-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Davor,
Am 12.01.2015 um 19:44 schrieb Davor Vusir:> 2015-01-12 17:47 GMT+01:00 Stefan Kania <stefan at kania-online.de>:
> Am 11.01.2015 um 19:10 schrieb Davor Vusir:
>>>> Hi Stefan!
>>>>
>>>> 2015-01-09 17:27 GMT+01:00 Stefan Kania
>>>> <stefan at kania-online.de>: Hello everybody,
>>>>
>>>> I try to set up a GlusterFS together with CTDB. The OS on
>>>> all systems is Debian wheezy. No backports aktiv. All
>>>> Samba-packages are from Sernet (samba 4.14) My setup is the
>>>> following:
>>>>
>>>> ------------ GlusterFS: ------------ Node1: 192.168.57.101
>>>> Node2: 192.168.57.102
>>>>
>>>> Two nodes each with one disk. The disks are formated. The
>>>> disks are mounted. GlusterFS ist running without any errors.
>>>>
>>>> Version of Gluster: ii glusterfs-server 3.5.0-1 amd64
>>>> clustered file-system (server package)
>>>>
>>>> -------------- CTDB-Cluster: -------------- I mounted the
>>>> GlusterFS over the network to my samba 4 CTDB-nodes:
>>>>
>>>> CTDB-Version: ii ctdb 1.0.114.9-2 amd64 Clustered
>>>> TDB
>>>>
>>>> Gluster on the clients: ii glusterfs-client 3.5.0-1 amd64
>>>> clustered file-system (client package)
>>>>
>>>>
>>>> Network for Gluster communication CTDB-node1: 192.168.57.201
>>>> CTDB-node2: 192.168.57.202 Network for heartbeat
>>>> communication: CTDB-node1: 192.168.56.201 CTDB-node2:
>>>> 192.168.56.201
>>>>
>>>> Mountoptions on both CTDB-nodes in /etc/fstab: san1:/gv0
>>>> /GL-lokal glusterfs defaults,_netdev,acl 0 0
>>>>
>>>>
>>>>> You should add user_xattr to the list. I found this thread
>>>>> quite interesting:
>>>>>
http://samba.2283325.n4.nabble.com/samba4-with-glusterfs-td4647897.html
>>>>
>>>>>
>>>>
>>>>>
The Cluster is working fine as you can see here:
--------------->>>> root at fs1:~# ctdb status Number of nodes:2 pnn:0
>>>> 192.168.57.201 OK (THIS NODE) pnn:1 192.168.57.202 OK
>>>> Generation:1420468989 Size:2 hash:0 lmaster:0 hash:1
>>>> lmaster:1 Recovery mode:NORMAL (0) Recovery master:1
>>>> ---------------
>>>>
>>>> On the commandline I can change permissions and ACLs with
>>>> setfacl, I can set and reset default ACLs.
>>>>
>>>> Here are my smb.conf-settings from the registry:
>>>> ------------- root at fs1:/glusterfs# net registry export
>>>> 'hklm\software\samba' /dev/stdout Windows Registry
Editor
>>>> Version 5.00
>>>>
>>>> [HKLM\software\samba]
>>>>
>>>> [HKLM\software\samba\smbconf]
>>>>
>>>> [HKLM\software\samba\smbconf\global]
"workgroup"="samba-ad"
>>>> "netbios name"="cluster-fs"
"security"="ads"
>>>> "realm"="SAMBA-AD.LOKAL" "idmap config
>>>> *:range"="1000000-1999999" "idmap config
>>>> samba-ad:backend"="rid" "idmap config
>>>> samba-ad:range"="1000000-1999999"
>>>>
>>>>> The "*:range" and "samba-ad:range" must
not overlap.
>>>>
>>>> "winbind enum users"="yes" "winbind
enum groups"="yes"
>>>> "winbind use default domain"="yes"
"store dos
>>>> attributes"="yes" "map acl
inherit"="yes" "template
>>>> shell"="/bin/bash" "winbind refresh
tickets"="yes" "wins
>>>> server"="192.168.123.205" "vfs
objects"="acl_xattr" "template
>>>> homedir"="/GL-lokal/daten/home/%U"
>>>>
>>>>> I would move "store dos
attributes"="yes", "map acl
>>>>> inherit"="yes" and "vfs
objects"="acl_xattr" to every
>>>>> [share] section. Some time ago, when I had a combined AD DC
>>>>> and fileserver, where the various shares were configured on
>>>>> top MD/LVM/ext4, I never got the ACL-stuff to work before I
>>>>> moved these settings to the [share] section.
