Re: [OpenIndiana-discuss] CIFS and openindiana
On Friday, July 12, 2013 09:27 PM, Jim Klimov wrote: On 2013-07-12 06:28, Christopher Chan wrote: On Friday, July 12, 2013 11:29 AM, Geoff Nordli wrote: On 13-07-11 07:25 PM, Jim Klimov wrote: On a side note, you can always make ZFS snapshots via filesystem interface mkdir $dataset/.zfs/snapshot/$snapname over both NFS and CIFS (at least kCIFS) as well as locally, as long as your user has proper ZFS delegated permissions. Removing is trickier, since tools insist on only deleting empty directories, and somehow they fail to delete contents of a read-only snapshot... bummer ;) That is very cool Jim, I didn't know I could create a snapshot that way. Time to rewrite the scripts. This makes it way easier to manage snapshots when you have over 2k snapshot per dataset. I've already resorted to referencing one dataset's snapshots with ls since zfs list takes forever. Thanks for letting us know about this. zfs just got even better. You are both welcome :) In fact, this trick I used in vboxsvc to create pre-start/post-stop snapshots of filesystem datasets which hold the VM image/cfg files, so that it can work seamlessly with local and NFS storage of VMs, as well as to just detect if a directory is in fact a ZFS dataset. On a side note, listing is indeed probably faster - for a single dataset. If you need to iterate (i.e. delete old zfs-auto-snap's in a tree) then zfs list is still easier to use for me. And the removal of snapshots is also AFAIK only doable by zfs destroy locally on the storage box... Er...nothing beats for i in `ls .zfs/snapshot/range`; do zfs delete $i ; done listing takes seconds. zfs list takes minutes. I have almost a dozen datasets each with over 1.5k snapshots. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-14 11:16, Christopher Chan wrote: On Friday, July 12, 2013 09:27 PM, Jim Klimov wrote: On a side note, listing is indeed probably faster - for a single dataset. If you need to iterate (i.e. delete old zfs-auto-snap's in a tree) then zfs list is still easier to use for me. And the removal of snapshots is also AFAIK only doable by zfs destroy locally on the storage box... Er...nothing beats for i in `ls .zfs/snapshot/range`; do zfs delete $i ; done listing takes seconds. zfs list takes minutes. I have almost a dozen datasets each with over 1.5k snapshots. When this works - sure. Well, the script above would be changed to use realistic dataset identifiers, but still ;) You'd also want to use ls -d to not occasionally go inside directories (the snapshots). What I meant is a hierarchy - when there are datasets inside each other, this would go ugly like: for i in `ls -d .zfs/snapshot/$range */.zfs/snapshot/$range */*/.zfs/snapshot/$range`; do zfs delete $i; done and you'd have to be quite a bit more creative about extracting dataset names from this; perhaps, a sed pipe filter like this to throw off tails would be nice, i.e. | sed 's/\/.zfs\/.*\/\([^\/]*\)$/@/ (needs verification). Though you'd also need to prepend parent dataset paths - and all that is relatively easy if your mounts are also really hierarchical, with nothing relocated (like pieces of the /export/* namespace coming from all sorts of places) and nothing you want cleared up is hidden (and not mounted). But yes, for simple cases you can certainly use ls. And then when there are less snapshots to churn through, make a control shot with zfs list ;) By the way, I found that deletions go a lot faster if I background the commands: ...; do zfs delete $i done; sync; wait; sync I believe many metadata updates fit into one TXG then. Though for some reason these do not always return the shell only after all deletions are completed - sometimes sooner (maybe has to do with that thread on signalling limitations?) It may be a problem on RAM-constrained boxes to fire thousands of zfs processes for this, though. Perhaps some command like parallel or a makefile could help to limit the number of children; I didn't delve into that. HTH, //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
The pool I am accessing is just a pool containing home folders and I am currently the only user that needs access. I have had no problems so far writing, reading, deleting etc. I haven't tried to log in to the share with other users though. I should check and see if permissions are working correctly. I have plenty of adjuncts that may want laptop access (the users are on sunrays). On 07/12/13 09:19 AM, Jim Klimov wrote: On 2013-07-12 12:02, Guenther Alka wrote: first, I would not share the pool itself but create a filesystem to share ex data: zfs set sharesmb=on home/data then you should reset the root pw to create a smb password: passwd root now you should be able to connect from Windows as user root If you want to connect as another user, create this user with a password and set ACL of shared folder to allow everyone@ or this user if you like to do settings not via CLI but a Web-UI, try my napp-it on OI ...or (since this thread became somewhat about remembering rationales in defense of kCIFS), if you connected as an administrative user (that is, the storage server thinks you can administer, such as root) over CIFS from Windows (which is a most likely scenario), you can use the properties of files and dirs to set Security - ZFC ACLs. Although I am not sure whether you can or can not edit share permissions as easily. Still, there is $dataset/.zfs/shares/$sharename entry which is just there for setting ACLs (on server-side, to limit the networked access to shares as opposed to FS-level access to individual objects)... //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
