Monday, August 15, 2016

Gotchas when migrating from Samba to Oracle Solaris 11 SMB Server

I am in the middle of migrating "Oracle Solaris 11 non-global zone running Samba" to an "Oracle Solaris 11 kernel zone running SMB server".
This blog isn't going to explain why you want to move and/or advantages/disadvantages, but I may get to do that at a later date. It is he to warn you about some things which you may not be aware of.


  •  Enable cross-protocol locking
    • I would check if you really need to set this up. I wouldn't unless you know for sure that the files could be altered on both NFS and SMB at the same time.
      1. I found file handling slower with "nbmand=on" 
      2. Fails on IMAP (dovecot) users folders
      3. I know of at least one bug with GNOME gedit (23155179 - A local ZFS filesystem with 'nbmand=on' causes gedit saves to fail with EACCES - fixed in 11.3.12.4.0 SRU 12.4
      4. Microsoft Money Plus does not work with it (I know but it is important for me)
  • File access and ACLs
    • You may find out that users may lose access to files and directories, if this happens check file permissions. Reason is samba follows normal Unix permissions (if you can access it from the shell it will work in Samba) but SMB looks at the full ACL list if they exist. For example:
# Standard permissions are fine for SMB or Samba
$ ls -ldV OK_for_Samba_or_SMB
drwx--x--x   2 andrew   staff          2 Aug 12 12:35 OK_for_Samba_or_SMB
                 owner@:rwxp-DaARWcCos:-------:allow
                 group@:--x---a-R-c--s:-------:allow
              everyone@:--x---a-R-c--s:-------:allow

# If ACL get a bit messy they will work for Samba but SMB may fail
$ ls -ldV OK_for_Samba
drwxr-xr-x+  4 andrew   staff          4 Aug 12 12:46 OK_for_Samba
                 owner@:rwxpdDaARWcCo-:fd-----:allow
                 group@:r-x---a-R-c---:-------:allow
              everyone@:r-x---a-R-c---:-------:allow

# You can fix the above by resetting (use chmod A-) or by adding a new ACL for the owner (chmod A+user:andrew:rwxpdDaARWcCos:fd-----:allow)
$ ls -ldV OK_for_SMB
drwxr-xr-x+  2 andrew   staff          2 Aug 12 12:52 OK_for_SMB
            user:andrew:rwxpdDaARWcCos:fd-----:allow
                 owner@:rwxpdDaARWcCo-:fd-----:allow
                 group@:r-x---a-R-c---:-------:allow
              everyone@:r-x---a-R-c---:-------:allow
  • Shares. You have to think about how you share your files to a windows client, since SMB shares are done at the ZFS level. So you can either share the level above your users files (i.e. /export/home) and mount on the client the right directory. Otherwise you create a filesystem for all your users.
    • Note that Solaris can handle many shares, but you will notice it gets a bit slow to create a new share!
# A typical share for my users 
NAME                           USED  AVAIL  REFER  MOUNTPOINT
dpool/staff/andrew             487G   316G   184G  /dpool/staff/andrew
dpool/staff/andrew%andrew_nfs     -      -      -  /dpool/staff/andrew (NFS share)
dpool/staff/andrew%andrew         -      -      -  /dpool/staff/andrew (SMB share)


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)