Discussion:
[Samba] Effect of setting "support dos attributes = no" in Samba 4.1.11
Andrew Walker
2014-09-02 14:48:31 UTC
Permalink
I have FreeNAS 9.2.1.7 [FreeBSD 9.2-RELEASE-p10 and samba 4.1.11]
configured as an AD member server in a 2008R2 domain.

Browsing directories in samba is slow (30+ second lag between opening a
folder in Windows Explorer and the files inside the folder appearing).

The default smb4.conf contains the following parameters which are not
defaults in the smb4.conf manpage:
ea support = yes
store dos attributes = yes

Setting "store dos attributes = no" causes directories to load instantly.
I've only done limited testing as I haven't set up a proper test
environment (I don't want to experiment on servers in production).

The FreeNAS wiki states that the parameter "allows a user who has write
access to a file to modify the permissions, even if not the owner of the
file", which is something I want.

The manpage for smb.conf states "If this parameter is set Samba attempts to
first read DOS attributes from a filesystem extended attribute before
mapping DOS attributes to UNIX permission bits...".

The release errata on the FreeNAS site indicates that "support dos
attributes" has been deprecated in Samba 4. Posts on the FreeNAS forum are
inconsistent regarding the effect of setting this parameter to 'no' and
therefore I am posting the question here.

What effect (if any) does setting "support dos attributes = no" have?
What are the use cases for setting it to "yes"?
John Hixson
2014-09-02 15:12:33 UTC
Permalink
Hi Andrew,
Post by Andrew Walker
I have FreeNAS 9.2.1.7 [FreeBSD 9.2-RELEASE-p10 and samba 4.1.11]
configured as an AD member server in a 2008R2 domain.
Browsing directories in samba is slow (30+ second lag between opening a
folder in Windows Explorer and the files inside the folder appearing).
The default smb4.conf contains the following parameters which are not
ea support = yes
store dos attributes = yes
I don't recall specifics, but the reason these are both set to yes is
because of the way "store dos attributes" correlates to the "map (archive|hidden|readonly|system)".

Since FreeNAS uses ZFS and uses NFSv4 ACLs, the map* paramters do not do
the right thing.

- John
Post by Andrew Walker
Setting "store dos attributes = no" causes directories to load instantly.
I've only done limited testing as I haven't set up a proper test
environment (I don't want to experiment on servers in production).
The FreeNAS wiki states that the parameter "allows a user who has write
access to a file to modify the permissions, even if not the owner of the
file", which is something I want.
The manpage for smb.conf states "If this parameter is set Samba attempts to
first read DOS attributes from a filesystem extended attribute before
mapping DOS attributes to UNIX permission bits...".
The release errata on the FreeNAS site indicates that "support dos
attributes" has been deprecated in Samba 4. Posts on the FreeNAS forum are
inconsistent regarding the effect of setting this parameter to 'no' and
therefore I am posting the question here.
What effect (if any) does setting "support dos attributes = no" have?
What are the use cases for setting it to "yes"?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Klaus Hartnegg
2014-09-02 15:40:26 UTC
Permalink
Post by Andrew Walker
What effect (if any) does setting "support dos attributes = no" have?
What are the use cases for setting it to "yes"?
The wiki page
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
states that "support dos attributes = yes" is required if you want to
use windows ACLs, and the option is by default on if samba runs as
active directory domain controller.
Rowland Penny
2014-09-02 16:34:36 UTC
Permalink
Post by Klaus Hartnegg
Post by Andrew Walker
What effect (if any) does setting "support dos attributes = no" have?
What are the use cases for setting it to "yes"?
The wiki page
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
states that "support dos attributes = yes" is required if you want to
use windows ACLs, and the option is by default on if samba runs as
active directory domain controller.
Hi, thanks for posting that link, I was getting a bit confused as I had
never heard of 'support dos attributes' , it seems that this thread is
really about 'store dos attributes' ;-)

Rowland
Klaus Hartnegg
2014-09-02 18:43:34 UTC
Permalink
Let's assume that the original poster meant "store dos attributes" and
wants to use Windows-ACLs.

Try
zfs set xattr=sa $pool
zfs set atime=off $pool

And if you have ZFS version 0.6.3 try
zfs set acltype=posixacl $pool
Andrew Walker
2014-09-03 13:53:03 UTC
Permalink
Thanks for your help and replies. Yes, I meant "store dos attributes".

