Server/storage: Unterschied zwischen den Versionen

Aus C3D2
Wechseln zu: Navigation, Suche
Zeile 7: Zeile 7:
 
FreeBSD Jail Container
 
FreeBSD Jail Container
 
* minidlna
 
* minidlna
* nfs
+
* nfs(3)
* samba (in arbeit)
+
* samba(4)
 
* ftp (in arbeit)
 
* ftp (in arbeit)
  
Zeile 121: Zeile 121:
 
</source>
 
</source>
  
 +
== HOST: Samba 4 ==
 +
 +
=== Samba4 Installation ===
 +
 +
* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
 +
 +
<source lang=bash>
 +
cd /usr/ports/net/samba4/ && make install clean
 +
</source>
 +
 +
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL
 +
 +
<source lang=bash>
 +
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
 +
 +
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
 +
 +
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
 +
 +
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
 +
 +
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
 +
 +
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
 +
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
 +
</source>
 +
 +
=== Samba4 Provisionierung ===
 +
 +
<source lang=bash>
 +
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
 +
</source>
 +
 +
=== Samba4 Config ===
 +
 +
vi /usr/local/etc/smb4.conf
 +
 +
<source lang=bash>
 +
### ### ### C3D2 ### ### ###
 +
 +
# Global parameters
 +
[global]
 +
        workgroup = HQ
 +
        realm = HQ.C3D2.DE
 +
        netbios name = STORAGE
 +
        server role = active directory domain controller
 +
        idmap_ldb:use rfc2307 = yes
 +
### dns forwarder = 172.22.99.51
 +
 +
        server services = -smb +s3fs -nbt
 +
        dcerpc endpoint servers = -winreg -srvsvc
 +
 +
### ### ### C3D2 ### ### ###
 +
#
 +
        server string = %h - FreeBSD ZFS Server
 +
 +
        interfaces = 172.22.99.52
 +
        bind interfaces only = Yes
 +
 +
        # disable printer support
 +
        disable spoolss = Yes
 +
 +
        # allow dynamic dns update / true = nonsecure + signed
 +
        allow dns updates = signed
 +
 +
        # freebsd specific
 +
        nsupdate command = /usr/local/bin/samba-nsupdate -g
 +
 +
        # added to allow asynchronous I/O (make sure to load the kernel module aio)
 +
        aio read size = 16384
 +
        aio write size = 16384
 +
 +
### ### # server options
 +
 +
        server min protocol = NT1
 +
        server max protocol = SMB3
 +
 +
        disable netbios = Yes
 +
        smb ports = 445
 +
 +
        server signing = auto
 +
 +
        # protocol stream encryption for smbclient
 +
        smb encrypt = auto
 +
 +
### ### # client options (for local services / smbclient etc.)
 +
 +
        client min protocol = NT1
 +
        client max protocol = SMB3
 +
 +
        client ldap sasl wrapping = seal
 +
 +
        client signing = auto
 +
        client schannel = auto
 +
 +
        lanman auth = No
 +
        ntlm auth = No
 +
        client use spnego = Yes
 +
        client ntlmv2 auth = Yes
 +
        client lanman auth = No
 +
        client plaintext auth = No
 +
 +
### experimental ###
 +
###
 +
### dsdb:schema update allowed = Yes
 +
###
 +
### experimental ###
 +
 +
#
 +
### ### ### C3D2 ### ### ###
 +
 +
[netlogon]
 +
        path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
 +
        read only = No
 +
browseable = no
 +
 +
[sysvol]
 +
        path = /var/db/samba4/sysvol
 +
        read only = No
 +
browseable = no
 +
 +
### ### ### C3D2 ### ### ###
 +
 +
[rpool]
 +
        path = /rpool
 +
 +
valid users = k-ot
 +
map acl inherit = yes
 +
browseable = yes
 +
public = yes
 +
writable = yes
 +
posix locking = yes
 +
create mask = 0664
 +
directory mask = 0775
 +
strict locking = no
 +
store dos attributes = yes
 +
 +
### nt acl support = yes
 +
### csc policy = disable
 +
 +
inherit acls = Yes
 +
inherit owner = no
 +
inherit permissions = no
 +
map archive = No
 +
map readonly = no
 +
vfs objects = shadow_copy2, zfsacl
 +
nfs4:mode = special
 +
nfs4:acedup = merge
 +
nfs4:chown = yes
 +
 +
shadow: format = -CRON-%Y.%m.%d-%H.%M
 +
shadow: sort = desc
 +
shadow: snapdir = .zfs/snapshot
 +
 +
### ### ### C3D2 ### ### ###
 +
# EOF
 +
</source>
 +
 +
=== Samba4 Map Users to thier UNIX UID ===
 +
 +
<source lang=bash>
 +
id k-ot
 +
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)
 +
 +
samba-tool user add k-ot
 +
New Password:
 +
Retype Password:
 +
User 'k-ot' created successfully
 +
 +
service samba_server start
 +
 +
wbinfo --name-to-sid k-ot
 +
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)
 +
 +
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
 +
3000022
 +
 +
service samba_server stop
 +
 +
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108
 +
 +
xidNumber: 1003
 +
 +
# 0 adds  1 modifies  0 deletes
 +
 +
/usr/local/bin/testparm
 +
samba-tool dbcheck
 +
samba-tool ntacl sysvolcheck
 +
</source>
 +
 +
== SMB Import unter Linux ==
 +
 +
<source lang=bash>
 +
 +
</source>
  
 
== HOST: crontab ==
 
== HOST: crontab ==
Zeile 129: Zeile 324:
  
 
== Log ==
 
== Log ==
* NFSv3 Export
+
* 10.05.2014 - Samba4 Support
 +
* 01.05.2014 - NFSv3 Export

Version vom 10. Mai 2014, 22:22 Uhr


Hardware Info

Virtualisiert durch intern:Freebert

Software Info

FreeBSD Jail Container

  • minidlna
  • nfs(3)
  • samba(4)
  • ftp (in arbeit)

Verwendungszweck

  • DLNA Sharing
  • File Sharing

HOST: FreeBSD NFS Export / ZFS sharenfs

vi /etc/rc.conf

rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"

dirkter ZFS Export

zfs set sharenfs="-maproot=root -network=172.22.99.0 -mask=255.255.255.0" zroot/ezjail/storage.hq.c3d2.de/rpool

ZFS Clone Stand:

zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool


NFS Import unter Linux

apt-get install nfs-common portmap

mount:

mkdir /freebert-nfs

showmount -e 172.22.99.10

mount -t nfs 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs -o soft,timeo=1,noatime

setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.


NFS Import unter FreeBSD

vi /etc/rc.conf

nfs_client_enable="YES"

mount:

mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs


NFS Import unter MacOS X

Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)


nfs://172.22.99.10/usr/jails/storage.hq.c3d2.de/rpool


bei Problemen mit Schreibrechten ->


mkdir freebert-nfs

sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /Users/<DEIN NAME>/freebert-nfs


Finder mit ROOT-Rechten!


sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder


NFS Import unter Windows (8)

Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren

Computer -> (Kontextmenü) Netzwerkadresse hinzufügen


\\172.22.99.10\usr\jails\storage.hq.c3d2.de\rpool


Berechtigungen für DLNA setzen

bei Änderungen / Upload bitte ein:

chown 1003:1003: ~/file

HOST: Samba 4

Samba4 Installation

  • Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
cd /usr/ports/net/samba4/ && make install clean

@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL

rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4

zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db

newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db

mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4

mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4

zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool

Samba4 Provisionierung

/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL

Samba4 Config

vi /usr/local/etc/smb4.conf

### ### ### C3D2 ### ### ###

# Global parameters
[global]
        workgroup = HQ
        realm = HQ.C3D2.DE
        netbios name = STORAGE
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
### dns forwarder = 172.22.99.51

        server services = -smb +s3fs -nbt
        dcerpc endpoint servers = -winreg -srvsvc

### ### ### C3D2 ### ### ###
#
        server string = %h - FreeBSD ZFS Server

        interfaces = 172.22.99.52
        bind interfaces only = Yes

        # disable printer support
        disable spoolss = Yes

        # allow dynamic dns update / true = nonsecure + signed
        allow dns updates = signed

        # freebsd specific
        nsupdate command = /usr/local/bin/samba-nsupdate -g

        # added to allow asynchronous I/O (make sure to load the kernel module aio)
        aio read size = 16384
        aio write size = 16384

### ### # server options

        server min protocol = NT1
        server max protocol = SMB3

        disable netbios = Yes
        smb ports = 445

        server signing = auto

        # protocol stream encryption for smbclient
        smb encrypt = auto

### ### # client options (for local services / smbclient etc.)

        client min protocol = NT1
        client max protocol = SMB3

        client ldap sasl wrapping = seal

        client signing = auto
        client schannel = auto

        lanman auth = No
        ntlm auth = No
        client use spnego = Yes
        client ntlmv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No

### experimental ###
###
### dsdb:schema update allowed = Yes
###
### experimental ###

#
### ### ### C3D2 ### ### ###

[netlogon]
        path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
        read only = No
browseable = no

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No
browseable = no

### ### ### C3D2 ### ### ###

[rpool]
        path = /rpool

valid users = k-ot
map acl inherit = yes
browseable = yes
public = yes
writable = yes
posix locking = yes
create mask = 0664
directory mask = 0775
strict locking = no
store dos attributes = yes

### nt acl support = yes
### csc policy = disable

inherit acls = Yes
inherit owner = no
inherit permissions = no
map archive = No
map readonly = no
vfs objects = shadow_copy2, zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes

shadow: format = -CRON-%Y.%m.%d-%H.%M
shadow: sort = desc
shadow: snapdir = .zfs/snapshot

### ### ### C3D2 ### ### ###
# EOF

Samba4 Map Users to thier UNIX UID

id k-ot
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)

samba-tool user add k-ot
New Password: 
Retype Password: 
User 'k-ot' created successfully

service samba_server start

wbinfo --name-to-sid k-ot
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)

wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
3000022

service samba_server stop

ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108

xidNumber: 1003

# 0 adds  1 modifies  0 deletes

/usr/local/bin/testparm
samba-tool dbcheck
samba-tool ntacl sysvolcheck

SMB Import unter Linux

HOST: crontab

00      6       *       *       *       root    /usr/sbin/chown -R k-ot:k-ot /rpool

Log

  • 10.05.2014 - Samba4 Support
  • 01.05.2014 - NFSv3 Export