Visit Open-E website
Results 1 to 2 of 2

Thread: NFS+CIFS share from open-e -- inconsistent result on Linux, Windows, and OS X desktop

  1. #1

    Default NFS+CIFS share from open-e -- inconsistent result on Linux, Windows, and OS X desktop

    ** Background **
    Client wants to use Samba4/ADS to authorize/authenticate about 200 users and
    200 nodes in their IT infra. The client has a mix of CentOS 6 Desktop (85%),
    Windows 7 Pro desktop (10%)) and OS X (5%). The storage shares shall be on 60TB and
    100TB servers and shall be exported as NFS+CIFS. CentOS desktops shall mount these shares
    as NFS. Windows+OS X desktops shall mount these shares as CIFS (SMBFS).

    ** Requirements **
    The NFS/CIFS mounts should work seamlessly in the following manner

    The exported share shall be mounted as follows:

    Windows / OS X SMBFS
    Linux (CentOS) NFS

    ** Expected Results **

    Linux (NFS) can read/write on the share. Other desktops Windows/OS X can read
    and write on the same dir/file

    Windows (SMBFS) can read/write on the share. Other desktops Linux/OS X can read
    and write on the same dir/file

    OS X (SMBFS) can read/write on the share. Other desktops Linux/Windows can read
    and write on the same dir/file

    ** Proof of Concept (PoC) for above use case **

    We have demonstrated the above scenario with a stock CentOS 6 server exporting
    the shares as NFS + CIFS. The shares work seamlessly for the AD\user
    irrespective of the desktop; whether s/he is on Linux or Windows or OS X.

    For reference please see [1] for our /etc/exports (NFS) and /etc/smb/smb.conf
    (CIFS) from our CentOS 6.5 server.

    ** Motivation to use open-e DSS v7 **
    With success in above PoC (Linux base storage), the client has procured a 60 day
    trial lic. (DSSv7) and installed it on the 60TB storage. The open-e has bound
    with Samba4 ADS successfully (We can see the users and groups)

    We have created the "projects" share and checked the NFS as well as CIFS
    options for the share, as per the screen shots in Quick Start and the open-e
    manual.

    No issues so far.

    ** The problem with open-e NFS+CIFS share **

    Use case testing. AD\user is jdoe.

    (A) CentOS Linux Desktop

    - We are also able to mount the NFS share "projects" (that has project data)
    e.g. /mnt/projects

    - The AD\user is able to create a dir/file in /mnt/projects, where the uid:gid permissions allow it.

    - The AD\user when s/he tries to change dir/file created by another user s/he
    is able to do it given that s/he has the uid:gid permissions on the file/dir.


    (B) Windows 7 Desktop

    - The logon scripts are able to map the CIFS shares to drive letters.

    - The AD\user is able to do domain login.

    - The AD\user is able to browse the "projects" share

    - The AD\user is *not* able to modify/delete the files/dirs s/he created on the
    Linux desktop. s/he gets "Access denied" dialog box.

    - The AD\user is *not* able to create any new files/dirs.

    (C) OS X Desktop

    - The AD\user is able to domain login.

    - The AD\user is able to mount the "projects" share using SMBFS

    - The AD\user is able to browse the "projects" share

    - The AD\user is *not* able to modify/delete the files/dirs in the "projects"
    share that s/he created on the Linux desktop.

    - The AD\user is *not* able to create any new files/dirs in the "projects"
    share.

    Unless we can get past the above hurdle, the client does not want to deploy open-e
    as their storage solution.

    Having seen the seamless NFS/CIFS integration from the PoC (CentOS), they want
    the same functionality from open-e.

    Does open-e support seam less NFS/CIFS on the same share, as what we have show
    in the CentOS PoC?

    If yes, what it is that we are missing?


    [1] Our PoC NFS + CIFS configurations (CentOS6 server)

    # cat /etc/samba/smb.conf
    [global]
    workgroup = EXAMPLE
    server string = Samba Server Version %v
    # logs split per machine
    log file = /var/log/samba/log.%m
    # max 50KB per log file, then rotate
    max log size = 50
    security = ads
    passdb backend = tdbsam
    realm = INTRA.EXAMPLE.COM
    kerberos method = secrets and keytab
    client signing = yes
    client use spnego = yes
    password server = SMBAD.INTRA.EXAMPLE.COM
    load printers = yes
    cups options = raw

    [projects]
    comment = Windows Share
    path = /nfs
    browseable = yes
    read only = Yes
    writable = yes
    guest ok = yes
    valid users = %U
    create mask = 0660
    directory mask = 077

    # cat /etc/exports
    /nfs 172.16.0.0/24(rw,sync)

  2. #2

    Default

    Try these steps:
    Disable "Hide special folders" in CONFIGURATION -> NAS settings -> SMB settings function.
    Make sure you are using the RID option in the ADS function set then create a superuser account - Set a Superuser in CONFIGURATION ->; NAS settings ->; Function: SMB settings, you can use this account to set permissions from the ADS server side.
    Use the Access Control List from the manual on pages 22-26 and follow the instructions for the Read, Write and Execute permissions, there is notes on page 26 that will help you as well. But for the ACL on the manual set the user for the rights for the share. You can also test by removing the User and Group and Owner rights as well for a mixed environment.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •