[Samba] Samba 4 CTDB setting Permission from Windows

Stefan Kania stefan at kania-online.de
Fri Jan 9 09:27:33 MST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

I try to set up a GlusterFS together with CTDB. The OS on all systems
is Debian wheezy. No backports aktiv. All Samba-packages are from
Sernet (samba 4.14)
My setup is the following:

- ------------
GlusterFS:
- ------------
Node1: 192.168.57.101
Node2: 192.168.57.102

Two nodes each with one disk. The disks are formated. The disks are
mounted.
GlusterFS ist running without any errors.

Version of Gluster:
ii  glusterfs-server  3.5.0-1 amd64 clustered file-system (server package)

- --------------
CTDB-Cluster:
- --------------
I mounted the GlusterFS over the network to my samba 4 CTDB-nodes:

CTDB-Version:
ii  ctdb 1.0.114.9-2   amd64        Clustered TDB

Gluster on the clients:
ii  glusterfs-client 3.5.0-1 amd64  clustered file-system (client package)


Network for Gluster communication
CTDB-node1: 192.168.57.201
CTDB-node2: 192.168.57.202
Network for heartbeat communication:
CTDB-node1: 192.168.56.201
CTDB-node2: 192.168.56.201

Mountoptions on both CTDB-nodes in /etc/fstab:
san1:/gv0 /GL-lokal glusterfs defaults,_netdev,acl 0 0

The Cluster is working fine as you can see here:
- ---------------
root at fs1:~# ctdb status
Number of nodes:2
pnn:0 192.168.57.201   OK (THIS NODE)
pnn:1 192.168.57.202   OK
Generation:1420468989
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:1
- ---------------

On the commandline I can change permissions and ACLs with setfacl, I
can set and reset default ACLs.

Here are my smb.conf-settings from the registry:
- -------------
root at fs1:/glusterfs# net registry export 'hklm\software\samba' /dev/stdout
Windows Registry Editor Version 5.00

[HKLM\software\samba]

[HKLM\software\samba\smbconf]

[HKLM\software\samba\smbconf\global]
"workgroup"="samba-ad"
"netbios name"="cluster-fs"
"security"="ads"
"realm"="SAMBA-AD.LOKAL"
"idmap config *:range"="1000000-1999999"
"idmap config samba-ad:backend"="rid"
"idmap config samba-ad:range"="1000000-1999999"
"winbind enum users"="yes"
"winbind enum groups"="yes"
"winbind use default domain"="yes"
"store dos attributes"="yes"
"map acl inherit"="yes"
"template shell"="/bin/bash"
"winbind refresh tickets"="yes"
"wins server"="192.168.123.205"
"vfs objects"="acl_xattr"
"template homedir"="/GL-lokal/daten/home/%U"

[HKLM\software\samba\smbconf\daten]
"comment"="Daten im Cluster"
"guest ok"="no"
"read only"="no"
"browseable"="yes"
"hide unreadable"="yes"
"path"="/GL-lokal/daten"

[HKLM\software\samba\smbconf\users]
"comment"="home-dir"
"guest ok"="no"
"read only"="no"
"browseable"="no"
"create mask"="700"
"directory mask"="700"
"path"="/GL-lokal/daten/home"

[HKLM\software\samba\smbconf\profile]
"comment"="Servergesp. Profile"
"guest ok"="no"
"read only"="no"
"browseable"="no"
"profile acls"="yes"
"path"="/GL-lokal/daten/profile"

[HKLM\software\samba\smbconf\linux]
"comment"="Linux-acl"
"guest ok"="no"
"read only"="no"
"path"="/GL-lokal/linux/"

[HKLM\software\samba\smbconf\linux2]
"comment"="Linux-acl2"
"guest ok"="no"
"read only"="no"
"path"="/GL-lokal/linux2/"

[HKLM\software\samba\Group Policy]
;Local Variables:
;coding: UTF-8
;End:
- ----------------

The Cluster is Domainmember:

root at fs1:~# net rpc testjoin
Join to 'SAMBA-AD' is OK


If I add aditional permissions as Domainadministrator to any file or
directory via Windows-explorer it works.

BUT when I try to remove permissions or reset the inheritance of
filesystempermission on a file or directory I'll get an errormessage.
the following picture shows the error:
http://www.bilder-upload.eu/show.php?file=1613a0-1420819849.png
It's german but I think it's windows and it will look the same in all
languages.
For this picture I try to remove the filepermission inheritance from a
dictory to start with new set of permissions in this subdirectory

I didn't get any errormessages in any logfile. Even with loglevel set
to 10 ther is no error in any logfile :-(

Because there are no error-messages in any logfile, I don't know where
to look.
I think as long as I can't reset permissions from Windows this
combination is not usable :-(
To bad, because GlusterFS works very good.

I hope, someone can give me a hint.

Stefan

- -- 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSwAXUACgkQ2JOGcNAHDTbYLQCcCRJ4j09jVPZPReA/G5RwaFPC
MwMAoIVfe+ePPqzDlY2GewRRY1TZeopx
=5X5v
-----END PGP SIGNATURE-----


More information about the samba mailing list