OpenSolaris – Samba server

Time to share your newly created ZFS volume via samba to your windows clients.  There is some CIFS / SMB support built into the kernel now, but i’ve grown used to the SMB server…

Fire up add software – click filesystems – enable filter for “smb”, there are three packages generally. I get all three, but you only need the kernel update and the server package. The other is the SMB client.

Once installed make sure you enable the server in servicesgui.

Ensure the filesystem does not have any permission issues. I usually run chmod -R 777 /share just to ensure everyone can access the files without issue.

Add some users into smb password file (U need to create the users and sync the passwords). I usually create a guest user profile

useradd guest

smbpasswd -a guest – it should prompt for password twice (this is the password you use from windows). Press enter twice to leave the password blank.

The configuration can be done via /etc/sfw/smb.conf or via the shared folders admin gui.

I prefer doing the admin via the /etc/sfw/smb.conffile as it tends to let you have more control than the basic options available to you via the GUI. The contents of the file are as follows;  (note: i have included alot of the setting as an example which may contridict other settings)

[global] – global settings, the following are obvious

workgroup = workgroup

server string = opensolaris

wins support = yes – lets your server act as a WINS box


[share] – share name

path = /raidz1/share – share path

available = yes – enabled?

browseable = yes

public = yes

valid users = user1, user2 – only these users can access the share

writable = yes – equivalent to read / write in windows share properties

read only = yes – sets the default permissions to read only

write list = user1, user2 – these users can write to the share. Overrides above “read only” setting.

There are some good examples within /etc/sfw/smb.conf-example. Look there for some tips.

You also have an option of managing samba via the web – SWAT (samba web admin t). To get this up an running enable the swat service svc:/network/swat:default then browse to http://server:901

Optimizing SMB

I’ve found that adding this to /etc/sfw/smb.conf helps throughput in some cases. Try for yourself;  (it tends to put a higher load on cpu)

[global]

aio read size = 1
aio write size = 1

Further to this entry i have discovered that the built in CIFS / SMB service is much more efficient since it is included as part of the kernel. See my other posts on setting up cifs

Updated : 9/08/2009

I’ve swapped back to samba due to the issues i’ve had with cifs in the later releases. Remember if you wish to swap back to samba yo uneed to remove the sharesmb properties from each of your zfs shares – else on reboot zfs will re-enable the server/smb service.

There are some additional settings to ensure that your file server is the master browser for your workgroup. Put these under your [global]

[global]
domain master = Yes
local master = Yes
preferred master = Yes
os level = 35

Apparently on windows the os level reaches only 32 – so setting this to 35 ensures that your file server remains the master browser when an election is performed.

opensolaris – smbd issues?

Hmm… i’ve been having problems since the 2009.06 (snv_111b) update with cifs.

Cant pin it exactly as it could be “load” related… hmmm.

found this ? http://opensolaris.org/jive/thread.jspa?threadID=107681 this also may be a clue.. http://opensolaris.org/jive/thread.jspa?threadID=92472&tstart=75

imapd ?  might have to go back to 2008.11

You might get better performance if you enable oplocks but
there are known issues with it but you can do it just to
see if you see any difference:

svccfg -s smb/server setprop smbd/oplock_enable=boolean: true

So far running the above command has fixed things for me? I’ll update if the problem returns.

svccfg -s smb/server setprop smbd/oplock_enable=boolean: true

Updated : 27/07/2009

Problem came back, so i’m updating to 117 as per comments below

OpenSolaris cifs/smb server – configuring ACL’s on shares – Part 2

I have done most of the explaining in another post on how the permissions work with a zfs cifs share – link here.

In this post I’m going to show an example of how to add multiple groups / users to a specific folder. Which then recursively adds its ACL”s to any child objects. Its essentially like the other commands i used, but with an extra line per user or group you want to configure;

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

user:lisa:full_set:d:allow,\

user:lisa:full_set:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/protected/

The above command gives the owner and the user “lisa” full permissions, the everybody else group has read only access. If you want to add a group then just use group: instead of user: at the start.

This gives full access to myself and list, but deny’s access to everyone else;

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

user:daz:full_set:d:allow,\

user:daz:full_set:f:allow,\

user:lisa:full_set:d:allow,\

user:lisa:full_set:f:allow,\

everyone@:full_set:d:deny,\

everyone@:full_set:f:deny \

/protected/photos/

Done.

OpenSolaris – Migrating from samba to cifs

OpenSolaris 2008.11 has a cifs/smb server built into the kernel. From what i have been reading (and discovering) this is a much more efficient and faster way to get your files out into the network.

Previously i have run a dedicated samba service to share my files as I’ve come from various linux distros which require it. Seems i should be doing things differently on OpenSolaris.

The dedicated samba service is called;

svc:/network/samba:default

The new kernel embedded solaris smb/cifs service is called;

svc:/network/smb/server:default

If you do not have it running or installed you’ll need to add the following packages (use package manager);

SUNWsmbs

SUNWsmbskr

Update : both these packages are called SUNWsmbfs in newer builds

Enable the service via “services” gui else use the svcadm command;

svcadm enable svc:/network/smb/server:default

This is a great page on how to do a basic cifs setup http://blogs.sun.com/timthomas/entry/solaris_cifs_in_workgroup_mode

I just need to find a bit more detail on how to configure access to the shares (update: see below). In another post i made previously using samba it was easy enough to restrict guests to read only while giving some users rw access… I’m also interested in whether its possible to backup or manually configure the cifs server via any config file? Still looking into this one.

First step is to disable the samba service and enable the solaris smb/cifs service;

svcadm disable network/samba

svcadm enable -r smb/server – the “r” switch also enables all services that smb requires.

The next step is to add the following line to your /etc/pam.conf file. This is so future changes to passwords  also update the smb password file;

other   password required       pam_smb_passwd.so.1     nowarn

now set the name of the workgroup…

smbadm join -w workgroup

now setup your users (you have to reset your current passwords to update the password file above). I usually create and use a “Guest” account to keep some windows boxes happy. I set the guest account password to blank…

useradd guest

passwd guest – then enter twice to enter a blank password

Next its time to setup the actual shares. If you have a zfs pool setup (you most likey do if you are running opensolaris) then you can share your data via the zfs command like so….   (i have a “backups” zfs file system within a “unprotected” zpool)

zfs set sharesmb=on unprotected/backups

Unfortunately this creates a share called “unprotected_backups” which can be seen via the sharemgr show -vp command. To rename the share to something more appropriate do the following…

zfs set sharesmb=name=backups unprotected/backups

All going well the share should now be called “backups”, if you have both the old and new name listed restart the smb server : svcadm restart smb/server

From your windows machine you should be able to browse to your share via \\servername\backups, if you get a prompt then type “guest” and press enter. Here is an example of a quick and easy way to mount drives via an XP commandline…

net use * \\serverip\backups /user:guest

Update: i have figured out the ACLs for cifs — See this Post