samba - Jul 2015 - POSIX-Share fails with NFS-mounts

Hi there,

I'm sure this must have been discussed before, but I can't find anything
that addresses exactly my problem in the archives.

The problem I ran into is, that a samba-share relying on POSIX file-permissions
stops working as soon as the shared folder is a NFS-mount itself.
In that case, it is no longer possible for any user to access files or folders.
So in my example, if "/samba/shares" is a local folder, everythings
works as expected. If I mount an external storage to "/samba/shares"
via NFS, the access from the Windows clients via samba is denied to this share.
I need to get this construct running, since for some reason I can't get a
customized samba running directly on the storage, so I need to use a dedicated
machine for this that mounts the data to be shared somehow.
I'm using samba 4.2.1 here.
Is there a solution for this?
Many thanks in advance.

Kind regards,
Christian Keck


Here's my smb.conf:


[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        netbios name = sambavm
        netbios aliases = sambavm sambavm.mydomain.local

        log file = /var/log/samba/smb.log
        log level = 2

        passdb backend = ldapsam:ldap://ldap.mydomain.local/
        ldap ssl = no
        ldap suffix = dc=mydomain,dc=local
        ldap admin dn = cn=admin,dc=mydomain,dc=local
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        ldap delete dn = no
        ldap passwd sync = no
        unix password sync = no

        idmap_ldb:use rfc2307 = Yes

        add user script = /usr/sbin/smbldap-useradd -m -a %u
        delete user script = /usr/sbin/smbldap-userdel %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        delete group script = /usr/sbin/smbldap-groupdel %g
        add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
        delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
        set primary group script = /usr/sbin/smbldap-usermod -g %g %u
        add machine script = /usr/sbin/smbldap-useradd -i -w %u

        wins support = yes

        veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network
Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at
__desc/:2e*/

[homes]
        comment = Home Directories
        read only = No
        browseable = No
        create mask = 0700
        directory mask = 2700
        guest ok = Yes
        root preexec = /usr/sbin/mkhomedir.sh %u %g

[mydomain]
        comment = mydomain Share
        path = /samba/shares
        read only = No
        create mask = 0770
        force create mode = 0660
        force security mode = 0660
        directory mask = 2770
        force directory mode = 2770
        force directory security mode = 2770
        inherit permissions = Yes
        hide unreadable = Yes
        hide unwriteable files = Yes

On Thursday 30 July 2015 09:28:46 Christian Keck wrote:
> Hi there,
> 
> I'm sure this must have been discussed before, but I can't find
anything
> that addresses exactly my problem in the archives.
> 
> The problem I ran into is, that a samba-share relying on POSIX
> file-permissions stops working as soon as the shared folder is a NFS-mount
> itself. In that case, it is no longer possible for any user to access files
> or folders. So in my example, if "/samba/shares" is a local
folder,
> everythings works as expected. If I mount an external storage to
> "/samba/shares" via NFS, the access from the Windows clients via
samba is
> denied to this share. I need to get this construct running, since for some
> reason I can't get a customized samba running directly on the storage,
so I
> need to use a dedicated machine for this that mounts the data to be shared
> somehow. I'm using samba 4.2.1 here.
> Is there a solution for this?
> Many thanks in advance.
It works with a limited feature set, see 'kernel oplocks' in 'man
smb.conf'.

However we do not really support this and recommend to solve it this way.

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

Hello all,

my problem has been sorted out meanwhile:
Surprisingly the reason was enabled ACLs on the file system of the NFS-server.
For some reasons this resulted in inaccessible shares in samba while the mounted
folders still could be accessed by the users via shell.
However, removing the ACL-structures on the server solved the sharing problems
within samba.
Maybe this could help someone else, too.

kind regards,
Christian Keck


--------------------------------
Fon: +49 431 67072-179
Fax: +49 431 67072-29
christian.keck at macio.de

macio GmbH                                                     
Am Kiel-Kanal 1
D-24106 Kiel
www.macio.de

--------------------------------
macio · software engineering & user interface design
Geschäftsführer:  Joern Kowalewski · Jörg Gonnermann · Alexander Friedel
Amtsgericht Kiel · HRB 5832


-----Ursprüngliche Nachricht-----
Von: Andreas Schneider [mailto:asn at samba.org] 
Gesendet: Donnerstag, 30. Juli 2015 12:17
An: samba at lists.samba.org
Cc: Christian Keck
Betreff: Re: [Samba] POSIX-Share fails with NFS-mounts

On Thursday 30 July 2015 09:28:46 Christian Keck wrote:
> Hi there,
> 
> I'm sure this must have been discussed before, but I can't find 
> anything that addresses exactly my problem in the archives.
> 
> The problem I ran into is, that a samba-share relying on POSIX 
> file-permissions stops working as soon as the shared folder is a 
> NFS-mount itself. In that case, it is no longer possible for any user 
> to access files or folders. So in my example, if "/samba/shares"
is a
> local folder, everythings works as expected. If I mount an external 
> storage to "/samba/shares" via NFS, the access from the Windows 
> clients via samba is denied to this share. I need to get this 
> construct running, since for some reason I can't get a customized 
> samba running directly on the storage, so I need to use a dedicated 
> machine for this that mounts the data to be shared somehow. I'm using
samba 4.2.1 here.
> Is there a solution for this?
> Many thanks in advance.
It works with a limited feature set, see 'kernel oplocks' in 'man
smb.conf'.

However we do not really support this and recommend to solve it this way.

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org