TheSmoker
Patron
- Joined
- Sep 19, 2012
- Messages
- 225
Hellow everyone!
I have the following configuration:
Supermicro 3U server chassis with redundant PSU
Supermicro Server motherboard with 2 Xeon Quad Core CPUs with 32G ECC Ram
2 M1015 flashed to IT mode
12 x Toshiba Enterprise 2TB@7200 RPM SATA drives
FreeNAS version 9.2.1.6 RC
ZFS RAIDZ2 configured across all 12 drives
FNAS is configured as a files server and linked to an AD/Samba domain running Samba 4.1.6
What i need help with is to set correct ACL permissions for AD users & groups as well as zfs quota on AD user's home directories.
Samba config:
What I am trying to do here is that with every user that logs in AD and accesses the JUKEBOX01 fileserver a home directory will be created and proper permissions and ifs quota will be applied to it.
The script that I've build specifically for this:
The script creates the folders applies correct owner and group based on AD user & group but it does not applies correct user and group ACLs and quota.
When trying to run those commands (setfacl) by hand I get the following errors (test user is tgm):
The thing with setting the quota is a bit different as by hand works but when ran from script it does not:
But when running from script it will do nothing.
Any kind of help would be greatly appreciated.
Also let me know if any additional info in regards to the configuration and the setup is required.
One last comment: until now everything works as advertised. Users, groups, AD, accesses and everything that is AD/fileserver/FreeNAS related. One last thing to make this perfect is to be able to set up permissions and of course quota on homedirs.
Cheers!
I have the following configuration:
Supermicro 3U server chassis with redundant PSU
Supermicro Server motherboard with 2 Xeon Quad Core CPUs with 32G ECC Ram
2 M1015 flashed to IT mode
12 x Toshiba Enterprise 2TB@7200 RPM SATA drives
FreeNAS version 9.2.1.6 RC
ZFS RAIDZ2 configured across all 12 drives
FNAS is configured as a files server and linked to an AD/Samba domain running Samba 4.1.6
What i need help with is to set correct ACL permissions for AD users & groups as well as zfs quota on AD user's home directories.
Samba config:
Code:
[global] server max protocol = SMB2 encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 11070 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = Yes directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace server string = FreeNAS Server ea support = yes store dos attributes = yes hostname lookups = yes unix extensions = no acl allow execute always = true server role = member server netbios name = JUKEBOX01 workgroup = LARI realm = LARI.LOCAL security = ADS client use spnego = yes cache directory = /var/tmp/.cache/.samba local master = no domain master = no preferred master = no acl check permissions = true acl map full control = true dos filemode = yes idmap config *:backend = tdb idmap config *:range = 90000000-100000000 winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = no winbind refresh tickets = yes idmap config LARI: backend = rid idmap config LARI: range = 20000-20000000 allow trusted domains = no template shell = /bin/sh template homedir = /home/%D/%U pid directory = /var/run/samba smb passwd file = /var/etc/private/smbpasswd private dir = /var/etc/private create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 1 [homes] comment = Home Directories valid users = %D\%U writable = yes browseable = no path = /mnt/tank0/homedirs/%D/%U directory_mode: parameter = 0700 read only = no csc policy = documents root preexec = /mnt/tank0/mksmbhdir.sh %D %U
What I am trying to do here is that with every user that logs in AD and accesses the JUKEBOX01 fileserver a home directory will be created and proper permissions and ifs quota will be applied to it.
The script that I've build specifically for this:
Code:
#!/usr/local/bin/bash if [ ! -d /mnt/tank0/homedirs/$1/$2 ]; then /bin/mkdir /mnt/tank0/homedirs/$1/$2 /bin/chmod g+s /mnt/tank0/homedirs/$1/$2 /bin/chown $1\\$2":"LARI\domain users" /mnt/tank0/homedirs/$1/$2 /bin/chmod 770 /mnt/tank0/homedirs/$1/$2 /bin/setfacl -m g:"LARI\domain users":rwx /mnt/tank0/homedirs/$1/$2 /bin/setfacl -m u:\""$1\\$2"\":rwx /mnt/tank0/homedirs/$1/$2 /sbin/zfs set userquota@\""$1\\$2"\"=5G tank0/homedirs fi exit 0
The script creates the folders applies correct owner and group based on AD user & group but it does not applies correct user and group ACLs and quota.
When trying to run those commands (setfacl) by hand I get the following errors (test user is tgm):
Code:
[root@jukebox01] /var/log# /bin/setfacl -m g:"LARI\domain users":rwx /mnt/tank0/homedirs/LARI/tgm setfacl: /mnt/tank0/homedirs/LARI/tgm: branding mismatch; existing ACL is NFSv4, entry to be merged is POSIX.1e
Code:
[root@jukebox01] /var/log# /bin/setfacl -m u:"LARI\tgm":rwx /mnt/tank0/homedirs/LARI/tgm setfacl: /mnt/tank0/homedirs/LARI/tgm: branding mismatch; existing ACL is NFSv4, entry to be merged is POSIX.1e
The thing with setting the quota is a bit different as by hand works but when ran from script it does not:
Code:
[root@jukebox01] ~tgm/secure# zfs list -o userquota@"LARI\tgm" tank0/homedirs USERQUOTA@LARI\TGM 10G [root@jukebox01] ~tgm/secure# zfs set userquota@"LARI\tgm"=20G tank0/homedirs [root@jukebox01] ~tgm/secure# zfs list -o userquota@"LARI\tgm" tank0/homedirs USERQUOTA@LARI\TGM 20G
But when running from script it will do nothing.
Any kind of help would be greatly appreciated.
Also let me know if any additional info in regards to the configuration and the setup is required.
One last comment: until now everything works as advertised. Users, groups, AD, accesses and everything that is AD/fileserver/FreeNAS related. One last thing to make this perfect is to be able to set up permissions and of course quota on homedirs.
Cheers!