Hi, is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? What is needed e.g. as NFS mount options? Regards Tim
On 15-01-08 10:51 AM, Tim wrote:> Hi, > > is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? > > What is needed e.g. as NFS mount options? > > Regards > Tim >I have tried several times over the past few years with different versions and failed every time. I will be following this to find out if it can be done. B.
You need NFSv4, which is similar to NTFS but is quite awkward to activate and manage. Like eating ice cream with a fork, it can work somewhat but tends to leave a mess. Nico Kadel-Garcia Email: nkadel at gmail.com Sent from iPhone> On Jan 8, 2015, at 13:51, Tim <rintimtim at gmx.net> wrote: > > Hi, > > is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? > > What is needed e.g. as NFS mount options? > > Regards > Tim > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hai, if you want nfs4 for on a member server and you want to share the user home dirs over nfs so you can use them on any other server.. ( for example for ssh logins ) here some pointers. ( For debian, translate them to you own os ) And if anyone sees errors of improvements, please point them out ;-) On the Member ( NFS) server in smb.conf this is the home ( user shares ) path : /home/samba/users used in this example. apt-get install nfs-kernel-server --no-install-recommends -y mkdir -p /exports/users cat << EOF >> /etc/fstab /home/samba/users /exports/users none bind 0 0 EOF sed -i 's/NEED_SVCGSSD=/NEED_SVCGSSD=yes/g' /etc/default/nfs-kernel-server cp /etc/idmapd.conf /etc/idmapd.conf.debian cat << EOF >> /etc/idmapd.conf [Translation] Method = nsswitch EOF cat << EOF >> /etc/exports /exports/ 192.168.0.0/24(rw,fsid=0,insecure,no_subtree_check,async) /exports/users 192.168.0.0/24(rw,nohide,insecure,no_subtree_check,async) EOF ## this on the ADDC SERVER ## Now login on the AD AD and if anyone who knows howto do this on the server your working, ## so we dont need to copy the keytab file ... tell me.. ;-) ## get kerberos to know the NFS server: !! watch the CAPS !! ## ad the nfs spn to the "ALREADY AD JOINED SAMBA MEMBERSERVER samba-tool spn add nfs/membername.your.domain.tld MEMBERNAME\$ samba-tool spn add nfs/membername.your.domain.tld at ROTTERDAM.BAZUIN.NL MEMBERNAME\$ samba-tool domain exportkeytab --principal=nfs/membername.your.domain.tld /root/keytab.MEMBERNAME-nfs ## now copy this file :/root/keytabs/keytab.MEMBERNAME-nfs ## to the member server, and add this one to the default keytab file. ### back to the member server. cp krb5.keytab krb5.keytab.backup ktutil rkt /etc/krb5.keytab rkt /root/keytab.MEMBERNAME-nfs list wkt /etc/krb5.keytab quit service nfs-kernel-server restart ################## NFS CLIENT SETUP ################# # FOR THE OTHER SERVERS /Client servers. apt-get install rpcbind nfs-common cat << EOF >> /etc/idmapd.conf [Translation] Method = nsswitch EOF ########### Dedicated nfs mount mounted at boot ### CHOOSE ONE ! Enabled for now it the autofs. echo "## NFS V4 Users mounts" >> /etc/fstab echo "#membername.your.domain.tld:/export/users /home/samba/users nfs auto 0 0" >> /etc/fstab ### Or use AUTO FS optional. ( handy also for ssh Logins ) apt-get install autofs echo "## automount samba home dir for NFSv4" >> /etc/auto.master echo "/home/samba/users /etc/auto.nfshomeusers" >> /etc/auto.master echo "* membername.your.domain.tld:/export/users/&" >> /etc/auto.nfshomeusers /etc/init.d/autofs restart kerberised ssh logins on debian, very easy from here. apt-get install ssh-krb5 /etc/init.d/ssh restart pam-auth-update ( and enable both ) and your able to login with ssh kerberized on debian server with the home(user) share on also on nfs. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: d3r3kshaw at gmail.com >[mailto:samba-bounces at lists.samba.org] Namens BISI >Verzonden: vrijdag 9 januari 2015 1:07 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Mounted NFS share as Samba share > >On 15-01-08 10:51 AM, Tim wrote: >> Hi, >> >> is it possible to create a Samba share with full Windows ACL >support based on a mounted NFS share? >> >> What is needed e.g. as NFS mount options? >> >> Regards >> Tim >> >I have tried several times over the past few years with different >versions and failed every time. > >I will be following this to find out if it can be done. > >B. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Hi Tim,> is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? > > What is needed e.g. as NFS mount options?unless you mount the share read only, you will have file locking issues. So it may not be a good idea, even if you get the acl to work properly. Cheers, Denis> > Regards > Tim >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Thanks for your answers. I will drop that idea. I try something different now: Setting up a KVM guest with local lvm storage attached. I will let you know. Am 9. Januar 2015 10:35:46 MEZ, schrieb Denis Cardon <denis.cardon at tranquil-it-systems.fr>:>Hi Tim, > >> is it possible to create a Samba share with full Windows ACL support >based on a mounted NFS share? >> >> What is needed e.g. as NFS mount options? > >unless you mount the share read only, you will have file locking >issues. >So it may not be a good idea, even if you get the acl to work properly. > >Cheers, > >Denis > > > >> >> Regards >> Tim >> > > >-- >Denis Cardon >Tranquil IT Systems >Les Espaces Jules Verne, b?timent A >12 avenue Jules Verne >44230 Saint S?bastien sur Loire >tel : +33 (0) 2.40.97.57.55 >http://www.tranquil-it-systems.fr > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
On 01/09/15 04:35, Denis Cardon wrote:> Hi Tim, > >> is it possible to create a Samba share with full Windows ACL support >> based on a mounted NFS share? >> >> What is needed e.g. as NFS mount options? > > unless you mount the share read only, you will have file locking > issues. So it may not be a good idea, even if you get the acl to work > properly. > > Cheers, > > Denis > > > >> >> Regards >> Tim >> > >I use autofs heavily for linux clients e.g. /home/user1 mounts server1:/export/Home/user1, /home/user2 mounts server1:/export/Home/user2 /home/user3 mounts server2:/export/Home/user3 Have samba share the /home directory for the "home" share for Windows made it easy to make it look like all home directories were in a single parent directory. It had various limitations so I moved away from that. Each NFS server also runs samba and, if necessary, I use DFS links. E.g. server1 has most home directories, shares /export/Home as "Home" in samba, with DFS links any home directories on different servers. E.g #cd /export/Home #file * #user1: directory #user2: directory #user3: symbolic link to msdfs:server2\Home\user3 The point is that anything you wanted to do with Samba over NFS, you can probably accomplish by other means.