first, I would not share the pool itself but create a filesystem to share ex data: zfs set sharesmb=on home/data then you should reset the root pw to create a smb password: passwd root now you should be able to connect from Windows as user root If you want to connect as another user, create this user with a password and set ACL of shared folder to allow everyone@ or this user if you like to do settings not via CLI but a Web-UI, try my napp-it on OI Am 10.07.2013 13:57, schrieb Daniel Kjar: Hello everyone, I am trying to get CIFS working to share a home drive to a windows 8 machine. The pool already exists and I don't use auto_home. I tried just zfs set sharesmb=on home and that made it discoverable but when i try to log in I get authentication denied. I looked at the instructions online and saw all kinds of stuff that I am not sure if I really need to do. Most of the instructions I find are either oracle telling me to make a pool from scratch or samba specific. Do I need to do that or can I use the existing pool? Thanks. Dan ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-12 12:02, Guenther Alka wrote: first, I would not share the pool itself but create a filesystem to share ex data: zfs set sharesmb=on home/data then you should reset the root pw to create a smb password: passwd root now you should be able to connect from Windows as user root If you want to connect as another user, create this user with a password and set ACL of shared folder to allow everyone@ or this user if you like to do settings not via CLI but a Web-UI, try my napp-it on OI ...or (since this thread became somewhat about remembering rationales in defense of kCIFS), if you connected as an administrative user (that is, the storage server thinks you can administer, such as root) over CIFS from Windows (which is a most likely scenario), you can use the properties of files and dirs to set Security - ZFC ACLs. Although I am not sure whether you can or can not edit share permissions as easily. Still, there is $dataset/.zfs/shares/$sharename entry which is just there for setting ACLs (on server-side, to limit the networked access to shares as opposed to FS-level access to individual objects)... //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
A follow-up to my piece of anecdotal evidence: I checked that object from Windows Properties GUI, the numeric group object seems to be the SYSTEM set of permissions. And it is possibly a hardcoded mapping. On 2013-07-11 20:09, Jim Klimov wrote: Actually, here is an example; I am not sure I can quickly conjure up more: === View from the GZ # ls -ladV /export/home/jim/public_html/SSR-20090329.FLV -r--r--r--+ 1 jim staff169942464 Mar 31 2009 /export/home/jim/public_html/SSR-20090329.FLV user:jim:-wxp--:---:deny user:jim:rwxpdDaARWcCos:---:allow group:2147483648:-wxp--:---:deny group:2147483648:rwxpdDaARWcCos:---:allow owner@:-wxp--:---:deny owner@:r--A-W-Co-:---:allow group@:-wxp--:---:deny group@:r-:---:allow everyone@:-wxp---A-W-Co-:---:deny everyone@:r-a-R-c--s:---:allow # idmap dump | grep 2147483648 (nothing) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-12 06:28, Christopher Chan wrote: On Friday, July 12, 2013 11:29 AM, Geoff Nordli wrote: On 13-07-11 07:25 PM, Jim Klimov wrote: On a side note, you can always make ZFS snapshots via filesystem interface mkdir $dataset/.zfs/snapshot/$snapname over both NFS and CIFS (at least kCIFS) as well as locally, as long as your user has proper ZFS delegated permissions. Removing is trickier, since tools insist on only deleting empty directories, and somehow they fail to delete contents of a read-only snapshot... bummer ;) That is very cool Jim, I didn't know I could create a snapshot that way. Time to rewrite the scripts. This makes it way easier to manage snapshots when you have over 2k snapshot per dataset. I've already resorted to referencing one dataset's snapshots with ls since zfs list takes forever. Thanks for letting us know about this. zfs just got even better. You are both welcome :) In fact, this trick I used in vboxsvc to create pre-start/post-stop snapshots of filesystem datasets which hold the VM image/cfg files, so that it can work seamlessly with local and NFS storage of VMs, as well as to just detect if a directory is in fact a ZFS dataset. On a side note, listing is indeed probably faster - for a single dataset. If you need to iterate (i.e. delete old zfs-auto-snap's in a tree) then zfs list is still easier to use for me. And the removal of snapshots is also AFAIK only doable by zfs destroy locally on the storage box... //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 10/07/13 15:04, James Carlson wrote: I know that others here have said dreadful things about the CIFS server, but I can't say I've understood the fuss. :-/ My experience with it for a very simple set up has been less than stellar. But also, I was using it on S11, which has it still evolving, and a good part of the issues (not all) were from that evolution and the ever changing syntax. But seriously, even if it worked perfectly, how useful is it to spend Illumos/OI resources on that? What does IPS do that Samba cannot? Is it worth continuing it without the access that Oracle has to MS documentation and their resources? Why not join forces with Samba and focus on enhancing that experience rather than have a 3rd tool, less popular than Samba and less supported than Solaris CIFS? Laurent ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