It's pretty clear now that I need to keep the parameter 'store dos
attributes=no' since

1) the server is an AD member server and

2) the map* parameters don't do the right thing under ZFS / NFSV4 ACLs.

I've read that the steps Klaus Hartnegg listed resolves the issue on ZFS on
Linux; however, I don't believe that SA based xattrs have been implemented
in ZFS on FreeBSD (the OpenZFS website has "??" next to FreeBSD). Atime is
already disabled on the zpool.

At this point I'll have to wait until I get a proper testing environment
set up to do proper experimentation / troubleshooting.


-----Original Message-----
From: Klaus Hartnegg [mailto:hartnegg at uni-freiburg.de]
Sent: Tuesday, September 02, 2014 1:44 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Effect of setting "store dos attributes = no" in Samba
4.1.11

Let's assume that the original poster meant "store dos attributes" and
wants to use Windows-ACLs.

Try

zfs set xattr=sa $pool

zfs set atime=off $pool

And if you have ZFS version 0.6.3 try

zfs set acltype=posixacl $pool
John Hixson
2014-09-03 14:01:51 UTC
Permalink
Post by Andrew Walker
Thanks for your help and replies. Yes, I meant "store dos attributes".
It's pretty clear now that I need to keep the parameter 'store dos
attributes=no' since
1) the server is an AD member server and
2) the map* parameters don't do the right thing under ZFS / NFSV4 ACLs.
The reason that "store dos attributes" is set to yes so that the map*
attributes *are* ignored. I think you have it backwards, you want it set
to yes (on FreeNAS).

- John
Post by Andrew Walker
I've read that the steps Klaus Hartnegg listed resolves the issue on ZFS on
Linux; however, I don't believe that SA based xattrs have been implemented
in ZFS on FreeBSD (the OpenZFS website has "??" next to FreeBSD). Atime is
already disabled on the zpool.
At this point I'll have to wait until I get a proper testing environment
set up to do proper experimentation / troubleshooting.
-----Original Message-----
From: Klaus Hartnegg [mailto:hartnegg at uni-freiburg.de]
Sent: Tuesday, September 02, 2014 1:44 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Effect of setting "store dos attributes = no" in Samba
4.1.11
Let's assume that the original poster meant "store dos attributes" and
wants to use Windows-ACLs.
Try
zfs set xattr=sa $pool
zfs set atime=off $pool
And if you have ZFS version 0.6.3 try
zfs set acltype=posixacl $pool
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Walker
2014-09-03 14:19:21 UTC
Permalink
John,

You are correct. That is what I meant to write. I think I need to put a
sticky on my monitor to keep my morning procedure to (1) drink coffee, then
(2) compose emails. I keep getting it backwards leading to unintended
results.

Andrew
Post by John Hixson
Post by Andrew Walker
Thanks for your help and replies. Yes, I meant "store dos attributes".
It's pretty clear now that I need to keep the parameter 'store dos
attributes=no' since
1) the server is an AD member server and
2) the map* parameters don't do the right thing under ZFS / NFSV4 ACLs.
The reason that "store dos attributes" is set to yes so that the map*
attributes *are* ignored. I think you have it backwards, you want it set
to yes (on FreeNAS).
- John
Post by Andrew Walker
I've read that the steps Klaus Hartnegg listed resolves the issue on ZFS
on
Post by Andrew Walker
Linux; however, I don't believe that SA based xattrs have been
implemented
Post by Andrew Walker
in ZFS on FreeBSD (the OpenZFS website has "??" next to FreeBSD). Atime
is
Post by Andrew Walker
already disabled on the zpool.
At this point I'll have to wait until I get a proper testing environment
set up to do proper experimentation / troubleshooting.
-----Original Message-----
From: Klaus Hartnegg [mailto:hartnegg at uni-freiburg.de]
Sent: Tuesday, September 02, 2014 1:44 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Effect of setting "store dos attributes = no" in
Samba
Post by Andrew Walker
4.1.11
Let's assume that the original poster meant "store dos attributes" and
wants to use Windows-ACLs.
Try
zfs set xattr=sa $pool
zfs set atime=off $pool
And if you have ZFS version 0.6.3 try
zfs set acltype=posixacl $pool
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Continue reading on narkive:
Loading...