[Samba] Server-Side Copy Offload Limitations
Rowland Penny
rpenny at samba.org
Mon Sep 3 13:40:39 UTC 2018
On Mon, 3 Sep 2018 12:25:16 +0200
Adam Błaszczykowski via samba <samba at lists.samba.org> wrote:
> Hello,
>
> Server-Side Copy Offload wiki page states in Limitations section that
>
> - Both source and destination files must reside on the same Samba
> share!
>
> I was able to copy file between different shares located on the same
> zfs Pool without generating network traffic. Shares were created on
> Debian 8 with zfs filesystem and client was Windows Server 2016
> machine mapping shares as separate drives. Is it new functionality or
> I'm misunderstanding something about server-side copy?
>
> Samba version 4.7.3
>
> testparm -vvvv
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) Processing section "[share1]"
> Processing section "[share2]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
>
> Server role: ROLE_STANDALONE
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> abort shutdown script =
> add group script =
> add machine script =
> addport command =
> addprinter command =
> add share command =
> add user script =
> add user to group script =
> afs token lifetime = 604800
> afs username map =
> aio max threads = 100
> algorithmic rid base = 1000
> allow dcerpc auth level connect = No
> allow dns updates = secure only
> allow insecure wide links = No
> allow nt4 crypto = No
> allow trusted domains = Yes
> allow unsafe cluster upgrade = No
> async smb echo handler = No
> auth event notification = No
> auth methods =
> auto services =
> bind interfaces only = No
> browse list = Yes
> cache directory = /var/cache/samba
> change notify = Yes
> change share command =
> check password script =
> cldap port = 389
> client ipc max protocol = default
> client ipc min protocol = default
> client ipc signing = default
> client lanman auth = No
> client ldap sasl wrapping = sign
> client max protocol = default
> client min protocol = CORE
> client NTLMv2 auth = Yes
> client plaintext auth = No
> client schannel = Auto
> client signing = default
> client use spnego principal = No
> client use spnego = Yes
> cluster addresses =
> clustering = No
> config backend = file
> config file =
> create krb5 conf = Yes
> ctdbd socket =
> ctdb locktime warn threshold = 0
> ctdb timeout = 0
> cups connection timeout = 30
> cups encrypt = No
> cups server =
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
> lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey,
> dnsserver deadtime = 0
> debug class = No
> debug hires timestamp = Yes
> debug pid = No
> debug prefix timestamp = No
> debug uid = No
> dedicated keytab file =
> default service =
> defer sharing violations = Yes
> delete group script =
> deleteprinter command =
> delete share command =
> delete user from group script =
> delete user script =
> dgram port = 138
> disable netbios = No
> disable spoolss = No
> dns forwarder =
> dns proxy = Yes
> dns update command = /usr/sbin/samba_dnsupdate
> domain logons = Yes
> domain master = No
> dos charset = CP850
> enable asu support = No
> enable core files = Yes
> enable privileges = Yes
> encrypt passwords = Yes
> enhanced browsing = Yes
> enumports command =
> eventlog list =
> get quota command =
> getwd cache = Yes
> guest account = nobody
> homedir map = auto.home
> host msdfs = Yes
> hostname lookups = No
> idmap backend = tdb
> idmap cache time = 604800
> idmap gid =
> idmap negative cache time = 120
> idmap uid =
> include system krb5 conf = Yes
> init logon delay = 100
> init logon delayed hosts =
> interfaces =
> iprint server =
> keepalive = 300
> kerberos encryption types = all
> kerberos method = default
> kernel change notify = Yes
> kpasswd port = 464
> krb5 port = 88
> lanman auth = No
> large readwrite = Yes
> ldap admin dn =
> ldap connection timeout = 2
> ldap debug level = 0
> ldap debug threshold = 10
> ldap delete dn = No
> ldap deref = auto
> ldap follow referral = Auto
> ldap group suffix =
> ldap idmap suffix =
> ldap machine suffix =
> ldap page size = 1000
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap server require strong auth = Yes
> ldap ssl = start tls
> ldap ssl ads = No
> ldap suffix =
> ldap timeout = 15
> ldap user suffix =
> lm announce = Auto
> lm interval = 60
> load printers = Yes
> local master = No
