Server/storage: Unterschied zwischen den Versionen
< Server
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 7: | Zeile 7: | ||
FreeBSD Jail Container | FreeBSD Jail Container | ||
* minidlna | * minidlna | ||
* nfs | * nfs(3) | ||
* samba ( | * samba(4) | ||
* ftp (in arbeit) | * ftp (in arbeit) | ||
Zeile 121: | Zeile 121: | ||
</source> | </source> | ||
== HOST: Samba 4 == | |||
=== Samba4 Installation === | |||
* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0 | |||
<source lang=bash> | |||
cd /usr/ports/net/samba4/ && make install clean | |||
</source> | |||
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL | |||
<source lang=bash> | |||
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4 | |||
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db | |||
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db | |||
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4 | |||
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4 | |||
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool | |||
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool | |||
</source> | |||
=== Samba4 Provisionierung === | |||
<source lang=bash> | |||
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL | |||
</source> | |||
=== Samba4 Config === | |||
vi /usr/local/etc/smb4.conf | |||
<source lang=bash> | |||
### ### ### C3D2 ### ### ### | |||
# Global parameters | |||
[global] | |||
workgroup = HQ | |||
realm = HQ.C3D2.DE | |||
netbios name = STORAGE | |||
server role = active directory domain controller | |||
idmap_ldb:use rfc2307 = yes | |||
### dns forwarder = 172.22.99.51 | |||
server services = -smb +s3fs -nbt | |||
dcerpc endpoint servers = -winreg -srvsvc | |||
### ### ### C3D2 ### ### ### | |||
# | |||
server string = %h - FreeBSD ZFS Server | |||
interfaces = 172.22.99.52 | |||
bind interfaces only = Yes | |||
# disable printer support | |||
disable spoolss = Yes | |||
# allow dynamic dns update / true = nonsecure + signed | |||
allow dns updates = signed | |||
# freebsd specific | |||
nsupdate command = /usr/local/bin/samba-nsupdate -g | |||
# added to allow asynchronous I/O (make sure to load the kernel module aio) | |||
aio read size = 16384 | |||
aio write size = 16384 | |||
### ### # server options | |||
server min protocol = NT1 | |||
server max protocol = SMB3 | |||
disable netbios = Yes | |||
smb ports = 445 | |||
server signing = auto | |||
# protocol stream encryption for smbclient | |||
smb encrypt = auto | |||
### ### # client options (for local services / smbclient etc.) | |||
client min protocol = NT1 | |||
client max protocol = SMB3 | |||
client ldap sasl wrapping = seal | |||
client signing = auto | |||
client schannel = auto | |||
lanman auth = No | |||
ntlm auth = No | |||
client use spnego = Yes | |||
client ntlmv2 auth = Yes | |||
client lanman auth = No | |||
client plaintext auth = No | |||
### experimental ### | |||
### | |||
### dsdb:schema update allowed = Yes | |||
### | |||
### experimental ### | |||
# | |||
### ### ### C3D2 ### ### ### | |||
[netlogon] | |||
path = /var/db/samba4/sysvol/hq.c3d2.de/scripts | |||
read only = No | |||
browseable = no | |||
[sysvol] | |||
path = /var/db/samba4/sysvol | |||
read only = No | |||
browseable = no | |||
### ### ### C3D2 ### ### ### | |||
[rpool] | |||
path = /rpool | |||
valid users = k-ot | |||
map acl inherit = yes | |||
browseable = yes | |||
public = yes | |||
writable = yes | |||
posix locking = yes | |||
create mask = 0664 | |||
directory mask = 0775 | |||
strict locking = no | |||
store dos attributes = yes | |||
### nt acl support = yes | |||
### csc policy = disable | |||
inherit acls = Yes | |||
inherit owner = no | |||
inherit permissions = no | |||
map archive = No | |||
map readonly = no | |||
vfs objects = shadow_copy2, zfsacl | |||
nfs4:mode = special | |||
nfs4:acedup = merge | |||
nfs4:chown = yes | |||
shadow: format = -CRON-%Y.%m.%d-%H.%M | |||
shadow: sort = desc | |||
shadow: snapdir = .zfs/snapshot | |||
### ### ### C3D2 ### ### ### | |||
# EOF | |||
</source> | |||
=== Samba4 Map Users to thier UNIX UID === | |||
<source lang=bash> | |||
id k-ot | |||
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot) | |||
samba-tool user add k-ot | |||
New Password: | |||
Retype Password: | |||
User 'k-ot' created successfully | |||
service samba_server start | |||
wbinfo --name-to-sid k-ot | |||
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1) | |||
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108 | |||
3000022 | |||
service samba_server stop | |||
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108 | |||
xidNumber: 1003 | |||
# 0 adds 1 modifies 0 deletes | |||
/usr/local/bin/testparm | |||
samba-tool dbcheck | |||
samba-tool ntacl sysvolcheck | |||
</source> | |||
== SMB Import unter Linux == | |||
<source lang=bash> | |||
</source> | |||
== HOST: crontab == | == HOST: crontab == | ||
Zeile 129: | Zeile 324: | ||
== Log == | == Log == | ||
* NFSv3 Export | * 10.05.2014 - Samba4 Support | ||
* 01.05.2014 - NFSv3 Export |
Version vom 10. Mai 2014, 20:22 Uhr
Hardware Info
Virtualisiert durch intern:Freebert
Software Info
FreeBSD Jail Container
- minidlna
- nfs(3)
- samba(4)
- ftp (in arbeit)
Verwendungszweck
- DLNA Sharing
- File Sharing
vi /etc/rc.conf
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
dirkter ZFS Export
zfs set sharenfs="-maproot=root -network=172.22.99.0 -mask=255.255.255.0" zroot/ezjail/storage.hq.c3d2.de/rpool
ZFS Clone Stand:
zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool
NFS Import unter Linux
apt-get install nfs-common portmap
mount:
mkdir /freebert-nfs
showmount -e 172.22.99.10
mount -t nfs 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs -o soft,timeo=1,noatime
setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.
