[[Kategorie:Infrastruktur]]
== Hardware Info ==
Virtualisiert durch [[intern:Freebert]]
== Software Info ==
FreeBSD Jail Container
* minidlna
* nfs(3)
* samba(4)
* ftp (in arbeit)
== Verwendungszweck ==
* DLNA Sharing
* File Sharing
== HOST: FreeBSD NFS Export / ZFS sharenfs ==
vi /etc/rc.conf
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
dirkter ZFS Export
zfs set sharenfs="-maproot=root -network=172.22.99.0 -mask=255.255.255.0" zroot/ezjail/storage.hq.c3d2.de/rpool
ZFS Clone Stand:
zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool
== NFS Import unter Linux ==
apt-get install nfs-common portmap
mount:
mkdir /freebert-nfs
showmount -e 172.22.99.10
mount -t nfs 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs -o soft,timeo=1,noatime
setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.
== NFS Import unter FreeBSD ==
vi /etc/rc.conf
nfs_client_enable="YES"
mount:
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/zimport /freebert-zimport
== NFS Import unter MacOS X ==
Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)
nfs://172.22.99.10/usr/jails/storage.hq.c3d2.de/rpool
bei Problemen mit Schreibrechten ->
mkdir freebert-nfs
sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /Users//freebert-nfs
Finder mit ROOT-Rechten!
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
== NFS Import unter Windows (8) ==
Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren
Computer -> (Kontextmenü) Netzwerkadresse hinzufügen
\\172.22.99.10\usr\jails\storage.hq.c3d2.de\rpool
== Berechtigungen für DLNA setzen ==
bei Änderungen / Upload bitte ein:
chown 1003:1003: ~/file
== Jail: Samba 4 ==
=== Samba4 Installation ===
* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
cd /usr/ports/net/samba4/ && make install clean
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
ZVOL auf dem FreeBSD HOST mounten lassen
vi /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/gpt/swap0 none swap sw 0 0
#/dev/gpt/swap1 none swap sw 0 0
#/dev/gpt/swap2 none swap sw 0 0
#/dev/gpt/swap3 none swap sw 0 0
### ### ### C3D2 ### ### ###
proc /proc procfs rw 0 0
/dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4 ufs rw,acls 1 1
### ### ### C3D2 ### ### ###
# EOF
=== Samba4 Provisionierung ===
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
=== Samba4 Config ===
vi /usr/local/etc/smb4.conf
### ### ### C3D2 ### ### ###
# Global parameters
[global]
workgroup = HQ
realm = HQ.C3D2.DE
netbios name = STORAGE
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
### dns forwarder = 172.22.99.51
server services = -smb +s3fs -nbt
dcerpc endpoint servers = -winreg -srvsvc
### ### ### C3D2 ### ### ###
#
server string = %h - FreeBSD ZFS Server
interfaces = 172.22.99.52
bind interfaces only = Yes
# disable printer support
disable spoolss = Yes
# allow dynamic dns update / true = nonsecure + signed
allow dns updates = signed
# freebsd specific
nsupdate command = /usr/local/bin/samba-nsupdate -g
# added to allow asynchronous I/O (make sure to load the kernel module aio)
aio read size = 16384
aio write size = 16384
### ### # server options
server min protocol = NT1
server max protocol = SMB3
disable netbios = Yes
smb ports = 445
server signing = auto
# protocol stream encryption for smbclient
smb encrypt = auto
### ### # client options (for local services / smbclient etc.)
client min protocol = NT1
client max protocol = SMB3
client ldap sasl wrapping = seal
client signing = auto
client schannel = auto
lanman auth = No
ntlm auth = No
client use spnego = Yes
client ntlmv2 auth = Yes
client lanman auth = No
client plaintext auth = No
### experimental ###
###
### dsdb:schema update allowed = Yes
###
### experimental ###
#
### ### ### C3D2 ### ### ###
[netlogon]
path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
read only = No
browseable = no
[sysvol]
path = /var/db/samba4/sysvol
read only = No
browseable = no
### ### ### C3D2 ### ### ###
[rpool]
path = /rpool
valid users = k-ot
map acl inherit = yes
browseable = yes
public = yes
writable = yes
posix locking = yes
create mask = 0664
directory mask = 0775
strict locking = no
store dos attributes = yes
### nt acl support = yes
### csc policy = disable
inherit acls = Yes
inherit owner = no
inherit permissions = no
map archive = No
map readonly = no
vfs objects = shadow_copy2, zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
shadow: format = -CRON-%Y.%m.%d-%H.%M
shadow: sort = desc
shadow: snapdir = .zfs/snapshot
### ### ### C3D2 ### ### ###
# EOF
=== Samba4 Map Users to thier UNIX UID ===
id k-ot
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)
samba-tool user add k-ot
New Password:
Retype Password:
User 'k-ot' created successfully
service samba_server start
wbinfo --name-to-sid k-ot
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
3000022
service samba_server stop
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108
xidNumber: 1003
# 0 adds 1 modifies 0 deletes
/usr/local/bin/testparm
samba-tool dbcheck
samba-tool ntacl sysvolcheck
== SMB Import unter Linux ==
sudo apt-get install cifs-utils
sudo mkdir /freebert-storage
sudo mount -t cifs //172.22.99.52/rpool /freebert-storage -o user=k-ot
== HOST: crontab ==
00 6 * * * root /usr/sbin/chown -R k-ot:k-ot /rpool
== Log ==
* 10.05.2014 - Samba4 Support
* 01.05.2014 - NFSv3 Export