Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Configuration options for ixnas

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,555
Ixnas provides the following:
1) Directory listing performance improvement by mapping of DOS attributes to flags. We can do this on FreeBSD because we actually have the (READONLY|SYSTEM|HIDDEN|ARCHIVE|SPARSE|...) flags.
2) Improvements in ACL inheritance (no more "ACLs are out of order errors).
3) Support for ZFS user quotas.

Some auxiliary parameters that are available at the share level when ixnas is enabled:
<userspace quotas>
ixnas:base_user_quota = 80G sets an 80GB ZFS user quota on every user that connects to the share. This can be fine-tuned afterwards. Works nicely with [homes] shares and allows you to lock down the max size of samba's auto-created home shares.

ixnas:zfs_quota_enabled = True|False turns on and off support for userspace quotas (defaults to True / On)

<auto home datasets>
This is mostly WIP related to [homes] shares. Optional behavior to pam_mkhomedir. Create ZFS dataset for each user on successful authentication (rather than a folder).
ixnas:homedir_quota = 20G automatically sets a _dataset_ quota of 20 gigabytes on the new ZFS dataset.
ixnas:zfs_auto_homedir = True|False automatically create new zfs datasets for users connecting to homes shares. Defaults to False / Off.
ixnas:chown_homedir = True|False automatically chown the home dataset to the currently authenticated user after dataset creation.
 

dvc9

Newbie
Joined
May 2, 2012
Messages
66
Hey

Im testing this now, and the ixnas:zfs_auto_homedir doesn't seem to work with AD ?
so the DOMAIN folder is created, and then under there the user folders pop up, but no new data sheets is created.

Screenshot 2019-04-30 at 10.07.54.png


Screenshot 2019-04-30 at 10.09.00.png


Screenshot 2019-04-30 at 10.08.44.png
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,555
There's a bit a configuration that needs to happen with that option. The default behavior for AD-based home directories in FreeNAS is to create a _directory_ with the "pre-Windows 2000" domain name and then use pam_mkhomedir to create the user directories. In this case, you'll probably need to first create a _dataset_ with the aforementioned domain name, then turn off "obey pam restrictions" under services->SMB. Do note that in a large AD environment you may encounter UI issues as the number of datasets scales goes up. If you have more than a hundred users, it may be better to do the userquotas rather than the auto homedir.
 
Last edited:

dvc9

Newbie
Joined
May 2, 2012
Messages
66
haha, well yes, there is more than 150 Users... so i guess will do the userquotas then :)
Thanks!
 
Joined
Jul 9, 2019
Messages
6
I setup ixnas:base_user_quota = 10G. Worked great.
Now set ixnas:base_user_quota = 100G. Still stuck at 10G in reality. Mounted directory shows 10G. Can't move more than 10G worth of data in.

Reboot, SMB reset etc hasn't helped.
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,555
The "base_user_quota" parameter controls the ZFS userspace quota that is set for a user the first time he or she connects to the share. It will not overwrite an existing quota because we want users to be able to modify the quota after the fact. Once a userspace quota has been applied to a dataset, you can modify it using the zfs, or the native Windows quota management tool.

zfs userspace <pool>/<dataset> will print all userspace quotas on a ZFS dataset. See here for more information on managing them from the CLI. https://docs.oracle.com/cd/E19253-01/819-5461/gitfx/index.html
 
Joined
Jul 9, 2019
Messages
6
That makes more sense. What native windows quota management tool are you talking about? The File Server Resource Manager doesn't connect, and you don't get a quota tab in folder properties.

Any way of changing lots of users userspace? Or is it a per user thing?

Thanks a lot!
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,555
That makes more sense. What native windows quota management tool are you talking about? The File Server Resource Manager doesn't connect, and you don't get a quota tab in folder properties.

Any way of changing lots of users userspace? Or is it a per user thing?

Thanks a lot!
When you map a drive in windows, then right-click on the drive there is a "quota" tab. I patched samba so that if a user is a local administrator, he will be able to administer quotas through this. You can select a local admin group through "smb admin" in Services->SMB.

If you want to reapply a new quota globally, then you can write a script to generate a list of users with quotas through zfs userspace and then iterate through the users and set their quotas to "none".

Code:
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs userspace neo/SMB                
TYPE        NAME       USED  QUOTA
POSIX User  root      19.5K   none
POSIX User  smbuser   22.6G   none
POSIX User  testuser      0   1000
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs set userquota@testuser=none neo/SMB
root@S49112TM[...B/.zfs/snapshot/auto-20190708.0640-1d]# zfs userspace neo/SMB                 
TYPE        NAME      USED  QUOTA
POSIX User  root     19.5K   none
POSIX User  smbuser  22.6G   none


Group quotas are not particularly helpful since they only evaluate the user's primary group. In a typical AD environment, every user's primary group is "Domain Users".
 
Last edited:
Joined
Jul 9, 2019
Messages
6
Sweet! This is really helpful info. I ended up just dumping the list into a text editor and modifying it with some clever replace commands, and then dumping a list of commands back into SSH.

Thanks a lot!
 
Top