[Samba] Server-Side Copy Offload Limitations

Adam Błaszczykowski adam.blaszczykowski at gmail.com
Tue Sep 4 07:09:14 UTC 2018


Sorry if config was messy, we were using this server for various tests
including ADS tests and n-way master replication. Back on topic,
I've done changes to configuration as you suggested. Runing debian as
standalone server with beforementioned enviroment I can still copy files
between shares on the same pool without pushing them through Windows
client. Is this intended behavior?

cat /etc/samba/smb.conf
[global]
    workgroup = WORKGROUP
    netbios name = node-57b37c3f
    server string = TestServer
    vfs objects = acl_xattr shadow_copy2 fileid
    fileid:mapping = fsid
    encrypt passwords = yes
    domain logons = no
    log level = 2
    log file = /var/log/samba/log.%m
    max log size = 6000
    socket options = TCP_NODELAY IPTOS_LOWDELAY
    os level = 0
    local master = no
    locking = yes
    preferred master = no
    domain master = no
    invalid users = root
    guest account = nobody
    map to guest = Bad User
    wide links = no
    force unknown acl user = yes
    create mask = 0777
    directory mask = 0777
    printcap cache time = 0
    passdb backend = tdbsam
    unix extensions = no
    store dos attributes = no
    server max protocol = SMB3
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = autosnap_%Y-%m-%d-%H%M%S
    shadow: localtime = yes
    veto files =
/.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
Items/Network Trash
Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
    wins server =
    admin users =
    oplocks = yes
    kernel oplocks = no
    level2 oplocks = yes
    smb2 leases = no
    ea support = no
    fruit:resource = file
    fruit:metadata = netatalk
    fruit:locking = netatalk
    fruit:encoding = native
    idmap config * : backend = autorid
    idmap config * : range = 1000000-19999999
    idmap config * : rangesize = 1000000
    security = user
    server role = standalone

    [share1]
    browseable=yes
    short preserve case=yes
    inherit owner=no
    preserve case=yes
    case sensitive=no
    guest ok=yes
    valid users=
    default case=lower
    path=/P0/dataset1
    read only=no
    guest only=yes
    inherit permissions=yes

    [share2]
    browseable=yes
    short preserve case=yes
    inherit owner=no
    valid users=
    case sensitive=no
    guest ok=yes
    preserve case=yes
    default case=lower
    path=/P0/dataset2
    read only=no
    guest only=yes
    inherit permissions=yes


pon., 3 wrz 2018 o 15:41 Rowland Penny via samba <samba at lists.samba.org>
napisał(a):

> On Mon, 3 Sep 2018 12:25:16 +0200
> Adam Błaszczykowski via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > Server-Side Copy Offload wiki page states in Limitations section that
> >
> >    - Both source and destination files must reside on the same Samba
> > share!
> >
> > I was able to copy file between different shares located on the same
> > zfs Pool without generating network traffic. Shares were created on
> > Debian 8 with zfs filesystem and client was Windows Server 2016
> > machine mapping shares as separate drives. Is it new functionality or
> > I'm misunderstanding something about server-side copy?
> >
> > Samba version 4.7.3
> >
> > testparm -vvvv
> > Load smb config files from /etc/samba/smb.conf
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> > (16384) Processing section "[share1]"
> > Processing section "[share2]"
> > Loaded services file OK.
> > 'winbind separator = +' might cause problems with group membership.
> >
> > Server role: ROLE_STANDALONE
> >
> > Press enter to see a dump of your service definitions
> >
> > # Global parameters
> > [global]
> > abort shutdown script =
> > add group script =
> > add machine script =
> > addport command =
> > addprinter command =
> > add share command =
> > add user script =
> > add user to group script =
> > afs token lifetime = 604800
> > afs username map =
> > aio max threads = 100
> > algorithmic rid base = 1000
> > allow dcerpc auth level connect = No
> > allow dns updates = secure only
> > allow insecure wide links = No
> > allow nt4 crypto = No
> > allow trusted domains = Yes
> > allow unsafe cluster upgrade = No
> > async smb echo handler = No
> > auth event notification = No
> > auth methods =
> > auto services =
> > bind interfaces only = No
> > browse list = Yes
> > cache directory = /var/cache/samba
> > change notify = Yes
> > change share command =
> > check password script =
> > cldap port = 389
> > client ipc max protocol = default
> > client ipc min protocol = default
> > client ipc signing = default
> > client lanman auth = No
> > client ldap sasl wrapping = sign
> > client max protocol = default
> > client min protocol = CORE
> > client NTLMv2 auth = Yes
> > client plaintext auth = No
> > client schannel = Auto
> > client signing = default
> > client use spnego principal = No
> > client use spnego = Yes
> > cluster addresses =
> > clustering = No
> > config backend = file
> > config file =
> > create krb5 conf = Yes
> > ctdbd socket =
> > ctdb locktime warn threshold = 0
> > ctdb timeout = 0
> > cups connection timeout = 30
> > cups encrypt = No
> > cups server =
> > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
> > lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey,
> > dnsserver deadtime = 0
> > debug class = No
> > debug hires timestamp = Yes
> > debug pid = No
> > debug prefix timestamp = No
> > debug uid = No
> > dedicated keytab file =
> > default service =
> > defer sharing violations = Yes
> > delete group script =
> > deleteprinter command =
> > delete share command =
> > delete user from group script =
> > delete user script =
> > dgram port = 138
> > disable netbios = No
> > disable spoolss = No
> > dns forwarder =
> > dns proxy = Yes
> > dns update command = /usr/sbin/samba_dnsupdate
> > domain logons = Yes
> > domain master = No
> > dos charset = CP850
> > enable asu support = No
> > enable core files = Yes
> > enable privileges = Yes
> > encrypt passwords = Yes
> > enhanced browsing = Yes
> > enumports command =
> > eventlog list =
> > get quota command =
> > getwd cache = Yes
> > guest account = nobody
> > homedir map = auto.home
> > host msdfs = Yes
> > hostname lookups = No
> > idmap backend = tdb
> > idmap cache time = 604800
> > idmap gid =
> > idmap negative cache time = 120
> > idmap uid =
> > include system krb5 conf = Yes
> > init logon delay = 100
> > init logon delayed hosts =
> > interfaces =
> > iprint server =
> > keepalive = 300
> > kerberos encryption types = all
> > kerberos method = default
> > kernel change notify = Yes
> > kpasswd port = 464
> > krb5 port = 88
> > lanman auth = No
> > large readwrite = Yes
> > ldap admin dn =
> > ldap connection timeout = 2
> > ldap debug level = 0
> > ldap debug threshold = 10
> > ldap delete dn = No
> > ldap deref = auto
> > ldap follow referral = Auto
> > ldap group suffix =
> > ldap idmap suffix =
> > ldap machine suffix =
> > ldap page size = 1000
> > ldap passwd sync = no
> > ldap replication sleep = 1000
> > ldap server require strong auth = Yes
> > ldap ssl = start tls
> > ldap ssl ads = No
> > ldap suffix =
> > ldap timeout = 15
> > ldap user suffix =
> > lm announce = Auto
> > lm interval = 60
> > load printers = Yes
> > local master = No
> > lock directory = /var/run/samba