> lock directory = /var/run/samba
> lock spin time = 200
> log file = /var/log/samba/log.%m
> logging =
> log level = 2
> log nt token command =
> logon drive =
> logon home = \\%N\%U
> logon path = \\%N\%U\profile
> logon script =
> log writeable files on exit = No
> lpq cache time = 30
> lsa over netlogon = No
> machine password timeout = 604800
> mangle prefix = 1
> mangling method = hash2
> map to guest = Bad User
> map untrusted to domain = Auto
> max disk size = 0
> max log size = 6000
> max mux = 50
> max open files = 16384
> max smbd processes = 0
> max stat cache size = 256
> max ttl = 259200
> max wins ttl = 518400
> max xmit = 16644
> message command =
> min receivefile size = 0
> min wins ttl = 21600
> mit kdc command =
> multicast dns register = Yes
> name cache timeout = 660
> name resolve order = lmhosts wins host bcast
> nbt client socket address = 0.0.0.0
> nbt port = 137
> ncalrpc dir = /var/run/samba/ncalrpc
> netbios aliases =
> netbios name = NODE-57B37C3F
> netbios scope =
> neutralize nt4 emulation = No
> NIS homedir = No
> nmbd bind explicit broadcast = Yes
> nsupdate command = /usr/bin/nsupdate -g
> ntlm auth = ntlmv2-only
> nt pipe support = Yes
> ntp signd socket directory = /var/lib/samba/ntp_signd
> nt status support = Yes
> null passwords = No
> obey pam restrictions = No
> old password allowed period = 60
> oplock break wait time = 0
> os2 driver map =
> os level = 0
> pam password change = No
> panic action =
> passdb backend = tdbsam
> passdb expand explicit = No
> passwd chat = *new*password* %n\n *new*password* %n\n *changed*
> passwd chat debug = No
> passwd chat timeout = 2
> passwd program =
> password hash gpg key ids =
> password hash userPassword schemes =
> password server = *
> perfcount module =
> pid directory = /var/run/samba
> preferred master = No
> preload modules =
> printcap cache time = 0
> printcap name =
> private dir = /var/lib/samba/private
> raw NTLMv2 auth = No
> read raw = Yes
> realm =
> registry shares = No
> reject md5 clients = No
> reject md5 servers = No
> remote announce =
> remote browse sync =
> rename user script =
> require strong key = Yes
> reset on zero vc = No
> restrict anonymous = 0
> rndc command = /usr/sbin/rndc
> root directory =
> rpc big endian = No
> rpc server dynamic port range = 49152-65535
> rpc server port = 0
> samba kcc command = /usr/sbin/samba_kcc
> security = USER
> server max protocol = SMB3
> server min protocol = LANMAN1
> server multi channel support = No
> server role = standalone server
> server schannel = Auto
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate, dns
> server signing = default
> server string = TestServer
> set primary group script =
> set quota command =
> share backend = classic
> show add printer wizard = Yes
> shutdown script =
> smb2 leases = No
> smb2 max credits = 8192
> smb2 max read = 8388608
> smb2 max trans = 8388608
> smb2 max write = 8388608
> smbd profiling level = off
> smb passwd file = /var/lib/samba/private/smbpasswd
> smb ports = 445 139
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> spn update command = /usr/sbin/samba_spnupdate
> stat cache = Yes
> state directory = /var/lib/samba
> svcctl list =
> syslog = 1
> syslog only = No
> template homedir = /home/%D/%U
> template shell = /bin/false
> time server = No
> timestamp logs = Yes
> tls cafile = tls/ca.pem
> tls certfile = tls/cert.pem
> tls crlfile =
> tls dh params file =
> tls enabled = Yes
> tls keyfile = tls/key.pem
> tls priority = NORMAL:-VERS-SSL3.0
> tls verify peer = as_strict_as_possible
> unicode = Yes
> unix charset = UTF-8
> unix extensions = No
> unix password sync = No
> use mmap = Yes
> username level = 0
> username map =
> username map cache time = 0
> username map script =
> usershare allow guests = No
> usershare max shares = 0
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> use spnego = Yes
> utmp = No
> utmp directory =
> web port = 901
> winbind cache time = 300
> winbindd socket directory = /var/run/samba/winbindd
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind expand groups = 1
> winbind max clients = 200
> winbind max domain connections = 1
> winbind nested groups = Yes
> winbind normalize names = No
> winbind nss info = template
> winbind offline logon = No
> winbind reconnect delay = 30
