As it should be working, I will increase the logging level in my smb.conf file and see what info I can get out of the logs, and report back. I would like to use the native Samba's CephFS VFS interface, but I could not get Samba ACLs to work when testing it, as it it looks like the Samba vfs_ceph.c ACL patches listed here: https://lists.samba.org/archive/samba-technical/2016-March/113063.html Are not in the released 4.4.2 Samba source code or in the master git branch of Samba. -Eric On Fri, May 6, 2016 at 12:53 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: > On Fri, May 6, 2016 at 9:53 AM, Eric Eastman > <eric.eastman@xxxxxxxxxxxxxx> wrote: >> I was doing some SAMBA testing and noticed that a kernel mounted share >> acted differently then a fuse mounted share with Windows security on >> my windows client. I cut my test down to as simple as possible, and I >> am seeing the kernel mounted Ceph file system working as expected with >> SAMBA and the fuse mounted file system not creating all the SAMBA >> ACLs. Is there some option that needs to be turned on to have the fuse >> mount to support ACL in the same way the kernel mount does? >> >> For this test, I am using a single SAMBA server that has mounted the >> same Ceph file system using both fuse and kernel mounts, using two >> different mount points. Both mount points are exported by SAMBA as >> separate shares. I joined the SAMBA server to my Windows 2012 AD and >> them mounted each share to a drive letter. On the AD I then created a >> text file on each share. The kernel mounted share file is called >> kern.txt and the fuse mounted share file is called fuse.txt. >> >> From the Ceph file system client, I looked at the ACLs on both files >> from both the kernel and from the fuse mount points: >> >> From the kernel mount point: >> getfattr -d cephfs/test/* >> # file: cephfs/test/fuse.txt >> user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= >> >> # file: cephfs/test/kern.txt >> user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= >> user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== >> >> getfattr -n security.NTACL cephfs/test/* >> cephfs/test/fuse.txt: security.NTACL: No such attribute >> # file: cephfs/test/kern.txt >> security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= >> >> From the fuse mount point: >> getfattr -d cephfsFUSE/test/* >> # file: cephfsFUSE/test/fuse.txt >> user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= >> >> # file: cephfsFUSE/test/kern.txt >> user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= >> user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== >> >> getfattr -n security.NTACL cephfsFUSE/test/* >> cephfsFUSE/test/fuse.txt: security.NTACL: No such attribute >> # file: cephfsFUSE/test/kern.txt >> security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= >> >> The file created by SAMBA using the fuse mount is missing the >> user.SAMBA_PAI and security.NTACL ACLs. This prevents SAMBA from >> properly supporting fuse mounted file systems in an AD setup. > > This is odd — the Client library quite explicitly supports "user", > "security", "trusted", and "ceph" xattr namespaces. And I think this > is tested by other things. > > Presumably you can get some logs out of Samba indicating that the > xattr writes failed? > > Also, it looks like you've noted Samba's CephFS VFS — is there some > reason you don't want to just use that? :) > -Greg > >> >> Test setup info: >> ceph -v >> ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9) >> >> Ubuntu version is 14.04 with the 4.6rc4 PPA kernel: >> uname -a >> Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18 >> 03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux >> >> Samba version 4.4.2 >> >> Ceph file system mount info: >> grep ceph /proc/mounts >> 10.14.2.11,10.14.2.12,10.14.2.13:/ /cephfs ceph >> rw,noatime,name=cephfs,secret=<hidden>,acl 0 0 >> ceph-fuse /cephfsFUSE fuse.ceph-fuse >> rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0 >> >> I have put instructions on how I built SAMBA, the smb.conf file, >> /etc/fstab, and the ceph.conf file in pastebin at: >> http://pastebin.com/hv7PEqNm >> >> Best regards, >> Eric >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |