Samba user quota implementation question

Rowland penny rpenny at
Thu May 28 07:11:58 UTC 2020

On 28/05/2020 02:27, Krishna Harathi wrote:
> Andrew – Tried with "winbind enum users = yes" and "winbind enum 
> groups = yes" configuration, no change or improvement.
> Rowland – smb.conf attached.
> Regards.
> Krishna Harathi
> *From: *Andrew Walker <awalker at>
> *Date: *Wednesday, May 27, 2020 at 4:45 PM
> *To: *Krishna Harathi <krishna.harathi at>
> *Cc: *Rowland penny <rpenny at>, Isaac Boukris via 
> samba-technical <samba-technical at>
> *Subject: *Re: Samba user quota implementation question
> ****EXTERNAL SENDER. Only open links and attachments from known 
> senders. DO NOT provide your username or password.****
> Depending on the situation, you may need "winbind enum users = yes" 
> and "winbind enum groups = yes" in your smb.conf for AD user quotas to 
> be enumerated. It might be nice to have some mechanism to override the 
> default user quota enumeration method in Samba. For example "zfs 
> userspace <dataset>" and "zfs groupspace <dataset>" will enumerate 
> user / group quotas on a given dataset (and the equivalent can be 
> obtained (though not trivially easily) through libzfs.
> Andrew
> On Wed, May 27, 2020 at 6:17 PM Krishna Harathi via samba-technical 
> <samba-technical at 
> <mailto:samba-technical at>> wrote:
>     On the contrary; normally, there is no passwd entry made for a AD
>     user in the local password file.
>     The set user-quota (for a user user-quota was not set before) is
>     working fine as intended without any manual addition to local
>     password file.
>     I have to manually add the uid/gid entry of the SID/GID of the
>     user authenticated/authorized by AD,  in order for the windows
>     client to list/show the user that has user-quota already set.
>     My question is - is it expected to find the subset of AD users
>     with user-quota set in the local password file ?
>     I am trying to figure out if there is any other way to accomplish
>     windows client listing existing quota without this manual
>     intervention.
>     But if this is expected, I will find a way to make those entries
>     in the local password file when a quota for a new user is set.
>     Hope this explanation helps to describe the problem more. I will
>     post the actual smb.conf file asap (not available at this moment).
>     We have the "get quota command" and "set quota command" values and
>     AD server with idmap "backend = autorid" and range configured.
>     Regards.
>     Krishna Harathi
>     On 5/27/20, 12:53 PM, "samba-technical on behalf of Rowland penny
>     via samba-technical" <samba-technical-bounces at
>     <mailto:samba-technical-bounces at> on behalf of
>     samba-technical at
>     <mailto:samba-technical at>> wrote:
>         ***EXTERNAL SENDER. Only open links and attachments from known
>     senders. DO NOT provide your username or password.***
>         On 27/05/2020 20:42, Krishna Harathi via samba-technical wrote:
>         > Our OneXafe FS  supports share/fs level quota using smb.conf
>     “set quota command” and “get quota command”.
>         >
>         > We are currently extending support to user-level quotas
>     using the same interface, when Samba smbd is an AD DC member.
>         >
>         > Setting user quota from a windows client is working as
>     expected. But once quota is set, none of the users are listed in
>     the quota’s pop-up window, so cannot delete or modify quota
>     properties. Moreover, creating a new quota entry for the same user
>     is generating a “quota entry already exists for this user” error.
>         >
>         > By tracing get/set requests to our file server, I see that
>     our FS server is receiving a get request for Samba for every user
>     entry in the local password file, but none for the UID of the DC
>     member user. But I do see a default quota get request for the
>     group GID.
>         >
>         > The problem seems to be that the get/set command interface
>     does not obviously support a “list” user quota api to the hosting FS.
>         >
>         > Questions on this –  We can post and manage user entry
>     (host-local uid/gid) corresponding to the DC user sid/gid whenever
>     a “set user quota” is received. I did verify that when an entry is
>     made manually, windows user quota workflow behaves as expected. Is
>     the problem assumption correct and is this a way to implement? Is
>     there a better way, given the constraints?
>         >
>         > We are using Samba 4.7.11 patched with
>     <>
>     fix for 4.7.
>         >
>         > Any help is this issue is much appreciated in advance.
>         >
>         > Regards.
>         > Krishna Harathi
>          From reading the above, it looks like you are saying that you
>     have the
>         same users in /etc/passwd and AD, is this correct ?
>         Can you also please post the entire smb.conf you are using on
>     the OneXafe.
>         Rowland
Is this computer a member of a CTDB cluster, if not, remove 'clustering 
= yes'

You have:

idmap config * : backend = tdb
idmap config * : range = 2000000-2999999


idmap config *: backend = autorid
idmap config *: range = 10000000-2020000000
idmap config *: rangesize = 100000000

You cannot have both ;-)

I would suggest you remove the first two lines.

You have a share called 'Public' with 'guest ok = yes' and presumably it 
is supposed to be a public share, it isn't, because you do not have 'map 
to guest = bad user' set in '[global]'. I also cannot see how quota is 
going to work on a share where everything is going to end up belonging 
to nobody:nogroup.

Finally if 'path = /exports/Public' and 'path = /exports/TestQ' means 
that you are sharing NFS shares via Samba, then this is never a good idea.


More information about the samba-technical mailing list