>>>>
>>>>> Here is a snippet from my smb.conf: [Common] path
>>>>> /data/common comment = "Company wide files." read
only >>>>> No
>>>>
>>>>> map acl inherit = Yes store dos attributes = Yes nt acl
>>>>> support = Yes
>>>>
>>>>> write cache size = 32768
>>>>
>>>>> vfs objects = recycle acl_xattr acl_xattr:ignore system acl
>>>>> = yes recycle:keeptree = yes recycle:versions = yes
>>>>> recycle:maxsize = 1073741824
>>>>
>>>>> csc policy = disable
>>>>
>>>> , [HKLM\software\samba\smbconf\daten]
"comment"="Daten im
>>>> Cluster" "guest ok"="no" "read
only"="no" "browseable"="yes"
>>>> "hide unreadable"="yes"
"path"="/GL-lokal/daten"
>>>>
>>>> [HKLM\software\samba\smbconf\users]
"comment"="home-dir"
>>>> "guest ok"="no" "read
only"="no" "browseable"="no" "create
>>>> mask"="700" "directory
mask"="700"
>>>> "path"="/GL-lokal/daten/home"
>>>>
>>>>
>>>>> You don't need guest ok"="no",
"browseable"="no", "create
>>>>> mask"="700" or "directory
mask"="700". Just "read
>>>>> only"="no". All permissions are set from
Windows.
>>>>
> That dosn't matter alt all for my problem, but you are right
>
>>>> [HKLM\software\samba\smbconf\profile]
"comment"="Servergesp.
>>>> Profile" "guest ok"="no" "read
only"="no" "browseable"="no"
>>>> "profile acls"="yes"
"path"="/GL-lokal/daten/profile"
>>>>
>>>>
>>>>> Same here. Use this as a guide for the roaming profiles
>>>>> share:
>>>>>
http://msdn.microsoft.com/en-us/library/cc757013(v=ws.10).aspx.
>>>>>
>>>>>
Don't forget to add 'csc policy = no' to the share
definition>>>>> block.
>>>>
>
> In GlusterFS 3.5 there is no mount-option "*xattr*" any more. The
> howto on the official webpage said it's always mountet with xattr.
> If you set the option the filesystem will not mount at all, because
> of an unknown option
>
>>>> [HKLM\software\samba\smbconf\linux]
"comment"="Linux-acl"
>>>> "guest ok"="no" "read
only"="no" "path"="/GL-lokal/linux/"
>>>>
>>>> [HKLM\software\samba\smbconf\linux2]
"comment"="Linux-acl2"
>>>> "guest ok"="no" "read
only"="no" "path"="/GL-lokal/linux2/"
>>>>
>>>> [HKLM\software\samba\Group Policy] ;Local Variables:
>>>> ;coding: UTF-8 ;End: ----------------
>>>>
>>>> The Cluster is Domainmember:
>>>>
>>>> root at fs1:~# net rpc testjoin Join to 'SAMBA-AD' is
OK
>>>>
>>>>
>>>> If I add aditional permissions as Domainadministrator to any
>>>> file or directory via Windows-explorer it works.
>>>>
>>>> BUT when I try to remove permissions or reset the inheritance
>>>> of filesystempermission on a file or directory I'll get an
>>>> errormessage. the following picture shows the error:
>>>> http://www.bilder-upload.eu/show.php?file=1613a0-1420819849.png
>>>>
>>>>
It's german but I think it's windows and it will look the same
in>>>> all languages. For this picture I try to remove the
>>>> filepermission inheritance from a dictory to start with new
>>>> set of permissions in this subdirectory
>>>>
>>>>
>>>>> Remove all ACLs with setfacl and run chown -R
>>>>> administrator:'Domain Admins' /path/to/sambashare
(or
>>>>> whichever user and group you have assigned as file server
>>>>> admin) (and restart Samba).
>>>>
> Thats what I did several times in different combinations. Removing
> everyting, set everything from Linux and look what will happen on
> Windows. With the same setup of Samba BUT using a local filesystem,
> everything works. I think I try to use GlusterFS 3.6, but I think
> the problem is not Gluster.
>
>
>> Found this
>>
https://lalatendumohanty.wordpress.com/2014/02/11/using-glusterfs-with-samba-and-samba-vfs-plugin-for-glusterfs-on-fedora-20/.
>>
>>
It might be of interest.
That's a very interesting link. I would like to test it, BUT I use the
SerNet packages for debian and the vfs object "glusterfs" is not
shipped with the packages. Let's see if I can get it.
Stefan
>
>> Regards Davor
>
> Stefan
>
>
>
>>>>> Regards Davor
>>>>
>>>> I didn't get any errormessages in any logfile. Even with
>>>> loglevel set to 10 ther is no error in any logfile :-(
>>>>
>>>> Because there are no error-messages in any logfile, I don't
>>>> know where to look. I think as long as I can't reset
>>>> permissions from Windows this combination is not usable :-(
>>>> To bad, because GlusterFS works very good.
>>>>
>>>> I hope, someone can give me a hint.
>>>>
>>>> Stefan
>>>>
>>>>> -- To unsubscribe from this list go to the following URL
>>>>> and read the instructions:
>>>>> https://lists.samba.org/mailman/options/samba
>
- --
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schl?ssel liegt auf
hkp://subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlS0/hwACgkQ2JOGcNAHDTZyRQCfYkG9wRHP8RHCFyU8j1AFXSE5
XiMAn1HWBGwsLvMhcXSSIYBwvZ1zGqwg
=aROm
-----END PGP SIGNATURE-----
