[Samba] Samba locking with NFS backend.

Jan Hugo Prins jhp at jhprins.org
Tue Jan 8 00:12:58 GMT 2008

Greg Byshenk wrote:
> On Mon, Jan 07, 2008 at 10:38:30PM +0100, Jan Hugo Prins wrote:
>> I'm in a bit of a loss at the moment.
>> We have the following situation, we are running Samba for a lot of small 
>> companies that need fileservices for there Windows Terminal Servers that 
>> they use through a thin client on a Fiber / Lan extention to our datacentre.
>> We have this samba running on 2 linux hosts (Fedora Core 5 and Fedora 7) 
>> with a ldap backend for all the domains.
>> This works ok, except for 1 thing.
>> In the past we synced server1 to server2 every hour and when there was a 
>> problems with a server, the users would only loose 1 hour of work at 
>> most and server 2 would take over all configurations. So far so good, 
>> when there are not too much customers.
>> But we have had some growth recently and we added a central NFS server 
>> to our setup. This server (Isilon IQ9000) is fully redundant so in 
>> theory we could put any number of Samba frontend servers in front of it, 
>> and we don't have to sync anymore.
>> But now the problem, when we put the user data on the NFS backend, users 
>> are complaining that they are not able to edit documents in Word because 
>> they get a error that they can only open the file readonly. Excell the 
>> same problem. But copying a file for example works ok. In general you 
>> can divide the applications in 2 groups, 1 only readonly access to the 
>> data, and 1 no problem.
> [...]
>> Is this a known issue with a sollution, or have I fould a problem here 
>> without a current sollution?
> I'm no Samba or Linux kernel expert, but in my experience, re-exporting
> is almost always a bad idea.
> I could be mistaken, but it strikes me that the best solution, if you have
> something like the Isilon system, would be to use the Isilon's own CIFS
> capabilities. What is the gain from exporting from the Isilon via NFS and
> then trying to re-export using a separate Samba server?
The main reason we don't use the Cifs capabilities of the Isilon cluster 
is that it doesn't support how we use Samba / Ldap.
We have 1 LDAP tree, with all little OU's and each OU is the container 
for 1 domain.
We use a filter to make sure that a user that connect to the samba he 
has access to, only sees his part of the LDAP tree.
This filter functionality is something that is not available in the 
stock samba, it was before, and we patch it back into every samba we use 
in production.
We can't patch it into the Cifs server on the Isilon cluster.

Jan Hugo Prins

More information about the samba mailing list