> winbind refresh tickets = Yes
> winbind request timeout = 200
> winbind rpc only = No
> winbind sealed pipes = Yes
> winbind separator = +
> winbind trusted domains only = No
> winbind use default domain = No
> wins hook =
> wins proxy = No
> wins server =
> wins support = No
> workgroup = WORKGROUP
> write raw = Yes
> wtmp directory =
> idmap config * : rangesize = 1000000
> idmap config * : range = 1000000-19999999
> fruit:encoding = native
> fruit:locking = netatalk
> fruit:metadata = netatalk
> fruit:resource = file
> shadow: localtime = yes
> shadow: format = autosnap_%Y-%m-%d-%H%M%S
> shadow: sort = desc
> shadow: snapdir = .zfs/snapshot
> fileid:mapping = fsid
> idmap config * : backend = autorid
> access based share enum = No
> acl allow execute always = No
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> administrative share = No
> admin users =
> afs share = No
> aio read size = 0
> aio write behind =
> aio write size = 0
> allocation roundup size = 1048576
> available = Yes
> blocking locks = Yes
> block size = 1024
> browseable = Yes
> case sensitive = Auto
> comment =
> copy =
> create mask = 0777
> csc policy = manual
> cups options =
> default case = lower
> default devmode = Yes
> delete readonly = No
> delete veto files = No
> dfree cache time = 0
> dfree command =
> directory mask = 0777
> directory name cache size = 100
> dmapi support = No
> dont descend =
> dos filemode = No
> dos filetime resolution = No
> dos filetimes = Yes
> durable handles = Yes
> ea support = No
> fake directory create times = No
> fake oplocks = No
> follow symlinks = Yes
> force create mode = 0000
> force directory mode = 0000
> force group =
> force printername = No
> force unknown acl user = Yes
> force user =
> fstype = NTFS
> guest ok = No
> guest only = No
> hide dot files = Yes
> hide files =
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> hosts allow =
> hosts deny =
> inherit acls = No
> inherit owner = no
> inherit permissions = No
> invalid users = root
> kernel oplocks = No
> kernel share modes = Yes
> level2 oplocks = Yes
> locking = Yes
> lppause command =
> lpq command = lpq -P'%p'
> lpresume command =
> lprm command = lprm -P'%p' %j
> magic output =
> magic script =
> mangled names = yes
> mangling char = ~
> map acl inherit = No
> map archive = Yes
> map hidden = No
> map readonly = yes
> map system = No
> max connections = 0
> max print jobs = 1000
> max reported print jobs = 0
> min print space = 0
> msdfs proxy =
> msdfs root = No
> msdfs shuffle referrals = No
> nt acl support = Yes
> ntvfs handler = unixuid, default
> oplock contention limit = 2
> oplocks = Yes
> path =
> posix locking = Yes
> postexec =
> preexec =
> preexec close = No
> preserve case = Yes
> printable = No
> print command = lpr -r -P'%p' %s
> printer name =
> printing = bsd
> printjob username = %U
> print notify backchannel = No
> profile acls = No
> queuepause command =
> queueresume command =
> read list =
> read only = Yes
> root postexec =
> root preexec =
> root preexec close = No
> short preserve case = Yes
> smb encrypt = default
> spotlight = No
> store dos attributes = No
> strict allocate = No
> strict locking = Auto
> strict rename = No
> strict sync = Yes
> sync always = No
> use client driver = No
> use sendfile = No
> valid users =
> veto files =
> /.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
> Items/Network Trash
> Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
> veto oplock files =
> vfs objects = acl_xattr shadow_copy2 fileid
> volume =
> wide links = No
> write cache size = 0
> write list =
>
>
> [share1]
> case sensitive = No
> guest ok = Yes
> guest only = Yes
> inherit permissions = Yes
> path = /P0/dataset1
> read only = No
>
>
> [share2]
> case sensitive = No
> guest ok = Yes
> guest only = Yes
> inherit permissions = Yes
> path = /P0/dataset2
> read only = No
Never ever post your smb.conf like that again, a simple
'cat /etc/samba/smb.conf' would have been sufficient.
Can I ask how you think you are running Samba ?
You have this 'server role = standalone server' but you also have
'winbind' lines (You do not run winbind on a standalone server) and
'domain logons = Yes' which should only be set on a PDC.
You also don't have 'security = ads', so it isn't a Unix domain member.
Rowland
More information about the samba
mailing list