Seems pretty straight forward to me now that I did it. I like that its management is part of zfs and besides the little hiccup with that pam.conf mod and having to 're-enter ' your password it was all a pretty good experience. Feels like a couple of little changes (include the missing package in the initial install, and include the pam.conf mod from the beginning) could make it a very easy way to share drives with windows. Would you like to share your drives with windows? zfs set sharesmb=on /pool /it's that easy! If people were interested they could delve deeper for filesystem stuff and abe etc but none of that would be necessary. On 7/11/2013 10:08 AM, Laurent Blume wrote: On 10/07/13 15:04, James Carlson wrote: I know that others here have said dreadful things about the CIFS server, but I can't say I've understood the fuss. :-/ My experience with it for a very simple set up has been less than stellar. But also, I was using it on S11, which has it still evolving, and a good part of the issues (not all) were from that evolution and the ever changing syntax. But seriously, even if it worked perfectly, how useful is it to spend Illumos/OI resources on that? What does IPS do that Samba cannot? Is it worth continuing it without the access that Oracle has to MS documentation and their resources? Why not join forces with Samba and focus on enhancing that experience rather than have a 3rd tool, less popular than Samba and less supported than Solaris CIFS? Laurent ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 07/11/13 10:08, Laurent Blume wrote: On 10/07/13 15:04, James Carlson wrote: I know that others here have said dreadful things about the CIFS server, but I can't say I've understood the fuss. :-/ My experience with it for a very simple set up has been less than stellar. But also, I was using it on S11, which has it still evolving, and a good part of the issues (not all) were from that evolution and the ever changing syntax. I've been using it for a while, first on OpenSolaris. But seriously, even if it worked perfectly, how useful is it to spend Illumos/OI resources on that? What does IPS do that Samba cannot? Simple: integration with ZFS. That's the killer feature for me, because it makes the CIFS exports as easy to manage as my NFS exports. Is it worth continuing it without the access that Oracle has to MS documentation and their resources? I think that kind of pessimistic question could apply to anything in OpenIndiana. Why bother with the kernel itself ... ? Why not join forces with Samba and focus on enhancing that experience rather than have a 3rd tool, less popular than Samba and less supported than Solaris CIFS? It works for me. I used to use Samba, but I had many problems with it, and I'm really not at all interested in developing anything for it. The sole purpose to me is to support a couple of ugly legacy Windoze systems, and the less time I spend thinking about it, the better. I don't doubt that a Samba developer would feel quite differently. Your opinion is valid, but it just doesn't apply to me. :-/ -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
Well, we have a bit of experience with kCIFS as well - mostly it has worked well for us, on a deployment with MSAD; we had a lot more trickery with NFSv4-style ACLs to have both local work on the storage server, NFS usage and CIFS usage somewhat consistent. User mapping from MSAD into locally defined accounts also worked acceptably well for us... Almost. I don't quite remember specific details (can dig if required, or not - if the rough description rings a bell already), but some ways of access to the One big problem was (and AFAIK remains) that the directory entries (or their ACLs?) often become bound to some entities known only to the storage server's global zone (I can't tell off the top of my head whether this was about ephemeral IDs, or just ZFS ACLs mentioning accounts and groups defined only in the GZ). While these files and directories are accessible okay in the GZ and, for the most part, in that server's local zones which lofs-mount filesystems from the GZ, access over NFS fails with some bad ACL error; woe be to home dirs accessed and tainted by CIFS - they might no longer be accessible to UNIX systems until reset to POSIX-only ACLs or ACLs with well-known groups. Otherwise it just complicates management of common file archives in shared workspaces, if files are later accessed from UNIX too, and that - rarely (since most active users were added into idmap mappings explicitly, to back up wildcard ruled). Maybe this would work if ALL systems and local zones were MSAD integrated clients as well, but they are not. Actually, here is an example; I am not sure I can quickly conjure up more: === View from the GZ # ls -ladV /export/home/jim/public_html/SSR-20090329.FLV -r--r--r--+ 1 jim staff169942464 Mar 31 2009 /export/home/jim/public_html/SSR-20090329.FLV user:jim:-wxp--:---:deny user:jim:rwxpdDaARWcCos:---:allow group:2147483648:-wxp--:---:deny group:2147483648:rwxpdDaARWcCos:---:allow owner@:-wxp--:---:deny owner@:r--A-W-Co-:---:allow group@:-wxp--:---:deny group@:r-:---:allow everyone@:-wxp---A-W-Co-:---:deny everyone@:r-a-R-c--s:---:allow # idmap dump | grep 2147483648 (nothing) === View over loop-mount in a local zone on the storage server $ ls -ladV /export/home/jim/public_html/SSR-20090329.FLV -r--r--r--+ 1 jim nobody 169942464 Mar 31 2009 /export/home/jim/public_html/SSR-20090329.FLV user:jim:-wxp--:---:deny