Backbrain   Archive

FreeBSD ZFS Samba / SMB with Previous versions

First, let’s tune some kernel settings to optimize handling of many files. Edit /etc/sysctl.conf and add the following lines:

kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536

pkg search samba
pkg install samba419

Samba 4 expects a filesystem which respects POSIX acls, but ZFS uses the nfsv4acl model. We can configure ZFS to operate in passthrough mode, then tell Samba to use nfsv4 acls. In addition, we want to make the volume’s .zfs/snapshot directory visible. This will allow us to present snapshots as Volume Shadow Copies, which appear to Windows clients as Previous Versions of the volume.

zfs create -o aclmode=passthrough -o aclinherit=passthrough -o snapdir=visible zroot/samba

/usr/local/etc/smb4.conf

[global]
    unix charset         = UTF-8
    workgroup            = NAME
    netbios name         = datengrab
    disable netbios      = yes
    server string        = datengrab
    security             = user
    max smbd processes   = 20
    encrypt passwords    = yes
    aio read size        = 16384
    aio write size       = 16384
    kernel change notify = no
    strict locking       = no
    strict sync          = no
    deadtime             = 60

    dns proxy            = no

    lanman auth          = no
    ntlm auth            = yes
    client lanman auth   = no
    local master         = yes
    preferred master     = yes
    client min protocol  = SMB2
    server min protocol  = SMB2_02
    server multi channel support = yes
    read raw             = yes
    write raw            = yes
    min receivefile size = 16384
    getwd cache          = true

    ;; acl_xattr = Enables to use fine-granular Windows ACL.
    ;; streams_xattr = Enables ADS support.
    ;; shadow_copy2 = Enables Windows clients to use browse snapshots as shadow copies.
    vfs objects          = shadow_copy2 streams_xattr acl_xattr zfsacl
    shadow:snapdir       = .zfs/snapshot
    shadow:sort          = desc
    shadow:format        = -%Y-%m-%d-%H%M
    shadow:snapprefix    = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
    shadow:delimiter     = -20
    shadow:localtime     = yes

    ;; Hide the .zfs directory from clients
    veto files           = /.zfs/
    delete veto files    = yes

    nt acl support       = yes

    ;; Use nfsv4 acls (Since Samba 4.0 all options are per share options.)
    ;;  => See README.nfs4acls.txt for more information
    ;; https://www.samba.org/samba/docs/4.12/man-html/vfs_zfsacl.8.html
    ;; Use OWNER@ and GROUP@ special IDs
    nfs4:mode            = special
    ;; Merge duplicate ACEs
    nfs4:acedup          = merge
    ;; Enable changing owner and group
    nfs4:chown           = yes
    map acl inherit      = yes

    strict sync          = no
    use sendfile         = yes
    block size           = 4096
    fstype               = ZFS
    server smb encrypt   = required
    ;; Store DOS attributes in extended attributes (no mapping)
    store dos attributes = yes
    map hidden           = no
    map system           = no
    map archive          = no
    map readonly         = no
    map to guest         = bad user

    acl allow execute always = true
    acl map full control = yes


    dos filemode         = yes

    ;; Extended attributes
    ea support           = yes

    ;; DISABLE PRINTING
    printing                = bsd
    load printers           = no
    disable spoolss         = yes
    show add printer wizard = no

[mario]
    path            = /home/mario
    public          = no
    writable        = yes
    browsable       = yes
    write list      = mario
    ;; Use nfsv4 acls (Since Samba 4.0 all options are per share options.)
    ;;  => See README.nfs4acls.txt for more information
    ;; https://www.samba.org/samba/docs/4.12/man-html/vfs_zfsacl.8.html
    ;; Use OWNER@ and GROUP@ special IDs
    nfs4:mode            = special
    ;; Merge duplicate ACEs
    nfs4:acedup          = merge
    ;; Enable changing owner and group
    nfs4:chown           = yes

pdbedit -a -u mario
pdbedit -a -u USER2
pdbedit -a -u USER3

sysrc samba_server_enable=YES
service samba_server start

zfs snapshot -r zroot/home/mario@zfs-auto-snap_frequent-`date +%Y-%m-%d-%H%M`
zfs snapshot -r zroot/home/mario@zfs-auto-snap_hourly-`date +%Y-%m-%d-%H%M`
zfs snapshot -r zroot/home/mario@zfs-auto-snap_daily-`date +%Y-%m-%d-%H%M`
zfs snapshot -r zroot/home/mario@zfs-auto-snap_weekly-`date +%Y-%m-%d-%H%M`
zfs snapshot -r zroot/home/mario@zfs-auto-snap_monthly-`date +%Y-%m-%d-%H%M`
zfs snapshot -r zroot/home/mario@zfs-auto-snap_yearly-`date +%Y-%m-%d-%H%M`
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "frequent" | tail -n +10 | xargs -n 1 zfs destroy -R
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "hourly" | tail -n +23 | xargs -n 1 zfs destroy -R
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "daily" | tail -n +7 | xargs -n 1 zfs destroy -R
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "weekly" | tail -n +4 | xargs -n 1 zfs destroy -R
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "monthly" | tail -n +11 | xargs -n 1 zfs destroy -R
zfs list -H -t snapshot -o name -S creation -r zroot/home/mario | grep "early" | tail -n +10 | xargs -n 1 zfs destroy -R