NFS Import unter FreeBSD
vi /etc/rc.conf
nfs_client_enable="YES"
mount:
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs
NFS Import unter MacOS X
Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)
nfs://172.22.99.10/usr/jails/storage.hq.c3d2.de/rpool
bei Problemen mit Schreibrechten ->
mkdir freebert-nfs
sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /Users/<DEIN NAME>/freebert-nfs
Finder mit ROOT-Rechten!
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
NFS Import unter Windows (8)
Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren
Computer -> (Kontextmenü) Netzwerkadresse hinzufügen
\\172.22.99.10\usr\jails\storage.hq.c3d2.de\rpool
Berechtigungen für DLNA setzen
bei Änderungen / Upload bitte ein:
chown 1003:1003: ~/file
HOST: Samba 4
Samba4 Installation
- Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
cd /usr/ports/net/samba4/ && make install clean
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
Samba4 Provisionierung
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
Samba4 Config
vi /usr/local/etc/smb4.conf
### ### ### C3D2 ### ### ###
# Global parameters
[global]
workgroup = HQ
realm = HQ.C3D2.DE
netbios name = STORAGE
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
### dns forwarder = 172.22.99.51
server services = -smb +s3fs -nbt
dcerpc endpoint servers = -winreg -srvsvc
### ### ### C3D2 ### ### ###
#
server string = %h - FreeBSD ZFS Server
interfaces = 172.22.99.52
bind interfaces only = Yes
# disable printer support
disable spoolss = Yes
# allow dynamic dns update / true = nonsecure + signed
allow dns updates = signed
# freebsd specific
nsupdate command = /usr/local/bin/samba-nsupdate -g
# added to allow asynchronous I/O (make sure to load the kernel module aio)
aio read size = 16384
aio write size = 16384
### ### # server options
server min protocol = NT1
server max protocol = SMB3
disable netbios = Yes
smb ports = 445
server signing = auto
# protocol stream encryption for smbclient
smb encrypt = auto
### ### # client options (for local services / smbclient etc.)
client min protocol = NT1
client max protocol = SMB3
client ldap sasl wrapping = seal
client signing = auto
client schannel = auto
lanman auth = No
ntlm auth = No
client use spnego = Yes
client ntlmv2 auth = Yes
client lanman auth = No
client plaintext auth = No
### experimental ###
###
### dsdb:schema update allowed = Yes
###
### experimental ###
#
### ### ### C3D2 ### ### ###
[netlogon]
path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
read only = No
browseable = no
[sysvol]
path = /var/db/samba4/sysvol
read only = No
browseable = no
### ### ### C3D2 ### ### ###
[rpool]
path = /rpool
valid users = k-ot
map acl inherit = yes
browseable = yes
public = yes
writable = yes
posix locking = yes
create mask = 0664
directory mask = 0775
strict locking = no
store dos attributes = yes
### nt acl support = yes
### csc policy = disable
inherit acls = Yes
inherit owner = no
inherit permissions = no
map archive = No
map readonly = no
vfs objects = shadow_copy2, zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
shadow: format = -CRON-%Y.%m.%d-%H.%M
shadow: sort = desc
shadow: snapdir = .zfs/snapshot
### ### ### C3D2 ### ### ###
# EOF
Samba4 Map Users to thier UNIX UID
id k-ot
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)
samba-tool user add k-ot
New Password:
Retype Password:
User 'k-ot' created successfully
service samba_server start
wbinfo --name-to-sid k-ot
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
3000022
service samba_server stop
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108
xidNumber: 1003
# 0 adds 1 modifies 0 deletes
/usr/local/bin/testparm
samba-tool dbcheck
samba-tool ntacl sysvolcheck
SMB Import unter Linux
HOST: crontab
00 6 * * * root /usr/sbin/chown -R k-ot:k-ot /rpool
Log
- 10.05.2014 - Samba4 Support
- 01.05.2014 - NFSv3 Export