Samba shares with external NFS storage

Configuration:

  • Proxmox server with a small KVM VM based on nethserver.
  • I have installed NFS in the Proxmox and shared some folders.
  • I can mount the folders under /var/lib/nethserver/ via NFS

No problem with mail or backup, but when I try to use the NFS mounts for samba shares I have various permission problems.
As already reported in this thread Using file server/Samba shares with external NFS storage (that not solved the question), I have this situation:
I can setup new shares and can see them from the Windows clients but when I try to access them, I got an error message that this share is not accessible (access not permitted). When I’m using the filesystem of the Nethserver for the shares everything works fine.
I can change the /var/lib/nethserver/ibay/SHARE permissions from drwxrws— to drwxrwsr-x and so I can access the folder, but it is also accessed in RO from the users not in the group and if I modify the share config it is resetted to default drwxrws—
Any hints/trics?
Thanks, P.

@PaulVM

Hi Paolo

Sharing a NFS mount with Samba is a bad idea, and will give you plenty of headaches (possibly with each major update!)… NFS has NO user authentification, and uses only IP based authencation , whereas Samba / NC need a User based authentification.

The user root is basically the only user with real permissions to write in NFS… :frowning:

Your Options?

Use Samba on your Proxmox (Not really a good idea - no GUI for anything).

Use a second, larger virtual disk, eg mounted under /var/lib/nethserver/ibays/
This is the best and safest way! Best is to also use XFS and LVM, to make resizing easy in future.
Make this virtual disk as small as possible / needed - resizing a virtual disk is VERY fast in Proxmox and often needs NO reboot!

My 2 cents
Andy

Another Idea, you could use the NFS-Storage on Proxmox (shared storage) to store the complete Nethserver-VM and use only the Samba installed on Nethserver?

@fausp

NethServer is already on Proxmox - but probably not enough allocated disk-space. Resizing would be easy and quick for this - takes about 2-3 minutes to increase disk size in Proxmox…

My 2 cents
Andy

Yes and everything should work out of the box…

@fausp

I do have 30 clients running exactly Nethserver on Proxmox, and Nextcloud with external Samba File sharing (Most on NethServer, a few shares on NAS, also SMB). All work well, besides the recent issue with NC and external Samba sharing, but that was quickly fixed… :slight_smile:

And 5-60+ users for each client, that’s proof it works well…

My 2 cents
Andy

I am not GUI addicted :wink:
but never tried to mount an smb share to nethserver for use it as smb shares
I often use smb directly on the Proxmox or via a CT that implements the file sharing (like turnkey or a Debian, mounting the folders as mount point).
Tried this way (CT), with nethserver, but a part for the usual networking & c. problems, when you try to use NS in a CT you have a great number of problems whe you try to connect to a DC (and the internal DC don’t works because the way NS implement it).

I don’t like this solution. It is the simplest, but I need a 2 TB disk for the start …
And I don’t like vdisks so big

In the past I did some expriments on this (SMB over NFS share), and I remember in my tests I reached an instable but working solutions. Before to retry all the experiments I was searchiing for other experiences that can save me some time and frustations :wink:
Thanks, P.

You create a SMB share on Proxmox with wich properties?
You simply mount that share to NS (using a dedicated NIC on a specific Proxmox vmbrN like for the NFS shares, I suppose), with wich specific configuration/properties?
Thanks, P…

@PaulVM

Hello Paolo

Why bother?

Proxmox is a specialist for Rock-Solid virtualization.
Why should I ruin that with a half baked file sharing option on top?
Mind you, NO built in option for backing up those data on Proxmox, no options for permissions handling.

And making your Proxmox a samba member server to an AD running inside of that Proxmox is an invitation for deep trouble… When you ever have an AD problem, no file storage on Proxmox woud be accessible, no permission setting would work, worse even, you might not be able to start any VMs…

Why not use Proxmox for what it’s made for? Virtualization! You have enough disk space on that Proxmox, or you wouldn’t even bother with NFS…

So why not just allocate a bigger (or second disk, if you prefer) to NethServer?

NethServer can backup it’s own disks - but so can Proxmox… Add in the option of snapshots, and you’re on the very safe side if anything happens! I use such double backup options - and a rule of thumb for Backups is:
Better one backup too many, than one backup too little… :slight_smile:

Using virtualization professionally (I do have 30 paying clients!) i prefer to be on the safe side and use the right tools for the job…

An example:

On a camping outing, sure I can use my swiss army knife as a knife, fork and bottle opener, there’s even a corkscrew for wine…
But you can be sure if I invite a lady home, I am going to have a proper knife and stuff on the table, and use a proper wine corkscrew to open that bottle!

