Samba user quota implementation question
Andrew Walker
awalker at ixsystems.com
Wed May 27 23:46:35 UTC 2020
Depending on the situation, you may need "winbind enum users = yes" and
"winbind enum groups = yes" in your smb.conf for AD user quotas to be
enumerated. It might be nice to have some mechanism to override the default
user quota enumeration method in Samba. For example "zfs userspace
<dataset>" and "zfs groupspace <dataset>" will enumerate user / group
quotas on a given dataset (and the equivalent can be obtained (though not
trivially easily) through libzfs.
Andrew
On Wed, May 27, 2020 at 6:17 PM Krishna Harathi via samba-technical <
samba-technical at lists.samba.org> wrote:
> On the contrary; normally, there is no passwd entry made for a AD user in
> the local password file.
>
> The set user-quota (for a user user-quota was not set before) is working
> fine as intended without any manual addition to local password file.
>
> I have to manually add the uid/gid entry of the SID/GID of the user
> authenticated/authorized by AD, in order for the windows client to
> list/show the user that has user-quota already set.
>
> My question is - is it expected to find the subset of AD users with
> user-quota set in the local password file ?
> I am trying to figure out if there is any other way to accomplish windows
> client listing existing quota without this manual intervention.
> But if this is expected, I will find a way to make those entries in the
> local password file when a quota for a new user is set.
>
> Hope this explanation helps to describe the problem more. I will post the
> actual smb.conf file asap (not available at this moment). We have the "get
> quota command" and "set quota command" values and AD server with idmap
> "backend = autorid" and range configured.
>
> Regards.
> Krishna Harathi
>
>
> On 5/27/20, 12:53 PM, "samba-technical on behalf of Rowland penny via
> samba-technical" <samba-technical-bounces at lists.samba.org on behalf of
> samba-technical at lists.samba.org> wrote:
>
> ***EXTERNAL SENDER. Only open links and attachments from known
> senders. DO NOT provide your username or password.***
>
> On 27/05/2020 20:42, Krishna Harathi via samba-technical wrote:
> > Our OneXafe FS supports share/fs level quota using smb.conf “set
> quota command” and “get quota command”.
> >
> > We are currently extending support to user-level quotas using the
> same interface, when Samba smbd is an AD DC member.
> >
> > Setting user quota from a windows client is working as expected. But
> once quota is set, none of the users are listed in the quota’s pop-up
> window, so cannot delete or modify quota properties. Moreover, creating a
> new quota entry for the same user is generating a “quota entry already
> exists for this user” error.
> >
> > By tracing get/set requests to our file server, I see that our FS
> server is receiving a get request for Samba for every user entry in the
> local password file, but none for the UID of the DC member user. But I do
> see a default quota get request for the group GID.
> >
> > The problem seems to be that the get/set command interface does not
> obviously support a “list” user quota api to the hosting FS.
> >
> > Questions on this – We can post and manage user entry (host-local
> uid/gid) corresponding to the DC user sid/gid whenever a “set user quota”
> is received. I did verify that when an entry is made manually, windows user
> quota workflow behaves as expected. Is the problem assumption correct and
> is this a way to implement? Is there a better way, given the constraints?
> >
> > We are using Samba 4.7.11 patched with
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D13553%23c17&data=01%7C01%7Ckrishna.harathi%40storagecraft.com%7Cb00f68c028324ea5ece308d80277a7c3%7C99f4e3c9bed5443dbd532b3f22d4eddf%7C0&sdata=T6FbBy04TqSxJ%2FFx%2BZ3nVF29h%2BoHdNEqqIwuZXzm0hY%3D&reserved=0
> fix for 4.7.
> >
> > Any help is this issue is much appreciated in advance.
> >
> > Regards.
> > Krishna Harathi
>
> From reading the above, it looks like you are saying that you have the
> same users in /etc/passwd and AD, is this correct ?
>
> Can you also please post the entire smb.conf you are using on the
> OneXafe.
>
> Rowland
>
>
>
>
>
More information about the samba-technical
mailing list