[Samba] vfs fruit unable to create xattr and ACL from OS X 10.10.4

Michal Moravec michalm.mac at gmail.com
Tue Jul 28 12:55:32 UTC 2015 

Hello

I am trying to integrate OS X 10.10.4 clients into existing Samba infractructure run by our IT department.
We are currently using Samba 4.2.3.
File share is stored on iSCSI array with ext4 filesystem which should support both ACL and XATTR.

We are trying to setup vfs_fruit module to avoid possible performance problems on OS X clients.
We do NOT user netatalk.

Current vfs_fruit config:

       vfs objects = catia fruit streams_xattr
       fruit:resource = file
       fruit:metadata = netatalk
       fruit:locking = none
       fruit:encoding = private
       fruit:aapl = yes
       readdir_attr:aapl_rsize = true
       readdir_attr:aapl_finder_info = true
       readdir_attr:aapl_max_access = true
       fruit:nfs_aces = yes
       fruit:veto_appledouble = yes

Problem -> OS X clients are unable to create new extended attributes (and ACLs) with exception of ResourceFork and FinderInfo which are handled directly by vfs_fruit and saved to internal AppleDouble file.

When I try to create new custom extended attribute with xattr -w com.xattr.example testdata somefile
and than try to display it with ls -lae@ there is nothing there.

When I try to set new ACL with chmod +a “some ace” file I get “Operation not supported”.


I want to ask about few things.

1) from vfs_fruit man page -> “All other named streams are deferred to vfs_streams_xattr which must be loaded together with vfs_fruit.” From vfs_streams_xattr man page  “The file system that is shared with this module enabled must support xattrs.”.
How do I confirm for sure that our storage supports required xattrs thus vfs_streams_xattr module should work with it?

2) Is there possible misconfiguration in vfs_fruit options listed above? Is there any missing configuration for vfs_streams_xattr module?

3) Is it possible that OS X client is trying write directly to AppleDouble files which can’t be accessed because of vetoing? (See log bellow) 

Log -> I was trying to create xattr for files m/moravmi8/test/drak and m/moravmi8/test/xattr.

[2015/07/28 14:12:52.509058,  3, pid=2393, effective(11669, 100),
real(11669, 0), class=vfs] ../source3/smbd/vfs.c:1143(check_reduced_name)
 check_reduced_name [m/moravmi8/test/drak] [/mnt/ucebny_home/home]
[2015/07/28 14:12:52.509116,  3, pid=2393, effective(11669, 100),
real(11669, 0), class=vfs] ../source3/smbd/vfs.c:1273(check_reduced_name)
 check_reduced_name: m/moravmi8/test/drak reduced to
/mnt/ucebny_home/home/m/moravmi8/test/drak
[2015/07/28 14:12:52.509190,  3, pid=2393, effective(11669, 100),
real(11669, 0)] ../source3/smbd/dosmode.c:196(unix_mode)
 unix_mode(m/moravmi8/test/drak) returning 0744
[2015/07/28 14:12:52.509343,  2, pid=2393, effective(11669, 100),
real(11669, 0)] ../source3/smbd/open.c:1005(open_file)
 UCEBNY\moravmi8 opened file m/moravmi8/test/drak read=No write=No
(numopen=2)
[2015/07/28 14:12:52.509748,  2, pid=2393, effective(11669, 100),
real(11669, 0), class=fruit]
../source3/modules/vfs_fruit.c:880(ad_header_read_rsrc)
 open AppleDouble: m/moravmi8/test/._drak, No such file or directory
[2015/07/28 14:12:52.509875,  2, pid=2393, effective(11669, 100),
real(11669, 0)] ../source3/smbd/close.c:780(close_normal_file)
 UCEBNY\moravmi8 closed file m/moravmi8/test/drak (numopen=1) NT_STATUS_OK
[2015/07/28 14:12:52.510396,  3, pid=2393, effective(11669, 100),
real(11669, 0), class=vfs] ../source3/smbd/vfs.c:1143(check_reduced_name)
 check_reduced_name [m/moravmi8/test/xattr] [/mnt/ucebny_home/home]
[2015/07/28 14:12:52.510452,  3, pid=2393, effective(11669, 100),
real(11669, 0), class=vfs] ../source3/smbd/vfs.c:1273(check_reduced_name)
 check_reduced_name: m/moravmi8/test/xattr reduced to
/mnt/ucebny_home/home/m/moravmi8/test/xattr
[2015/07/28 14:12:52.510877,  2, pid=2393, effective(11669, 100),
real(11669, 0), class=fruit]
../source3/modules/vfs_fruit.c:880(ad_header_read_rsrc)
 open AppleDouble: m/moravmi8/test/._xattr, No such file or directory

Captured packets from Wireshark in attachment.

If you have any ideas how should I procede I would be happy to hear them :-)
Regards
Michal Moravec
-------------- next part --------------

More information about the samba mailing list