:slight_smile:

Wrong tools for the job are misusing the Hypervisor, the only file sharing which makes sense on a Hypervisor is anything for VMs, better would be a CEPH Cluster on Proxmox if storage is required…

And then, backup would be to a PBS, Proxmox Backup Server, as from what I’ve seen so far, nothing else comes close…

Note:

For my medium to larger SME clients (All use Proxmox, even the small ones!) I generally have a LAN (Often BONDED) - Proxmox calls this Public Network in their Docs, a seperate Storage Network (For shared Storage, facilitating super fast Migration and HA) and a seperate Backup Network, leading to PBS and maybe NAS…

My 2 cents
Andy

One Example:

Proxmox is doing a backup right now…
The NethServer has 800 GB of “Shares”…

I agree with you on almost all the considerations …

I usually use the hypervisor only for its role and use VM/CT for all the activities.
I am also a Proxmox addicted (since 1.x versions), and in this moment I have to migrate an old Proxmox 3.x with some KVM VM (no problem supposed for these), and an old OpenVZ CT based on an older ClearOS 5.x migrated from a Proxmox 1.x 6 years ago, that act as DC and samba shares for 2 + 4 TB of data (and still works very well)
The new server have 6 x 16 TB disks (+ 2 x 2 TB SSD)

Because the backup of big disks is not a matter that ever liked me.
May be it is a my psycological limits due to my lack in experiences with snapshot or others tools, but even if I use PBS or duplicity/restic in NS, I like the old rsync/rsnapshot/… file based backup that give me the options to rapidly find a lost file.
And òike you, I prefer more backups than needed and possibly in different tecnology.
And, until now, having a CT that store/save the files to a folder that I can replicate easily and restore the backup in minutes if needed (only matter of restoring the main VM and give it the data), was a good solution. Not so modern, but very effective.
May be I have to evolve, but it seems to me that the NFS solution (directly on the Proxmox or by a CT), can be a good solutions for a LAN server with no mission critical goals. And the only thing that seems to lack are some permissions configuration :frowning:
I have another server that have a CT based on NS with 4 TB of mail data (mount point obviuosly).
In the same server I want to add another NS based VM (KVM because as said AD in container is tricky …), with 2-3 TB of SMB data that are supposed to grow rapidly …
So, same “problem”.

Probably my main lack is the understanding on why I have to care about NFS lack of user authentication if it is used only to store data via the Samba that is supposed to care about the authentication.

Thanks, P.

@PaulVM

Hi Paolo

For all my clients with PBS (All still have NAS from pre-PBS days for VM Backups) I do backups to both, PBS and NAS.

The example I showed in the earlier post with a NethServer with 800 GB of data:

A traditional Backup (VZDumpBackup) takes about 6-8 hours.
An incremental backup to PBS takes about 10 minutes!
The first backup to PBS is never incremental, after that it’s almost always incremental…

Note:
I NEVER have to worry about full or incremental, PBS handles everything extremly well!
And the recent option of single file restore - without touching the VM (Of course you can restore multiple files and folders) can do that from ANY backup on PBS.
I just do Backups to NAS as the hardware is already there, and using a second backup wih different software / technology is never a bad idea…
It’s just that PBS is so fast, that I can now do 4 daily backups easily of each important server.

Note 2:
All my clients have daily offsite backups. Until PBS, only Data backups went out of house, now, with PBS, even complete VMs are also saved offsite. All in at least 7 generations!

One very important thing you seem to be overlooking / ignoring:

Besides file permissions and the differences systems have with handling that (SMB / NFS / local), another very important issue often overlooked in file sharing environments is File-Locking.

Let’s say, you’re sharing a folder /data from any Linux box. For Windows you use Samba, and for sharing with other Linux (Workstations) you use the more performanter NFS (less overhead, and natural language for both UNIX / Linux, wheras SMB is like speaking a foreign language…
Both Samba and NFS use completly different file locking mechanisms in the background - and both are not aware of the other…
Sooner or later, you will have file locking issues - or, worse, the file wasn’t locked when it should have been, and got overwritten… :frowning: And no, NFS has no trash can like samba has for network shares…

NethServer with AD in a container is indeed tricky, as promiscious mode is not normally used for LXC…

My 2 cents
Andy

-> Besides having NethServer backup itself, and Proxmox backing up the whole NethServer VM, I also have my own script saving 7 generations to a NAS via NFS/rsync. This is also stored offsite.
Users can access this backup read-only (Protection against crypto-lockers). So they don’t even need me to restore anything, as in the backup folder, under each day, the data has the same structure as the folders they work on, and they can copy over a file from backup to the normal storage…