idmap config IPGAD : unix_nss_info = yes > idmap config IPGAD : unix_primary_group = yes > > client min protocol = SMB2I have removed all the default lines, but just a couple of questions about [global]: Why have you set the log level to 10 ? this will swamp your logfile. Is there some reason why you have started the 'IPGAD' range at '1' ? The normal practise is at '10000', also using '1' means that you should move everything from /etc/passwd and /etc/group into AD, or to put it another way, this is a stupid range. You are also using the winbind 'ad' backend, so have you added anything to AD ? Have you read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member and this: https://wiki.samba.org/index.php/Idmap_config_ad> > #[myshare] > [groups] > comment = jaguar2 > path = /var/datashared > public = no > writable = yes > guest ok = noInteresting fact: 'public' is a synonym for 'guest ok', so you don't need both and the default for 'guest ok' is 'no', so you don't really need either. Rowland
Edouard Guigné
2019-Apr-10 16:14 UTC
[Samba] Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
Log level to 10 was for debug reasons, I can now surely set to 1 now. Concerning idmap config IPGAD, I don't see why is the reason to start at 1... I will set to 10000 as according to the documentation, thank you. What do you mean by " You are also using the winbind 'ad' backend, so have you added anything to AD ? " ? Le 10/04/2019 à 12:38, Rowland Penny via samba a écrit :> On Wed, 10 Apr 2019 12:08:55 -0300 > Edouard Guigné via samba <samba at lists.samba.org> wrote: > >> Hello Rowland, >> >> Yes, this is an Unix Domain member. >> >> Below, my smb.conf : >> >> [global] >> security = ads >> realm = IPGAD.MYDOMAIN.FR >> workgroup = IPGAD >> kerberos method = secrets and keytab >> server signing = mandatory >> client signing = mandatory >> hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X. >> hosts deny = 10.9.X. 10.9.X. >> >> log file = /var/log/samba/%m.log >> max log size = 5000 >> >> log level = 10 >> local master = no >> domain master = no >> preferred master = no >> use sendfile = true >> load printers = no >> cups options = raw >> printcap name = /dev/null >> >> disable spoolss = yes >> >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> >> idmap config * : backend = tdb >> idmap config * : range = 15000-99999 >> >> winbind nss info = rfc2307 >> idmap config IPGAD : backend = ad >> idmap config IPGAD : schema_mode = rfc2307 >> idmap config IPGAD : range = 1-14999 >> idmap config IPGAD : unix_nss_info = yes >> idmap config IPGAD : unix_primary_group = yes >> >> client min protocol = SMB2 > I have removed all the default lines, but just a couple of questions > about [global]: > > Why have you set the log level to 10 ? this will swamp your logfile. > Is there some reason why you have started the 'IPGAD' range at '1' ? > The normal practise is at '10000', also using '1' means that you > should move everything from /etc/passwd and /etc/group into AD, or to > put it another way, this is a stupid range. > You are also using the winbind 'ad' backend, so have you added > anything to AD ? > Have you read this: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > and this: > > https://wiki.samba.org/index.php/Idmap_config_ad > >> #[myshare] >> [groups] >> comment = jaguar2 >> path = /var/datashared >> public = no >> writable = yes >> guest ok = no > Interesting fact: 'public' is a synonym for 'guest ok', so you don't > need both and the default for 'guest ok' is 'no', so you don't really > need either. > > Rowland > >
Reasonably Related Threads
- Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
- Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
- Ressources needed (cpus, ram, etc.) for a Samba server
- Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server
- Fwd: Re: Fwd: Extended acls with AD - problem with default/herited permissions