Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Configuration options for ixnas

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
Ixnas provides the following:
1) Directory listing performance improvement by mapping of DOS attributes to flags. We can do this on FreeBSD because we actually have the (READONLY|SYSTEM|HIDDEN|ARCHIVE|SPARSE|...) flags.
2) Improvements in ACL inheritance (no more "ACLs are out of order errors).
3) Support for ZFS user quotas.

Some auxiliary parameters that are available at the share level when ixnas is enabled:
<userspace quotas>
ixnas:base_user_quota = 80G sets an 80GB ZFS user quota on every user that connects to the share. This can be fine-tuned afterwards. Works nicely with [homes] shares and allows you to lock down the max size of samba's auto-created home shares.

ixnas:zfs_quota_enabled = True|False turns on and off support for userspace quotas (defaults to True / On)

<auto home datasets>
This is mostly WIP related to [homes] shares. Optional behavior to pam_mkhomedir. Create ZFS dataset for each user on successful authentication (rather than a folder).
ixnas:homedir_quota = 20G automatically sets a _dataset_ quota of 20 gigabytes on the new ZFS dataset.
ixnas:zfs_auto_homedir = True|False automatically create new zfs datasets for users connecting to homes shares. Defaults to False / Off.
ixnas:chown_homedir = True|False automatically chown the home dataset to the currently authenticated user after dataset creation.
 

dvc9

Member
Joined
May 2, 2012
Messages
68
Hey

Im testing this now, and the ixnas:zfs_auto_homedir doesn't seem to work with AD ?
so the DOMAIN folder is created, and then under there the user folders pop up, but no new data sheets is created.

Screenshot 2019-04-30 at 10.07.54.png


Screenshot 2019-04-30 at 10.09.00.png


Screenshot 2019-04-30 at 10.08.44.png
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
There's a bit a configuration that needs to happen with that option. The default behavior for AD-based home directories in FreeNAS is to create a _directory_ with the "pre-Windows 2000" domain name and then use pam_mkhomedir to create the user directories. In this case, you'll probably need to first create a _dataset_ with the aforementioned domain name, then turn off "obey pam restrictions" under services->SMB. Do note that in a large AD environment you may encounter UI issues as the number of datasets scales goes up. If you have more than a hundred users, it may be better to do the userquotas rather than the auto homedir.
 
Last edited:

dvc9

Member
Joined
May 2, 2012
Messages
68
haha, well yes, there is more than 150 Users... so i guess will do the userquotas then :)
Thanks!
 

gamebrigada

Neophyte
Joined
Jul 9, 2019
Messages
8
I setup ixnas:base_user_quota = 10G. Worked great.
Now set ixnas:base_user_quota = 100G. Still stuck at 10G in reality. Mounted directory shows 10G. Can't move more than 10G worth of data in.

Reboot, SMB reset etc hasn't helped.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
The "base_user_quota" parameter controls the ZFS userspace quota that is set for a user the first time he or she connects to the share. It will not overwrite an existing quota because we want users to be able to modify the quota after the fact. Once a userspace quota has been applied to a dataset, you can modify it using the zfs, or the native Windows quota management tool.

zfs userspace <pool>/<dataset> will print all userspace quotas on a ZFS dataset. See here for more information on managing them from the CLI. https://docs.oracle.com/cd/E19253-01/819-5461/gitfx/index.html
 

gamebrigada

Neophyte
Joined
Jul 9, 2019
Messages
8
That makes more sense. What native windows quota management tool are you talking about? The File Server Resource Manager doesn't connect, and you don't get a quota tab in folder properties.

Any way of changing lots of users userspace? Or is it a per user thing?

Thanks a lot!
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
That makes more sense. What native windows quota management tool are you talking about? The File Server Resource Manager doesn't connect, and you don't get a quota tab in folder properties.

Any way of changing lots of users userspace? Or is it a per user thing?

Thanks a lot!
When you map a drive in windows, then right-click on the drive there is a "quota" tab. I patched samba so that if a user is a local administrator, he will be able to administer quotas through this. You can select a local admin group through "smb admin" in Services->SMB.

If you want to reapply a new quota globally, then you can write a script to generate a list of users with quotas through zfs userspace and then iterate through the users and set their quotas to "none".

Code:
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs userspace neo/SMB                
TYPE        NAME       USED  QUOTA
POSIX User  root      19.5K   none
POSIX User  smbuser   22.6G   none
POSIX User  testuser      0   1000
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs set userquota@testuser=none neo/SMB
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs userspace neo/SMB                 
TYPE        NAME      USED  QUOTA
POSIX User  root     19.5K   none
POSIX User  smbuser  22.6G   none


Group quotas are not particularly helpful since they only evaluate the user's primary group. In a typical AD environment, every user's primary group is "Domain Users".
 
Last edited:

gamebrigada

Neophyte
Joined
Jul 9, 2019
Messages
8
Sweet! This is really helpful info. I ended up just dumping the list into a text editor and modifying it with some clever replace commands, and then dumping a list of commands back into SSH.

Thanks a lot!
 

Johnny Fartpants

Neophyte Sage
Joined
Jul 3, 2015
Messages
570
When you map a drive in windows, then right-click on the drive there is a "quota" tab. I patched samba so that if a user is a local administrator, he will be able to administer quotas through this. You can select a local admin group through "smb admin" in Services->SMB.
Just trying this now but when I change the quota as Admin from within a windows mapped drive and click apply if I go back and take a look it has reverted to its original quota. Any ideas how to make it stick?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
Just trying this now but when I change the quota as Admin from within a windows mapped drive and click apply if I go back and take a look it has reverted to its original quota. Any ideas how to make it stick?
I will have to look at it again to make sure there's no regression in the behavior. Full GUI-based userspace quota support is scheduled for FN 12. In the 11.3 cycle I'll put finishing touches on the feature and writing proper regression tests.
 

Johnny Fartpants

Neophyte Sage
Joined
Jul 3, 2015
Messages
570
Great thanks. The work you have done with setting user quotas is very much appreciated.
 

drlight

Newbie
Joined
May 7, 2020
Messages
2
Hello. I have a trouble just after update to 11.3-U2. I've mentioned that now user home folders are created instead of user's home zfs datasets.
Config was not changed a long time (see attahced image).
Could someone help me to figure out what is wrong? Maybe something changed in new version?
screenshot.png
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,330
Might be that pam_mkhomedir is generating the directories before we enter ixnas_vfs_connect(). Try setting "obey pam restrictions = no" as an auxiliary parameter under Services->SMB.
 

drlight

Newbie
Joined
May 7, 2020
Messages
2
Might be that pam_mkhomedir is generating the directories before we enter ixnas_vfs_connect(). Try setting "obey pam restrictions = no" as an auxiliary parameter under Services->SMB.
Just tried you suggestion, but with no luck: now nothing creates at all
 

Mauro De Candia

Junior Member
Joined
May 23, 2020
Messages
20
hello, I had the same problem, only that I have never seen it work, I am new to freenas but I followed the manual procedures and I cannot create datasets at login but only shared folders, not accessible with the name of the logged in user.

I am attaching the two log files after windows denies me access to the folder .
smb4 log 2.png



when i get this error in the log file log.wb-FREENAS,
i also get the following error in the log file log.smbd:
smb4 log.png



my question is if this is always a bug or i am wrong

thank you in advance
 

Mauro De Candia

Junior Member
Joined
May 23, 2020
Messages
20
ok thanks I'm interested in this correction. if you can you can also tell me how to fix this problem as soon as the correction comes out, I am really novice with freenas and I am quite confused
 
Top