> > lock spin time = 200
> > log file = /var/log/samba/log.%m
> > logging =
> > log level = 2
> > log nt token command =
> > logon drive =
> > logon home = \\%N\%U
> > logon path = \\%N\%U\profile
> > logon script =
> > log writeable files on exit = No
> > lpq cache time = 30
> > lsa over netlogon = No
> > machine password timeout = 604800
> > mangle prefix = 1
> > mangling method = hash2
> > map to guest = Bad User
> > map untrusted to domain = Auto
> > max disk size = 0
> > max log size = 6000
> > max mux = 50
> > max open files = 16384
> > max smbd processes = 0
> > max stat cache size = 256
> > max ttl = 259200
> > max wins ttl = 518400
> > max xmit = 16644
> > message command =
> > min receivefile size = 0
> > min wins ttl = 21600
> > mit kdc command =
> > multicast dns register = Yes
> > name cache timeout = 660
> > name resolve order = lmhosts wins host bcast
> > nbt client socket address = 0.0.0.0
> > nbt port = 137
> > ncalrpc dir = /var/run/samba/ncalrpc
> > netbios aliases =
> > netbios name = NODE-57B37C3F
> > netbios scope =
> > neutralize nt4 emulation = No
> > NIS homedir = No
> > nmbd bind explicit broadcast = Yes
> > nsupdate command = /usr/bin/nsupdate -g
> > ntlm auth = ntlmv2-only
> > nt pipe support = Yes
> > ntp signd socket directory = /var/lib/samba/ntp_signd
> > nt status support = Yes
> > null passwords = No
> > obey pam restrictions = No
> > old password allowed period = 60
> > oplock break wait time = 0
> > os2 driver map =
> > os level = 0
> > pam password change = No
> > panic action =
> > passdb backend = tdbsam
> > passdb expand explicit = No
> > passwd chat = *new*password* %n\n *new*password* %n\n *changed*
> > passwd chat debug = No
> > passwd chat timeout = 2
> > passwd program =
> > password hash gpg key ids =
> > password hash userPassword schemes =
> > password server = *
> > perfcount module =
> > pid directory = /var/run/samba
> > preferred master = No
> > preload modules =
> > printcap cache time = 0
> > printcap name =
> > private dir = /var/lib/samba/private
> > raw NTLMv2 auth = No
> > read raw = Yes
> > realm =
> > registry shares = No
> > reject md5 clients = No
> > reject md5 servers = No
> > remote announce =
> > remote browse sync =
> > rename user script =
> > require strong key = Yes
> > reset on zero vc = No
> > restrict anonymous = 0
> > rndc command = /usr/sbin/rndc
> > root directory =
> > rpc big endian = No
> > rpc server dynamic port range = 49152-65535
> > rpc server port = 0
> > samba kcc command = /usr/sbin/samba_kcc
> > security = USER
> > server max protocol = SMB3
> > server min protocol = LANMAN1
> > server multi channel support = No
> > server role = standalone server
> > server schannel = Auto
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate, dns
> > server signing = default
> > server string = TestServer
> > set primary group script =
> > set quota command =
> > share backend = classic
> > show add printer wizard = Yes
> > shutdown script =
> > smb2 leases = No
> > smb2 max credits = 8192
> > smb2 max read = 8388608
> > smb2 max trans = 8388608
> > smb2 max write = 8388608
> > smbd profiling level = off
> > smb passwd file = /var/lib/samba/private/smbpasswd
> > smb ports = 445 139
> > socket options = TCP_NODELAY IPTOS_LOWDELAY
> > spn update command = /usr/sbin/samba_spnupdate
> > stat cache = Yes
> > state directory = /var/lib/samba
> > svcctl list =
> > syslog = 1
> > syslog only = No
> > template homedir = /home/%D/%U
> > template shell = /bin/false
> > time server = No
> > timestamp logs = Yes
> > tls cafile = tls/ca.pem
> > tls certfile = tls/cert.pem
> > tls crlfile =
> > tls dh params file =
> > tls enabled = Yes
> > tls keyfile = tls/key.pem
> > tls priority = NORMAL:-VERS-SSL3.0
> > tls verify peer = as_strict_as_possible
> > unicode = Yes
> > unix charset = UTF-8
> > unix extensions = No
> > unix password sync = No
> > use mmap = Yes
> > username level = 0
> > username map =
> > username map cache time = 0
> > username map script =
> > usershare allow guests = No
> > usershare max shares = 0
> > usershare owner only = Yes
> > usershare path = /var/lib/samba/usershares
> > usershare prefix allow list =
> > usershare prefix deny list =
> > usershare template share =
> > use spnego = Yes
> > utmp = No
> > utmp directory =
> > web port = 901
> > winbind cache time = 300
> > winbindd socket directory = /var/run/samba/winbindd
> > winbind enum groups = Yes
> > winbind enum users = Yes
> > winbind expand groups = 1
> > winbind max clients = 200
> > winbind max domain connections = 1
> > winbind nested groups = Yes
> > winbind normalize names = No
> > winbind nss info = template
> > winbind offline logon = No
> > winbind reconnect delay = 30
> > winbind refresh tickets = Yes
