372 lines
8.3 KiB
Plaintext
372 lines
8.3 KiB
Plaintext
[[Kategorie:Infrastruktur]]
|
|
|
|
== Hardware Info ==
|
|
Virtualisiert durch [[intern:Freebert]]
|
|
|
|
== Software Info ==
|
|
FreeBSD Jail Container
|
|
* minidlna
|
|
* nfs(3)
|
|
* samba(4)
|
|
* ftp (in arbeit)
|
|
|
|
== Verwendungszweck ==
|
|
* DLNA Sharing
|
|
* File Sharing
|
|
|
|
== HOST: FreeBSD NFS Export / ZFS sharenfs ==
|
|
|
|
<source lang=bash>
|
|
vi /etc/rc.conf
|
|
|
|
rpcbind_enable="YES"
|
|
nfs_server_enable="YES"
|
|
mountd_flags="-r"
|
|
rpc_lockd_enable="YES"
|
|
rpc_statd_enable="YES"
|
|
</source>
|
|
|
|
dirkter ZFS Export
|
|
|
|
<source lang=bash>
|
|
zfs set sharenfs="-maproot=root -network=172.22.99.0 -mask=255.255.255.0" zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
ZFS Clone Stand:
|
|
|
|
<source lang=bash>
|
|
zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
|
|
== NFS Import unter Linux ==
|
|
|
|
<source lang=bash>
|
|
apt-get install nfs-common portmap
|
|
</source>
|
|
|
|
mount:
|
|
|
|
<source lang=bash>
|
|
mkdir /freebert-nfs
|
|
|
|
showmount -e 172.22.99.10
|
|
|
|
mount -t nfs 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs -o soft,timeo=1,noatime
|
|
</source>
|
|
setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.
|
|
|
|
|
|
== NFS Import unter FreeBSD ==
|
|
|
|
<source lang=bash>
|
|
vi /etc/rc.conf
|
|
|
|
nfs_client_enable="YES"
|
|
</source>
|
|
|
|
mount:
|
|
|
|
<source lang=bash>
|
|
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs
|
|
|
|
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/zimport /freebert-zimport
|
|
</source>
|
|
|
|
|
|
== NFS Import unter MacOS X ==
|
|
|
|
<source lang=bash>
|
|
Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)
|
|
|
|
|
|
nfs://172.22.99.10/usr/jails/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
|
|
bei Problemen mit Schreibrechten ->
|
|
|
|
|
|
<source lang=bash>
|
|
mkdir freebert-nfs
|
|
|
|
sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /Users/<DEIN NAME>/freebert-nfs
|
|
</source>
|
|
|
|
|
|
Finder mit ROOT-Rechten!
|
|
|
|
|
|
<source lang=bash>
|
|
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
|
|
</source>
|
|
|
|
|
|
== NFS Import unter Windows (8) ==
|
|
|
|
<source lang=bash>
|
|
Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren
|
|
|
|
Computer -> (Kontextmenü) Netzwerkadresse hinzufügen
|
|
|
|
|
|
\\172.22.99.10\usr\jails\storage.hq.c3d2.de\rpool
|
|
</source>
|
|
|
|
|
|
== DLNA ==
|
|
|
|
=== Berechtigungen für DLNA setzen ===
|
|
|
|
bei Änderungen / Upload bitte ein:
|
|
|
|
<source lang=bash>
|
|
chown 1003:1003: ~/file
|
|
</source>
|
|
|
|
=== Index für Fernseher neu schreiben ===
|
|
|
|
Um die DB (<code>/var/db/minidlna/files.db</code>) neu zu schreiben muss diese
|
|
|
|
* gelöscht werden
|
|
* wenn der Service angehalten ist,
|
|
* bei Neustart wird sie neu geschrieben (dauert..).
|
|
|
|
oder ausführbar: unter <code>/usr/local/bin</code> liegt <code>reindex.sh</code>:
|
|
<source lang=bash>
|
|
#!/bin/sh
|
|
service minidlna stop
|
|
rm /var/db/minidlna/files.db
|
|
service minidlna start
|
|
</source>
|
|
|
|
'''Das Script sollte noch angepasst werden um die parallele Nutzung (Video läuft) problemfrei zu gewährleisten. Dafür kann eine zweite Instanz des Services für den Rescan und ein SIGHUP zur Injektion der neuen DB genutzt werden.'''
