What "works for me" I have a webserver serving my SFTP service. I use SecureShell package for the SFTP/SCP service Secure shell, makes it easy to set a chrooted homedir. I set NIS (* not really needed but i use RSAT ADUC) UID set Homedir /srv/nfs/customers/SomeUsername/spool Primary gid to a linux/windows group, WITH GID assigned. The login is an automounted folder in this case NFS. *( unless you use cifs, then keep "domain users" ) Now this works fine here with NFS and CIFS automounts for me. Just keep in mind i "want/need" the chroot and nothing else. The systemd file to mount the share. /etc/systemd/system/srv-remote-customers.mount #------------ [Unit] Description=Mount Remote Customers Homedirs [Mount] # NFS option. What=FQ.DN:/exportnfs/customers Where=/srv/remote/customers Type=nfs # Cifs Option What=//FQ.DN/customers Where=/srv/remote/customers Type=cifs Options=credentials=/etc/samba/credentials-administrator,rw,vers=3.0 # content : /etc/samba/credentials-administrator username=Administrator password=XXXXX domain=ADDOM [Install] WantedBy=multi-user.target #------------ And the automount file. /etc/systemd/system/srv-nfs-customers.automount #------------ [Unit] Description=Automount Remote Customers Homedirs [Automount] Where=/srv/remote/customers TimeoutIdleSec=120 [Install] WantedBy=multi-user.target #------------ Make sure the needed packages are installed. *( like cifs-utils/nfs-common on debian) Make sure you have nfs/fq.dn and cifs/fq.dn in you keytab Place both files in /etc/systemd/system systemctl daemon-reload systemctl enable srv-remote-customers.automount And test. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Ralph Boehme via samba > Verzonden: donderdag 7 april 2022 12:04 > Aan: Thibault Roulet; samba at lists.samba.org > Onderwerp: Re: [Samba] sharing an autofs nfs mount > > On 4/7/22 10:47, Thibault Roulet via samba wrote: > > A group of 15 Centos systems running tasks on instruments. > > Experiments results are saved in a local folder on each machines. > > > > We need then to have a centralized place for our users > where they can > > get their files using a smb share and also via sftp. > > maybe DFS? Iow run SMB on the the 15 Centos boxes instead of NFS, but > let users connect to one central DFS server that contains > redirects to > the 15 other servers. > > Cheers! > -slow > > -- > Ralph Boehme, Samba Team https://samba.org/ > SerNet Samba Team Lead https://sernet.de/en/team-samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
In our case we needed to mount the user home folders from the file server and we could never get it to work with cifs - we would get permission errors and a login loop in Gnome - autofs was complaining about not finding the kerberos ticket. That's why we also use NFSv4 for Linux clients and CIFS for Windows clients - it seems to work but there may be some issues (with file locking?) that we are unaware. Interestingly enough CIFS works in our nextcloud server. Before installing the fileserver, we had an old ZFS storage system from Sun which pretty much worked like this, it exported user home folders with both CIFS and NFS but used SMBv1 which is depreciated. On Thu, 7 Apr 2022, 13:34 L.P.H. van Belle via samba, <samba at lists.samba.org> wrote:> What "works for me" > > I have a webserver serving my SFTP service. > > I use SecureShell package for the SFTP/SCP service > Secure shell, makes it easy to set a chrooted homedir. > I set NIS (* not really needed but i use RSAT ADUC) > UID set > Homedir /srv/nfs/customers/SomeUsername/spool > > Primary gid to a linux/windows group, WITH GID assigned. > The login is an automounted folder in this case NFS. > *( unless you use cifs, then keep "domain users" ) > > Now this works fine here with NFS and CIFS automounts for me. > Just keep in mind i "want/need" the chroot and nothing else. > > > The systemd file to mount the share. > > /etc/systemd/system/srv-remote-customers.mount > #------------ > [Unit] > Description=Mount Remote Customers Homedirs > > > [Mount] > # NFS option. > What=FQ.DN:/exportnfs/customers > Where=/srv/remote/customers > Type=nfs > > # Cifs Option > What=//FQ.DN/customers > Where=/srv/remote/customers > Type=cifs > Options=credentials=/etc/samba/credentials-administrator,rw,vers=3.0 > # content : /etc/samba/credentials-administrator > username=Administrator > password=XXXXX > domain=ADDOM > > [Install] > WantedBy=multi-user.target > #------------ > > And the automount file. > > /etc/systemd/system/srv-nfs-customers.automount > #------------ > [Unit] > Description=Automount Remote Customers Homedirs > > [Automount] > Where=/srv/remote/customers > TimeoutIdleSec=120 > > [Install] > WantedBy=multi-user.target > #------------ > > Make sure the needed packages are installed. *( like cifs-utils/nfs-common > on debian) > Make sure you have