> > winbind request timeout = 200
> > winbind rpc only = No
> > winbind sealed pipes = Yes
> > winbind separator = +
> > winbind trusted domains only = No
> > winbind use default domain = No
> > wins hook =
> > wins proxy = No
> > wins server =
> > wins support = No
> > workgroup = WORKGROUP
> > write raw = Yes
> > wtmp directory =
> > idmap config * : rangesize = 1000000
> > idmap config * : range = 1000000-19999999
> > fruit:encoding = native
> > fruit:locking = netatalk
> > fruit:metadata = netatalk
> > fruit:resource = file
> > shadow: localtime = yes
> > shadow: format = autosnap_%Y-%m-%d-%H%M%S
> > shadow: sort = desc
> > shadow: snapdir = .zfs/snapshot
> > fileid:mapping = fsid
> > idmap config * : backend = autorid
> > access based share enum = No
> > acl allow execute always = No
> > acl check permissions = Yes
> > acl group control = No
> > acl map full control = Yes
> > administrative share = No
> > admin users =
> > afs share = No
> > aio read size = 0
> > aio write behind =
> > aio write size = 0
> > allocation roundup size = 1048576
> > available = Yes
> > blocking locks = Yes
> > block size = 1024
> > browseable = Yes
> > case sensitive = Auto
> > comment =
> > copy =
> > create mask = 0777
> > csc policy = manual
> > cups options =
> > default case = lower
> > default devmode = Yes
> > delete readonly = No
> > delete veto files = No
> > dfree cache time = 0
> > dfree command =
> > directory mask = 0777
> > directory name cache size = 100
> > dmapi support = No
> > dont descend =
> > dos filemode = No
> > dos filetime resolution = No
> > dos filetimes = Yes
> > durable handles = Yes
> > ea support = No
> > fake directory create times = No
> > fake oplocks = No
> > follow symlinks = Yes
> > force create mode = 0000
> > force directory mode = 0000
> > force group =
> > force printername = No
> > force unknown acl user = Yes
> > force user =
> > fstype = NTFS
> > guest ok = No
> > guest only = No
> > hide dot files = Yes
> > hide files =
> > hide special files = No
> > hide unreadable = No
> > hide unwriteable files = No
> > hosts allow =
> > hosts deny =
> > inherit acls = No
> > inherit owner = no
> > inherit permissions = No
> > invalid users = root
> > kernel oplocks = No
> > kernel share modes = Yes
> > level2 oplocks = Yes
> > locking = Yes
> > lppause command =
> > lpq command = lpq -P'%p'
> > lpresume command =
> > lprm command = lprm -P'%p' %j
> > magic output =
> > magic script =
> > mangled names = yes
> > mangling char = ~
> > map acl inherit = No
> > map archive = Yes
> > map hidden = No
> > map readonly = yes
> > map system = No
> > max connections = 0
> > max print jobs = 1000
> > max reported print jobs = 0
> > min print space = 0
> > msdfs proxy =
> > msdfs root = No
> > msdfs shuffle referrals = No
> > nt acl support = Yes
> > ntvfs handler = unixuid, default
> > oplock contention limit = 2
> > oplocks = Yes
> > path =
> > posix locking = Yes
> > postexec =
> > preexec =
> > preexec close = No
> > preserve case = Yes
> > printable = No
> > print command = lpr -r -P'%p' %s
> > printer name =
> > printing = bsd
> > printjob username = %U
> > print notify backchannel = No
> > profile acls = No
> > queuepause command =
> > queueresume command =
> > read list =
> > read only = Yes
> > root postexec =
> > root preexec =
> > root preexec close = No
> > short preserve case = Yes
> > smb encrypt = default
> > spotlight = No
> > store dos attributes = No
> > strict allocate = No
> > strict locking = Auto
> > strict rename = No
> > strict sync = Yes
> > sync always = No
> > use client driver = No
> > use sendfile = No
> > valid users =
> > veto files =
> >
> /.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
> > Items/Network Trash
> > Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
> > veto oplock files =
> > vfs objects = acl_xattr shadow_copy2 fileid
> > volume =
> > wide links = No
> > write cache size = 0
> > write list =
> >
> >
> > [share1]
> > case sensitive = No
> > guest ok = Yes
> > guest only = Yes
> > inherit permissions = Yes
> > path = /P0/dataset1
> > read only = No
> >
> >
> > [share2]
> > case sensitive = No
> > guest ok = Yes
> > guest only = Yes
> > inherit permissions = Yes
> > path = /P0/dataset2
> > read only = No
>
> Never ever post your smb.conf like that again, a simple
> 'cat /etc/samba/smb.conf' would have been sufficient.
>
> Can I ask how you think you are running Samba ?
> You have this 'server role = standalone server' but you also have
> 'winbind' lines (You do not run winbind on a standalone server) and
> 'domain logons = Yes' which should only be set on a PDC.
> You also don't have 'security = ads', so it isn't a Unix domain member.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list