|
|
|
|
== Jail: Samba 4 ==
|
|
|
|
=== Samba4 Installation ===
|
|
|
|
* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
|
|
|
|
|
|
<source lang=bash>
|
|
cd /usr/ports/net/samba4/ && make install clean
|
|
</source>
|
|
|
|
|
|
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL
|
|
|
|
<source lang=bash>
|
|
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
|
|
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
|
|
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
|
|
ZVOL auf dem FreeBSD HOST mounten lassen
|
|
|
|
<source lang=bash>
|
|
vi /etc/fstab
|
|
|
|
# Device Mountpoint FStype Options Dump Pass#
|
|
/dev/gpt/swap0 none swap sw 0 0
|
|
#/dev/gpt/swap1 none swap sw 0 0
|
|
#/dev/gpt/swap2 none swap sw 0 0
|
|
#/dev/gpt/swap3 none swap sw 0 0
|
|
### ### ### C3D2 ### ### ###
|
|
proc /proc procfs rw 0 0
|
|
/dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4 ufs rw,acls 1 1
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
=== Samba4 Provisionierung ===
|
|
|
|
<source lang=bash>
|
|
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
|
|
</source>
|
|
|
|
=== Samba4 Config ===
|
|
|
|
vi /usr/local/etc/smb4.conf
|
|
|
|
<source lang=bash>
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
# Global parameters
|
|
[global]
|
|
workgroup = HQ
|
|
realm = HQ.C3D2.DE
|
|
netbios name = STORAGE
|
|
server role = active directory domain controller
|
|
idmap_ldb:use rfc2307 = yes
|
|
### dns forwarder = 172.22.99.51
|
|
|
|
server services = -smb +s3fs -nbt
|
|
dcerpc endpoint servers = -winreg -srvsvc
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
#
|
|
server string = %h - FreeBSD ZFS Server
|
|
|
|
interfaces = 172.22.99.52
|
|
bind interfaces only = Yes
|
|
|
|
# disable printer support
|
|
disable spoolss = Yes
|
|
|
|
# allow dynamic dns update / true = nonsecure + signed
|
|
allow dns updates = signed
|
|
|
|
# freebsd specific
|
|
nsupdate command = /usr/local/bin/samba-nsupdate -g
|
|
|
|
# added to allow asynchronous I/O (make sure to load the kernel module aio)
|
|
aio read size = 16384
|
|
aio write size = 16384
|
|
|
|
### ### # server options
|
|
|
|
server min protocol = NT1
|
|
server max protocol = SMB3
|
|
|
|
disable netbios = Yes
|
|
smb ports = 445
|
|
|
|
server signing = auto
|
|
|
|
# protocol stream encryption for smbclient
|
|
smb encrypt = auto
|
|
|
|
### ### # client options (for local services / smbclient etc.)
|
|
|
|
client min protocol = NT1
|
|
client max protocol = SMB3
|
|
|
|
client ldap sasl wrapping = seal
|
|
|
|
client signing = auto
|
|
client schannel = auto
|
|
|
|
lanman auth = No
|
|
ntlm auth = No
|
|
client use spnego = Yes
|
|
client ntlmv2 auth = Yes
|
|
client lanman auth = No
|
|
client plaintext auth = No
|
|
|
|
### experimental ###
|
|
###
|
|
### dsdb:schema update allowed = Yes
|
|
###
|
|
### experimental ###
|
|
|
|
#
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
[netlogon]
|
|
path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
|
|
read only = No
|
|
browseable = no
|
|
|
|
[sysvol]
|
|
path = /var/db/samba4/sysvol
|
|
read only = No
|
|
browseable = no
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
[rpool]
|
|
path = /rpool
|
|
|
|
valid users = k-ot
|
|
map acl inherit = yes
|
|
browseable = yes
|
|
public = yes
|
|
writable = yes
|
|
posix locking = yes
|
|
create mask = 0664
|
|
directory mask = 0775
|
|
strict locking = no
|
|
store dos attributes = yes
|
|
|
|
### nt acl support = yes
|
|
### csc policy = disable
|
|
|
|
inherit acls = Yes
|
|
inherit owner = no
|
|
inherit permissions = no
|
|
map archive = No
|
|
map readonly = no
|
|
vfs objects = shadow_copy2, zfsacl
|
|
nfs4:mode = special
|
|
nfs4:acedup = merge
|
|
nfs4:chown = yes
|
|
|
|
shadow: format = -CRON-%Y.%m.%d-%H.%M
|
|
shadow: sort = desc
|
|
shadow: snapdir = .zfs/snapshot
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
|
|
=== Samba4 Map Users to thier UNIX UID ===
|
|
|
|
<source lang=bash>
|
|
id k-ot
|
|
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)
|
|
|
|
samba-tool user add k-ot
|
|
New Password:
|
|
Retype Password:
|
|
User 'k-ot' created successfully
|
|
|
|
service samba_server start
|
|
|
|
wbinfo --name-to-sid k-ot
|
|
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)
|
|
|
|
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
|
|
3000022
|
|
|
|
service samba_server stop
|
|
|
|
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108
|
|
|
|
xidNumber: 1003
|
|
|
|
# 0 adds 1 modifies 0 deletes
|
|
|
|
/usr/local/bin/testparm
|
|
samba-tool dbcheck
|
|
samba-tool ntacl sysvolcheck
|
|
</source>
|
|
|
|
|
|
== SMB Import unter Linux ==
|
|
|
|
<source lang=bash>
|
|
sudo apt-get install cifs-utils
|
|
|
|
sudo mkdir /freebert-storage
|
|
|
|
sudo mount -t cifs //172.22.99.52/rpool /freebert-storage -o user=k-ot
|
|
</source>
|
|
|
|
|
|
== HOST: crontab ==
|
|
|
|
<source lang=bash>
|
|
00 6 * * * root /usr/sbin/chown -R k-ot:k-ot /rpool
|
|
</source>
|
|
|
|
== Log ==
|
|
* 10.05.2014 - Samba4 Support
|
|
* 01.05.2014 - NFSv3 Export
|