user:jim:rwxpdDaARWcCos:---:allow group:nobody:-wxp--:---:deny group:nobody:rwxpdDaARWcCos:---:allow owner@:-wxp--:---:deny owner@:r--A-W-Co-:---:allow group@:-wxp--:---:deny group@:r-:---:allow everyone@:-wxp---A-W-Co-:---:deny everyone@:r-a-R-c--s:---:allow (mostly the same - except that the strange group was mapped into nobody) === View from same local zone over NFS: $ ls -laV /net/storage/export/home/jim/public_html/SSR-20090329.FLV ls: can't read ACL on /net/storage/export/home/jim/public_html/SSR-20090329.FLV: Not owner $ ls -la /net/storage/export/home/jim/public_html ls: can't read ACL on /net/storage/export/home/jim/public_html/SSR-20090329.FLV: Not owner total 4211 -r--r--r-- 0 root root 169942464 Jan 1 1970 drwxr-xr-x+ 8 jim staff 19 Apr 27 18:42 . ... In the second case the directory entry pops up - with proper file size, but no date or link-count. === Again, maybe it works differently for others; maybe the problem was fixed in the past few years (that storage box is OpenSolaris SXCE)... This did not annoy us enough to abandon kernel CIFS which just worked for that project and remains acceptable with known quirks. A bigger problem was the lack of CIFS child-mounts, which I think Nexenta had solved at some time (BTW, is it integrated in common illumos-gate?) What I meant to say is that, possibly, tight integration of ZFS and kCIFS is not always good - i.e. if it leads to such show-breaking ACLs to be stored in the ZFS filesystems... I have no idea if Samba, even with ACL support (there is some, right?) can cause similar breaks... My 2c, //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-11 6:56 PM, James Carlson wrote: I've been using it for a while, first on OpenSolaris. Yes, me too, on and off until S11.1, when I dumped it for good because it annoyed me one time too many. I do know the thing :-) Simple: integration with ZFS. That's the killer feature for me, because it makes the CIFS exports as easy to manage as my NFS exports. Okay, fair enough, it is a good feature. But that answer makes me wonder. Look at this: # net rpc share list Enter root's password: print$ IPC$ # zfs list NAMEUSED AVAIL REFER MOUNTPOINT lpool 460K 402G 136K /lpool # zfs create -o sharesmb=on lpool/test # zfs list NAME USED AVAIL REFER MOUNTPOINT lpool656K 402G 136K /lpool lpool/test 136K 402G 136K /lpool/test # net rpc share list Enter root's password: print$ IPC$ lpool_test # uname -a Linux wenjun 3.5.0-18-generic #29-Ubuntu SMP Thu Oct 25 07:26:14 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux It's just something that can already be done equally well with Samba. This community should keep an eye on the outside world, things are moving there too. Right now, I can't think of anything that the OI CIFS server can do, that Samba cannot. So we should not believe in past Sun/Oracle propaganda that only the magic of a kernelized server could do those things, ot fall prey to the NIH syndrom. I think that kind of pessimistic question could apply to anything in OpenIndiana. Why bother with the kernel itself ... ? Well, yes, it can apply to many things. And OI at this point is not able to compete on all fronts. So insisting on holding them all together at arms' length sounds dangerously unfeasible to me. There are some which are more immediately of concerns than others, choices should be made according to the features needed. That project should learn to build on and integrate with other OSS projects. All Linux distros have learnt to do that. Is this Community becoming a closed one, where nothing good can be accepted from outside, even when it would provide some welcome relief? It works for me. I used to use Samba, but I had many problems with it, and I'm really not at all interested in developing anything for it. Developing what? It's already here. You would be developing something else :-) I'm not sure when you last used Samba, but believe me, it's going forward at a pace that OI cannot realistically match. The sole purpose to me is to support a couple of ugly legacy Windoze systems, and the less time I spend thinking about it, the better. So if you don't really care about serving CIFS, it wouldn't really matter to you that they'd come through Samba or anything else? I don't doubt that a Samba developer would feel quite differently. Your opinion is valid, but it just doesn't apply to me. :-/ I have no idea how they feel, but I'm sure it'd be better to have them involved and aware of OI rather than not. Laurent ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 07/11/13 12:30, Laurent Blume wrote: Is this Community becoming a closed one, where nothing good can be accepted from outside, even when it would provide some welcome relief? No, I don't think so. I don't know why you're asking. At a guess, it sounds to me like you're somehow extrapolating from how I feel about it (basically, I don't care very much about CIFS or Samba) to how others may or may not feel. That's not likely to produce a result that's accurate in any sense. I'm not hostile to it. I just don't care. Whether someone else thinks I *should* care is another matter. :-/ The sole purpose to me is to support a couple of ugly legacy Windoze systems, and the less time I spend thinking about it, the better. So if you don't really care about serving CIFS, it wouldn't really matter to you that they'd come through Samba or anything else? No, it wouldn't matter. But lacking the nice ZFS inheritance feature and being hard to set up would certainly make it less attractive an answer. The reason I tried CIFS, lo, many years ago was that it just worked. I didn't have to futz with a pile of text files for a feature that -- even when it works -- is of extremely low importance *TO ME.