Samba user quota implementation question

Krishna Harathi krishna.harathi at storagecraft.com
Thu May 28 01:27:14 UTC 2020 

Andrew – Tried with "winbind enum users = yes" and "winbind enum groups = yes" configuration, no change or improvement.

Rowland – smb.conf attached.

Regards.
Krishna Harathi


From: Andrew Walker <awalker at ixsystems.com>
Date: Wednesday, May 27, 2020 at 4:45 PM
To: Krishna Harathi <krishna.harathi at storagecraft.com>
Cc: Rowland penny <rpenny at samba.org>, Isaac Boukris via samba-technical <samba-technical at lists.samba.org>
Subject: Re: Samba user quota implementation question


***EXTERNAL SENDER. Only open links and attachments from known senders. DO NOT provide your username or password.***
Depending on the situation, you may need "winbind enum users = yes" and "winbind enum groups = yes" in your smb.conf for AD user quotas to be enumerated. It might be nice to have some mechanism to override the default user quota enumeration method in Samba. For example "zfs userspace <dataset>" and "zfs groupspace <dataset>" will enumerate user / group quotas on a given dataset (and the equivalent can be obtained (though not trivially easily) through libzfs.

Andrew

On Wed, May 27, 2020 at 6:17 PM Krishna Harathi via samba-technical <samba-technical at lists.samba.org<mailto:samba-technical at lists.samba.org>> wrote:
On the contrary; normally, there is no passwd entry made for a AD user in the local password file.

The set user-quota (for a user user-quota was not set before) is working fine as intended without any manual addition to local password file.

I have to manually add the uid/gid entry of the SID/GID of the user authenticated/authorized by AD,  in order for the windows client to list/show the user that has user-quota already set.

My question is - is it expected to find the subset of AD users with user-quota set in the local password file ?
I am trying to figure out if there is any other way to accomplish windows client listing existing quota without this manual intervention.
But if this is expected, I will find a way to make those entries in the local password file when a quota for a new user is set.

Hope this explanation helps to describe the problem more. I will post the actual smb.conf file asap (not available at this moment). We have the "get quota command" and "set quota command" values and AD server with idmap "backend = autorid" and range configured.

Regards.
Krishna Harathi


On 5/27/20, 12:53 PM, "samba-technical on behalf of Rowland penny via samba-technical" <samba-technical-bounces at lists.samba.org<mailto:samba-technical-bounces at lists.samba.org> on behalf of samba-technical at lists.samba.org<mailto:samba-technical at lists.samba.org>> wrote:

    ***EXTERNAL SENDER. Only open links and attachments from known senders. DO NOT provide your username or password.***

    On 27/05/2020 20:42, Krishna Harathi via samba-technical wrote:
    > Our OneXafe FS  supports share/fs level quota using smb.conf “set quota command” and “get quota command”.
    >
    > We are currently extending support to user-level quotas using the same interface, when Samba smbd is an AD DC member.
    >
    > Setting user quota from a windows client is working as expected. But once quota is set, none of the users are listed in the quota’s pop-up window, so cannot delete or modify quota properties. Moreover, creating a new quota entry for the same user is generating a “quota entry already exists for this user” error.
    >
    > By tracing get/set requests to our file server, I see that our FS server is receiving a get request for Samba for every user entry in the local password file, but none for the UID of the DC member user. But I do see a default quota get request for the group GID.
    >
    > The problem seems to be that the get/set command interface does not obviously support a “list” user quota api to the hosting FS.
    >
    > Questions on this –  We can post and manage user entry (host-local uid/gid) corresponding to the DC user sid/gid whenever a “set user quota” is received. I did verify that when an entry is made manually, windows user quota workflow behaves as expected. Is the problem assumption correct and is this a way to implement? Is there a better way, given the constraints?
    >
    > We are using Samba 4.7.11 patched with https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D13553%23c17&data=01%7C01%7Ckrishna.harathi%40storagecraft.com%7Cb00f68c028324ea5ece308d80277a7c3%7C99f4e3c9bed5443dbd532b3f22d4eddf%7C0&sdata=T6FbBy04TqSxJ%2FFx%2BZ3nVF29h%2BoHdNEqqIwuZXzm0hY%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D13553%23c17&data=01%7C01%7Ckrishna.harathi%40storagecraft.com%7Cebaa380afa4b42ec029108d802980280%7C99f4e3c9bed5443dbd532b3f22d4eddf%7C0&sdata=JMjlHIwI3IZb3S6JW8ON0%2FdTpRg7LBFwi6INMjLAvYQ%3D&reserved=0> fix for 4.7.
    >
    > Any help is this issue is much appreciated in advance.
    >
    > Regards.
    > Krishna Harathi

     From reading the above, it looks like you are saying that you have the
    same users in /etc/passwd and AD, is this correct ?

    Can you also please post the entire smb.conf you are using on the OneXafe.

    Rowland



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 2187 bytes
Desc: smb.conf
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200528/028e5c5b/smb.obj>

More information about the samba-technical mailing list