nfs/fq.dn and cifs/fq.dn in you keytab > > Place both files in /etc/systemd/system > systemctl daemon-reload > systemctl enable srv-remote-customers.automount > > And test. > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Ralph Boehme via samba > > Verzonden: donderdag 7 april 2022 12:04 > > Aan: Thibault Roulet; samba at lists.samba.org > > Onderwerp: Re: [Samba] sharing an autofs nfs mount > > > > On 4/7/22 10:47, Thibault Roulet via samba wrote: > > > A group of 15 Centos systems running tasks on instruments. > > > Experiments results are saved in a local folder on each machines. > > > > > > We need then to have a centralized place for our users > > where they can > > > get their files using a smb share and also via sftp. > > > > maybe DFS? Iow run SMB on the the 15 Centos boxes instead of NFS, but > > let users connect to one central DFS server that contains > > redirects to > > the 15 other servers. > > > > Cheers! > > -slow > > > > -- > > Ralph Boehme, Samba Team https://samba.org/ > > SerNet Samba Team Lead https://sernet.de/en/team-samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi all, Just a quick test this morning on my setup to change this NFS SMB config in place at the moment. ::Machine1:: This machine is running CentOS 7 and users are auth via LDAP when using it. The /opt/data/ folder contains one sub-folder per user where they store various things. Ownerships of those folders are defined by the user:group from the LDAP. Then I added this samba share. [global] ?? ?workgroup = LOCAL ?? ?security = user ?? ?passdb backend = tdbsam ??? client signing = mandatory ??? server signing = mandatory ??? server min protocol = SMB2 [data] ??? path = /opt/data/ ?? ?comment = Shared data ?? ?valid users = datashare ?? ?browseable = No ?? ?read only = Yes ?? ?inherit acls = yes I mounted this share on my server using this "datashare" local account, user folders are visible but with root:root ownership. Is there a way to tell samba on machine1 to populate/forward/keep user:group files information? Thanks in advance ! On 4/7/22 12:33, L.P.H. van Belle via samba wrote:> What "works for me" > > I have a webserver serving my SFTP service. > > I use SecureShell package for the SFTP/SCP service > Secure shell, makes it easy to set a chrooted homedir. > I set NIS (* not really needed but i use RSAT ADUC) > UID set > Homedir /srv/nfs/customers/SomeUsername/spool > > Primary gid to a linux/windows group, WITH GID assigned. > The login is an automounted folder in this case NFS. > *( unless you use cifs, then keep "domain users" ) > > Now this works fine here with NFS and CIFS automounts for me. > Just keep in mind i "want/need" the chroot and nothing else. > > > The systemd file to mount the share. > > /etc/systemd/system/srv-remote-customers.mount > #------------ > [Unit] > Description=Mount Remote Customers Homedirs > > > [Mount] > # NFS option. > What=FQ.DN:/exportnfs/customers > Where=/srv/remote/customers > Type=nfs > > # Cifs Option > What=//FQ.DN/customers > Where=/srv/remote/customers > Type=cifs > Options=credentials=/etc/samba/credentials-administrator,rw,vers=3.0 > # content : /etc/samba/credentials-administrator > username=Administrator > password=XXXXX > domain=ADDOM > > [Install] > WantedBy=multi-user.target > #------------ > > And the automount file. > > /etc/systemd/system/srv-nfs-customers.automount > #------------ > [Unit] > Description=Automount Remote Customers Homedirs > > [Automount] > Where=/srv/remote/customers > TimeoutIdleSec=120 > > [Install] > WantedBy=multi-user.target > #------------ > > Make sure the needed packages are installed. *( like cifs-utils/nfs-common on debian) > Make sure you have nfs/fq.dn and cifs/fq.dn in you keytab > > Place both files in /etc/systemd/system > systemctl daemon-reload > systemctl enable srv-remote-customers.automount > > And test. > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Ralph Boehme via samba >> Verzonden: donderdag 7 april 2022 12:04 >> Aan: Thibault Roulet;samba at lists.samba.org >> Onderwerp: Re: [Samba] sharing an autofs nfs mount >> >> On 4/7/22 10:47, Thibault Roulet via samba wrote: >>> A group of 15 Centos systems running tasks on instruments. >>> Experiments results are saved in a local folder on each machines. >>> >>> We need then to have a centralized place for our users >> where they can >>> get their files using a smb share and also via sftp. >> maybe DFS? Iow run SMB on the the 15 Centos boxes instead of NFS, but >> let users connect to one central DFS server that contains >> redirects to >> the 15 other servers. >> >> Cheers! >> -slow >> >> -- >> Ralph Boehme, Samba Teamhttps://samba.org/ >> SerNet Samba Team Leadhttps://sernet.de/en/team-samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:https://lists.samba.org/mailman/options/samba >> >-- Thibault Roulet