* I don't doubt that a Samba developer would feel quite differently. Your opinion is valid, but it just doesn't apply to me. :-/ I have no idea how they feel, but I'm sure it'd be better to have them involved and aware of OI rather than not. Sure; no disagreement there. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 13-07-11 09:30 AM, Laurent Blume wrote: On 2013-07-11 6:56 PM, James Carlson wrote: It works for me. I used to use Samba, but I had many problems with it, and I'm really not at all interested in developing anything for it. Developing what? It's already here. You would be developing something else :-) I'm not sure when you last used Samba, but believe me, it's going forward at a pace that OI cannot realistically match. The sole purpose to me is to support a couple of ugly legacy Windoze systems, and the less time I spend thinking about it, the better. So if you don't really care about serving CIFS, it wouldn't really matter to you that they'd come through Samba or anything else? I don't doubt that a Samba developer would feel quite differently. Your opinion is valid, but it just doesn't apply to me. :-/ I have no idea how they feel, but I'm sure it'd be better to have them involved and aware of OI rather than not. Laurent Lots of stuff coming down the pipe with SMB2.2/3 as well. https://wiki.samba.org/index.php/Samba3/SMB2#SMB_3.0 Plus things like: File Server Remote VSS Protocol (FSRVP) for snapshots. Interesting in their wiki they actually name ZFS as an option. I highly doubt that is going to find its way into the illumos cifs service. Geoff ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-11 22:40, Geoff Nordli wrote: Plus things like: File Server Remote VSS Protocol (FSRVP) for snapshots. Interesting in their wiki they actually name ZFS as an option. I highly doubt that is going to find its way into the illumos cifs service. I don't know the protocol by the name, but kCIFS does support access from Windows to Previous Versions or Shadow Copies (via its GUI) of shares on that OpenSolaris SXCE server, where as the said versions it lists all the snapshots. So unless you meant something else, I think it is there since the beginning, or close to that :) By the way, one of the features that OpenSolaris team touted for kCIFS was Windows-like RPC implementation, in particular to view and manage SMF services as if you managed a remote Windows server. Does Samba have anything to match that? ;) //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On Friday, July 12, 2013 03:48 AM, James Carlson wrote: The sole purpose to me is to support a couple of ugly legacy Windoze systems, and the less time I spend thinking about it, the better. So if you don't really care about serving CIFS, it wouldn't really matter to you that they'd come through Samba or anything else? No, it wouldn't matter. But lacking the nice ZFS inheritance feature and being hard to set up would certainly make it less attractive an answer. The reason I tried CIFS, lo, many years ago was that it just worked. I didn't have to futz with a pile of text files for a feature that -- even when it works -- is of extremely low importance *TO ME.* ZFS acl inheritance is supported also by Samba? ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On Jul 11, 2013, at 9:30 AM, Laurent Blume laurent...@elanor.org wrote: On 2013-07-11 6:56 PM, James Carlson wrote: I've been using it for a while, first on OpenSolaris. Yes, me too, on and off until S11.1, when I dumped it for good because it annoyed me one time too many. I do know the thing :-) Simple: integration with ZFS. That's the killer feature for me, because it makes the CIFS exports as easy to manage as my NFS exports. Okay, fair enough, it is a good feature. But that answer makes me wonder. Look at this: # net rpc share list Enter root's password: print$ IPC$ # zfs list NAMEUSED AVAIL REFER MOUNTPOINT lpool 460K 402G 136K /lpool # zfs create -o sharesmb=on lpool/test Yep, the ZFS code can use system() or its equivalent :-) # zfs list NAME USED AVAIL REFER MOUNTPOINT lpool656K 402G 136K /lpool lpool/test 136K 402G 136K /lpool/test # net rpc share list Enter root's password: print$ IPC$ lpool_test # uname -a Linux wenjun 3.5.0-18-generic #29-Ubuntu SMP Thu Oct 25 07:26:14 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux It's just something that can already be done equally well with Samba. This community should keep an eye on the outside world, things are moving there too. Right now, I can't think of anything that the OI CIFS server can do, that Samba cannot. So we should not believe in past Sun/Oracle propaganda that only the magic of a kernelized server could do those things, ot fall prey to the NIH syndrom. Actually, I have seen workloads that Samba can't handle because of its single-threaded design. This is a conscious decision by the developers and suits them just fine: they prefer portability over OS-specific optimizations and writing or debugging good multithreaded apps can be hard. I don't think NIH applies here. It is more a matter of priority, business opportunity and resources. There are very few people on the planet who have the domain expertise needed to build an SMB service from scratch, especially given the state of the public documentation on the protocol. The Samba team has commercial backing and the domain expertise. Microsoft has little incentive to be more open in this regard. So, there it is. -- richard -- richard.ell...