NFS and Samba/CIFS

From NAS-Central Zyxel Wiki
Jump to: navigation, search

Before getting my NSA-210 I was running Ubuntu on a Viglen MPC-L. The Ubuntu system has a 67GB hard drive and I was sharing that with the rest of the family using Samba/CIFS (it was pre-installed on Ubuntu).

My samba.conf file looked like this:

 # Samba config file created using SWAT
 # from 10.x.y.30 (10.x.y.30)
 # Date: 2008/08/02 12:43:31
 [global]
       workgroup = DARKSIDE
       netbios aliases = the-doctor
       server string = the-doctor
       log level = 1
       syslog = 0
       time server = Yes
       socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
       printcap name = CUPS
       os level = 65
       domain master = Yes
       wins support = Yes
       veto files = /*.eml/*.nws/riched20.dll/*.{*}/
 [homes]
       comment = Home Directories
       valid users = %S
       read only = No
 [shared]
       path = /shared
       read only = Yes


So everyone could read/write their own home directory and could read \\the-doctor\shared where I'll store those enormous Windows MSI installer files for various bits of software like antivirus that I want the rest of the family to install on their laptops.

When I got my NSA-210 I wanted to keep everything the same for the Windows users, they shouldn't need to change when I move their home directories to the 2TB NAS.

Expecting it to just work I configured the NSA-210 with a couple of CIFS shares /homes and /shared and added those to /etc/fstab

//the-vault/shared /newshared cifs file_mode=0600,dir_mode=0700,uid=0,gid=0,credentials=/etc/NSA210/.credentials 0 0
//the-vault/home /newhome cifs credentials=/etc/NSA210/.The-Doctor,perm,uid=1007,gid=1007,file_mode=0600,dir_mode=0700,setuids 0 0

it doesn't work. It was all over the place, every file got 777 permission bits, every user could read/write/execute every file belonging to every other user which isn't desirable (even though I trust all members of my family) there's too much scope for accidental damage. (I mounted them on /newhome and /newshared for testing and to be able to use `cp -Rp /home/* /newhome` to get stuff copied over from the hard drive on the-doctor.

So I looked in more detail at the NSA-210 and found there's an NFS package available. With that installed I deleted all the shares on the NSA-210 and started from scratch with two NFS shares.

I needed the NFS client package on Ubuntu

apt-get -y install nfs-common

then I had to discover what shares were available to be mounted from the NSA-210

showmount -e the-vault

that returns

dougie@The-Doctor:~$ showmount -e the-vault
Export list for the-vault:
/i-data/x43y16zf/nfs/home   10.x.y.0/24
/i-data/x43y16zf/nfs/shared 10.x.y.0/24
dougie@The-Doctor:~$

which gives everything you need for the /etc/fstab entries to mount those NFS shares

the-vault:/i-data/x43y16zf/nfs/home  /newhome  nfs defaults 0 0
the-vault:/i-data/x43y16zf/nfs/shared  /newshared nfs defaults 0 0

so at that point I can mount the NSA-210 filesystem on the Ubuntu server and all the permission bits work, the copy of the data from the /home and /shared directories can be done.

Then a quick change to the fstab and the NSA-210 is now hosting the /home and /shared directories. It's all working from Linux, it's all sane all the permission bits are correct, file ownership is correct. So the next step was to get samba running again (I rebooted the server at that point just to make sure everything would work at the next scheduled (or unscheduled (power failure)) restart.

It all came up online. I could see \\the-doctor\home. I could see http:\\the-vault\ with a web browser. When I renamed a file on Linux the file name changed on the NSA-210. So I left it alone and assumed nothing more needed to be done.

The next day I tried to edit an Excel *.XLS spreadsheet from my windows laptop that got a very odd error message:

file currently locked by another user Dougie Lawson

so it opens it read-only. But I'm not holding a lock on that file. After much head scratching and Googling I discovered that NFS file locking isn't entirely compatible with Samba/CIFS Opportunistic Locking ("oplocks"). So CIFS thinks the file isn't available for update and Windows blindly trusts that locking status (giving the odd Excel message pop-up).

Since I trust Linux and NFS to lock files I decided to disable the oplocking system in Samba

 # Samba config file created using SWAT
 # from 10.x.y.30 (10.x.y.30)
 # Date: 2008/08/02 12:43:31
 [global]
       workgroup = DARKSIDE
       netbios aliases = the-doctor
       server string = the-doctor
       log level = 1
       syslog = 0
       time server = Yes
       socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
       printcap name = CUPS
       os level = 65
       domain master = Yes
       wins support = Yes
       veto files = /*.eml/*.nws/riched20.dll/*.{*}/
       kernel oplocks = no
 [homes]
       comment = Home Directories
       valid users = %S
       read only = No
       create mask = 0644
       oplocks = no
       blocking locks = no
       strict locking = no
       locking = no
 [shared]
       path = /shared
       read only = Yes
 

and that's solved the problem.