@richardelling.com +1-760-896-4422 ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 13-07-11 01:47 PM, Jim Klimov wrote: On 2013-07-11 22:40, Geoff Nordli wrote: Plus things like: File Server Remote VSS Protocol (FSRVP) for snapshots. Interesting in their wiki they actually name ZFS as an option. I highly doubt that is going to find its way into the illumos cifs service. I don't know the protocol by the name, but kCIFS does support access from Windows to Previous Versions or Shadow Copies (via its GUI) of shares on that OpenSolaris SXCE server, where as the said versions it lists all the snapshots. So unless you meant something else, I think it is there since the beginning, or close to that :) quick disclaimer, I am not a samba expert. I have just been following the features. The FSRVP could initiate a snapshot from the windows machine. Right now the windows machine consumes snapshots via the previous versions from snapshots initiated on the zfs side. By the way, one of the features that OpenSolaris team touted for kCIFS was Windows-like RPC implementation, in particular to view and manage SMF services as if you managed a remote Windows server. Does Samba have anything to match that? ;) No, but Samba 4 can look exactly like an AD domain controller, which can be managed from existing MS tools. Geoff ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-12 02:43, Geoff Nordli wrote: The FSRVP could initiate a snapshot from the windows machine. Right now the windows machine consumes snapshots via the previous versions from snapshots initiated on the zfs side. I see. Well, it is different from what I meant, and a standardized protocol is good for interop and interface (sometime...) ;) On a side note, you can always make ZFS snapshots via filesystem interface mkdir $dataset/.zfs/snapshot/$snapname over both NFS and CIFS (at least kCIFS) as well as locally, as long as your user has proper ZFS delegated permissions. Removing is trickier, since tools insist on only deleting empty directories, and somehow they fail to delete contents of a read-only snapshot... bummer ;) HTH, //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 13-07-11 07:25 PM, Jim Klimov wrote: On 2013-07-12 02:43, Geoff Nordli wrote: The FSRVP could initiate a snapshot from the windows machine. Right now the windows machine consumes snapshots via the previous versions from snapshots initiated on the zfs side. I see. Well, it is different from what I meant, and a standardized protocol is good for interop and interface (sometime...) ;) On a side note, you can always make ZFS snapshots via filesystem interface mkdir $dataset/.zfs/snapshot/$snapname over both NFS and CIFS (at least kCIFS) as well as locally, as long as your user has proper ZFS delegated permissions. Removing is trickier, since tools insist on only deleting empty directories, and somehow they fail to delete contents of a read-only snapshot... bummer ;) That is very cool Jim, I didn't know I could create a snapshot that way. Have a great day! Geoff ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On Friday, July 12, 2013 11:29 AM, Geoff Nordli wrote: On 13-07-11 07:25 PM, Jim Klimov wrote: On 2013-07-12 02:43, Geoff Nordli wrote: The FSRVP could initiate a snapshot from the windows machine. Right now the windows machine consumes snapshots via the previous versions from snapshots initiated on the zfs side. I see. Well, it is different from what I meant, and a standardized protocol is good for interop and interface (sometime...) ;) On a side note, you can always make ZFS snapshots via filesystem interface mkdir $dataset/.zfs/snapshot/$snapname over both NFS and CIFS (at least kCIFS) as well as locally, as long as your user has proper ZFS delegated permissions. Removing is trickier, since tools insist on only deleting empty directories, and somehow they fail to delete contents of a read-only snapshot... bummer ;) That is very cool Jim, I didn't know I could create a snapshot that way. Time to rewrite the scripts. This makes it way easier to manage snapshots when you have over 2k snapshot per dataset. I've already resorted to referencing one dataset's snapshots with ls since zfs list takes forever. Thanks for letting us know about this. zfs just got even better. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 10/07/13 13:57, Daniel Kjar wrote: Hello everyone, I am trying to get CIFS working to share a home drive to a windows 8 machine. The pool already exists and I don't use auto_home. I tried just zfs set sharesmb=on home and that made it discoverable but when i try to log in I get authentication denied. I looked at the instructions online and saw all kinds of stuff that I am not sure if I really need to do. Most of the instructions I find are either oracle telling me to make a pool from scratch or samba specific. Do I need to do that or can I use the existing pool? For a home use, with no AD integration needed, I'm convinced Samba is a much better choice. Laurent ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
You need to set permissions right! ordinary chmod ug+rw... , or ACL's chmod A=user:. I'm using CIFS in workgroup mode without issues for my OsX clients. Regards Andrej On Wed, Jul 10, 2013 at 1:57 PM, Daniel Kjar dk...@elmira.edu wrote: Hello everyone, I am trying to get CIFS working to share a home drive to a windows 8 machine. The pool already exists and I don't use auto_home. I tried just zfs set sharesmb=on home and that made it discoverable but when i try to log in I get authentication denied. I looked at the instructions online and saw all kinds of stuff that I am not sure if I really need to do. Most of the instructions I find are either oracle telling me to make a pool from scratch or samba specific. Do I need to do that or can I use the existing pool? Thanks. Dan -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/**dkjar http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson __**_ OpenIndiana-discuss mailing list OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org http://openindiana.org/**mailman/listinfo/openindiana-**discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 07/10/13 07:57, Daniel Kjar wrote: Hello everyone, I am trying to get CIFS working to share a home drive to a windows 8 machine. The pool already exists and I don't use auto_home. I tried just zfs set sharesmb=on home and that made it discoverable but when i try to log in I get authentication denied. I looked at the instructions online and saw all kinds of stuff that I am not sure if I really need to do. Most of the instructions I find are either oracle telling me to make a pool from scratch or samba specific. Do I need to do that or can I use the existing pool? You should be able to use the existing file system. There are some issues with respect to the expected case matching rules for CIFS, but as long as you don't play games by creating files that differ only in alphabetic case, you should be fine. The short answer is that you need this in /etc/pam.conf: other password required pam_smb_passwd.so.1 nowarn and you then need to change the password for each user who will use the CIFS shares. You can change it to the same password as it is now. The important part is that the change process itself will cache information that CIFS needs in order to do authentication. The above is a one-time issue on a system. Once you do it, it's set. I suspect that you've already solved this part, but another one-time issue is enabling the smb server. svcadm enable -r smb/server should do the job. You may want to join a workgroup with smbadm join -w workgroupname. I know that others here have said dreadful things about the CIFS server, but I can't say I've understood the fuss. :-/ -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
Interesting. I tried that pam.conf line and it created havoc. I had this infinite loop with a dlopen didn't open that locked me out. Had to go in with a recovery disk. this is a stock a7 install. I guess I don't understand why the existing permissions don't work for CIFS. so something other than drwx-- 81 dsk trouble 211 2013-06-27 10:11 dsk is required? On 07/10/13 09:04 AM, James Carlson wrote: On 07/10/13 07:57, Daniel Kjar wrote: Hello everyone, I am trying to get CIFS working to share a home drive to a windows 8 machine. The pool already exists and I don't use auto_home. I tried just zfs set sharesmb=on home and that made it discoverable but when i try to log in I get authentication denied. I looked at the instructions online and saw all kinds of stuff that I am not sure if I really need to do. Most of the instructions I find are either oracle telling me to make a pool from scratch or samba specific. Do I need to do that or can I use the existing pool? You should be able to use the existing file system. There are some issues with respect to the expected case matching rules for CIFS, but as long as you don't play games by creating files that differ only in alphabetic case, you should be fine. The short answer is that you need this in /etc/pam.conf: other password required pam_smb_passwd.so.1 nowarn and you then need to change the password for each user who will use the CIFS shares. You can change it to the same password as it is now. The important part is that the change process itself will cache information that CIFS needs in order to do authentication. The above is a one-time issue on a system. Once you do it, it's set. I suspect that you've already solved this part, but another one-time issue is enabling the smb server. svcadm enable -r smb/server should do the job. You may want to join a workgroup with smbadm join -w workgroupname. I know that others here have said dreadful things about the CIFS server, but I can't say I've understood the fuss. :-/ -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 07/10/13 09:55, Daniel Kjar wrote: Interesting. I tried that pam.conf line and it created havoc. I had this infinite loop with a dlopen didn't open that locked me out. Had to go in with a recovery disk. this is a stock a7 install. At a guess, you don't have all of the CIFS packages installed. But I don't know what you were missing or how it related to the problem. If you don't have that line in pam.conf, then CIFS authentication just won't work. It's required. I know that at one point one of the CIFS packages was missing a dependency, and I suppose you might have gotten bit by that. I thought it was fixed somewhat recently. From long experience with Solaris, I've been conditioned to install everything, so I never really notice problems like that. I guess I don't understand why the existing permissions don't work for CIFS. so something other than drwx-- 81 dsk trouble 211 2013-06-27 10:11 dsk is required? I haven't tried anything like that. Mine are set up as mode 755. Of course, I wouldn't expect that directory permissions on the share have anything to do with authentication. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
hmmm... I bet I am missing whatever contains the passwd.so.1 I did the normal desktop install. I don't think you get a choice in OI like you did in Solaris. I am installing the samba package as I type On 07/10/13 10:05 AM, James Carlson wrote: On 07/10/13 09:55, Daniel Kjar wrote: Interesting. I tried that pam.conf line and it created havoc. I had this infinite loop with a dlopen didn't open that locked me out. Had to go in with a recovery disk. this is a stock a7 install. At a guess, you don't have all of the CIFS packages installed. But I don't know what you were missing or how it related to the problem. If you don't have that line in pam.conf, then CIFS authentication just won't work. It's required. I know that at one point one of the CIFS packages was missing a dependency, and I suppose you might have gotten bit by that. I thought it was fixed somewhat recently. From long experience with Solaris, I've been conditioned to install everything, so I never really notice problems like that. I guess I don't understand why the existing permissions don't work for CIFS. so something other than drwx-- 81 dsk trouble 211 2013-06-27 10:11 dsk is required? I haven't tried anything like that. Mine are set up as mode 755. Of course, I wouldn't expect that directory permissions on the share have anything to do with authentication. -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
Excellent. I install the samba package, restarted it, put in the pam.conf line again, reset my password, and perfection. Thanks! Glad I didn't muck around with all of that other stuff. On 07/10/13 10:05 AM, James Carlson wrote: On 07/10/13 09:55, Daniel Kjar wrote: Interesting. I tried that pam.conf line and it created havoc. I had this infinite loop with a dlopen didn't open that locked me out. Had to go in with a recovery disk. this is a stock a7 install. At a guess, you don't have all of the CIFS packages installed. But I don't know what you were missing or how it related to the problem. If you don't have that line in pam.conf, then CIFS authentication just won't work. It's required. I know that at one point one of the CIFS packages was missing a dependency, and I suppose you might have gotten bit by that. I thought it was fixed somewhat recently. From long experience with Solaris, I've been conditioned to install everything, so I never really notice problems like that. I guess I don't understand why the existing permissions don't work for CIFS. so something other than drwx-- 81 dsk trouble 211 2013-06-27 10:11 dsk is required? I haven't tried anything like that. Mine are set up as mode 755. Of course, I wouldn't expect that directory permissions on the share have anything to do with authentication. -- Dr. Daniel Kjar Associate Professor of Biology Division of Mathematics and Natural Sciences Elmira College 1 Park Place Elmira, NY 14901 607-735-1826 http://faculty.elmira.edu/dkjar ...humans send their young men to war; ants send their old ladies -E. O. Wilson ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On 2013-07-10 16:41, Daniel Kjar wrote: Excellent. I install the samba package, restarted it, put in the pam.conf line again, reset my password, and perfection. Thanks! Glad I didn't muck around with all of that other stuff. Just for clarity, is that really Samba or smb packages with kernel CIFS support? I am not sure that pam tricks are required for Samba, it has its own authentications files (see smbpasswd) though it might by explicit setup be tied to LDAP/AD or maybe common OS authentication ;) //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
It was the package that popped up in the package manager when I searched for samba. It said something about CIFS in the description. Looks like something that should be installed by default but I guess you have to draw the line somewhere. On 7/10/2013 1:31 PM, Jim Klimov wrote: On 2013-07-10 16:41, Daniel Kjar wrote: Excellent. I install the samba package, restarted it, put in the pam.conf line again, reset my password, and perfection. Thanks! Glad I didn't muck around with all of that other stuff. Just for clarity, is that really Samba or smb packages with kernel CIFS support? I am not sure that pam tricks are required for Samba, it has its own authentications files (see smbpasswd) though it might by explicit setup be tied to LDAP/AD or maybe common OS authentication ;) //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] CIFS and openindiana
On Wednesday, July 10, 2013, Daniel Kjar wrote: Interesting. I tried that pam.conf line and it created havoc. I had this infinite loop with a dlopen didn't open that locked me out. Had to go in with a recovery disk. this is a stock a7 install. I guess I don't understand why the existing permissions don't work for CIFS. so something other than drwx-- 81 dsk trouble 211 2013-06-27 10:11 dsk is required? They should work. The problem isn't permissions, it's password formats. When you try to log in to a CIFS server, Windows does not send the password in cleartext. Instead it sends a hashed version of the password, which the server is then supposed to compare to its stored hash. The problem is Windows uses a different hashing algorithm than OpenSolaris, so there's no way to authenticate properly. The pam.conf line creates a Windows-hashed copy of the password and keeps it in sync. On a Samba installation this is normally done with the smbpasswd tool, instead. -- David Brodbeck System Administrator, Linguistics University of Washington ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
