Protocol question

[BlazeStar]

Hi guys,

I just set up a FreeNAS server home.

Now I was about to set up my shares.

But I'm not sure which protocol to use, and here's why:

AFP: Upon reading around on this forum and in Google, it seems that most people consider it deprecated, especially compared to latest versions of CIFS.

NFS: Cool stuff, but not very versatile.
I use it mainly to mount share on my CentOS servers at work and it works perfectly.

Therefore, the solution of choice is CIFS.

BUT at how, I do not have a single Windows computer.

And given the agreed method is to configure the share on the client side (i.e.: from Windows), then HOW can I configure my shares ?

At home, I have my OS X Mac Mini, and my OS X Mac Mini.

I also have a HTPC which I intend to use with the PlexMedia server plug-in.

And occasionally, friends come over with their laptops and I'd like to share some stuff with them, and set up a user account for such a purpose.

Finally I have an iPad and my faithful iPhone.

None of which will allow me to configure my CIFS share.

I could also mount a Windows VM, for the sole purpose of configuring the shares.

So my first question is: what would you do in my place.
Which protocol would you choose and why?

My second question is:
I was thinking on creating a dataset and mounting an AFP share to allow Time Machine backups.
Is that a good idea ?

Thanks !

 

[jkh]

Whoa. You're starting from a whole pile of false premises there. First, you mention AFS (Andrew Filesystem) when I assume you mean AFP? Yeah, you must since you reference it later. If you want to use AFP, go right ahead and use AFP. You can't do TimeMachine backups any other way, in fact. Keep It Simple.

There's also nothing limited about NFS. Where did you get that impression? In fact, using the automounter (autofs) with NFS is often the simplest thing to do.

You don't configure CIFS from the client side. Where did you get that impression?

Stop over-thinking this. You're new to the platform, just use whatever protocol is easiest and most obvious to you. :)

 

[BlazeStar]

My comments about AFP were based on the fact that since OS X 10.9, Apple itself started using SMB2 instead of AFP... so I was wondering if - except for TimeMachine backups - there was a reason why someone would want to use AFP.

Concerning CIFS, how do you configure the shares' permissions from FreeNAS ?

 

[jkh]

See http://doc.freenas.org/9.3/freenas_sharing.html#windows-cifs-shares

 

[anodos]

You don't configure CIFS from the client side. Where did you get that impression?

He's probably thinking of manipulating acls, which is easier client-side through explorer than using setfacl locally.

Also there are some aspects of samba server administration that are easier through windows client (remote session through 'computer manager').

An example is share permissions set in share_info.tdb. Editing a tdb from CLI? Yuck. Granted you can accomplish the same things through smb.conf parameters.

Another example is that an admin using 'computer manager' on a windows client can close a single open file, whereas locally you are stuck killing the pid of the samba session of whatever user has the file open.

The lack of well-documented platform-independent GUI tools for administering samba servers is slightly irritating. Overall I feel like samba is a game of calvinball.

 

[jkh]

Ah yes, indeed, for the finer point of ACLs you do indeed need to use Windows' ACL manager. This sounds like a rather more simple setup than that, however, which still leaves me wondering why AFP or NFS + standard Unix permissions wouldn't do the job just fine here. I use AFP from my multiple Mac devices at home all the time and it works just great. Apple will probably manage to switch everything over to SMB and remove AFP right around the time that Fortran is finally retired for good. ;)

 

[BlazeStar]

Thank you anodos, that's exactly what I meant.

Can we agree that for an environment such as mine, where there are macs and windows, the protocol of choice would be CIFS ?

If you don't agree can you please explain why ?

 

[anodos]

Thank you anodos, that's exactly what I meant.

Can we agree that for an environment such as mine, where there are macs and windows, the protocol of choice would be CIFS ?

If you don't agree can you please explain why ?

I'm confused. In your first post you complained that you can't configure CIFS because you don't have a windows computer. Now you need to use CIFS because you have a mixed environment with windows and Mac computers.

Most of the details I mentioned are things you need to know for managing samba in medium to large samba deployments (read 20+ concurrent users).

As a home user you can just create a user, make it owner of dataset you're sharing, and use those credentials to authenticate. If you feel ambitious, create an account for guest users.

If you want friends with windows computers to be able to access without installing client software you are stuck with samba.

You know your needs best. Read the freenas documentation and make a decision about how you want to configure your server. If you run into a specific problem, start a forum thread. Vague questions will get vague answers.

 

[jkh]

You know your needs best. Read the freenas documentation and make a decision about how you want to configure your server. If you run into a specific problem, start a forum thread. Vague questions will get vague answers.

+1!

 

[BlazeStar]

Dear anodos and jkh

Thank you very much for taking the time to reply to me, and sorry for not being clear.

I did try to read the documentation, and also the threads on this forum.

I'm confused. In your first post you complained that you can't configure CIFS because you don't have a windows computer. Now you need to use CIFS because you have a mixed environment with windows and Mac computers.

I'm sorry for being unclear. In fact there will be OS X, Windows and Linux machines connecting to the share.

However, the Windows machine are not mine, meaning they could hardly be used to administer the CIFS shares.

Most of the details I mentioned are things you need to know for managing samba in medium to large samba deployments (read 20+ concurrent users).

As a home user you can just create a user, make it owner of dataset you're sharing, and use those credentials to authenticate. If you feel ambitious, create an account for guest users.

If you want friends with windows computers to be able to access without installing client software you are stuck with samba.

You are right but it remains that there are some basic problems for simple home users sharing too.

For example, when you use the FreeNAS GUI.

1) You convert a dataset to ACL / Windows permission set, and set a user and a group

2) You then set up a CIFS share for that dataset

3) Then, with getfacl you will see right away that there is ALWAYS a permission set for "everyone" which will give list and read privileges.

That is, to me, very undesirable.

The only way to get rid of this "everyone" is:

A) Ideally, to access Windows and use the "security" tab of the share and do it easily with a nice GUI. getfacl afterwards will confirm it has been done right.

B) Otherwise, use setfacl to manage the permissions manually

But - to me - setfacl is hardcore and I never managed to grasp it very well.


So that's where I was wondering how to deal with that unless I have access to a Windows computer or VM, hence my post.



Concerning the share protocols, I was trying to figure out which protocol would be the best to use in my case.

NFS, to me, seems not very end-user friendly, therefore that is why I took it out of the list. I wanted something simple so that when someone connects to my network, he can see the NAS in the network and simply click on a share and type in credentials. I have not seen NFS being able to do this, correct me if I'm wrong.

Concerning AFP, to my understanding, this is mostly for OS X computers. I will be using AFP to have two shares for TimeMachine purpose. But for the shares I want to also make available to Windows computers, my understanding is that it was not a good idea.

Therefore, that was why I got to the conclusion that I should be using CIFS.

But, as previously stated, I don't understand how I can fully manage CIFS shares and protocol without having a Windows computer or VM.


So I was posting on this forum to validate my hypothesis and conclusion, in terms of protocol choice, and also to get your advice on how to deal with the configuration of the CIFS shares.


I did not mean to waste you time or to be vague, I hope this new post provides required information.

 

[anodos]

3) Then, with getfacl you will see right away that there is ALWAYS a permission set for "everyone" which will give list and read privileges.

That is, to me, very undesirable.

The only way to get rid of this "everyone" is:

A) Ideally, to access Windows and use the "security" tab of the share and do it easily with a nice GUI. getfacl afterwards will confirm it has been done right.

B) Otherwise, use setfacl to manage the permissions manually

But - to me - setfacl is hardcore and I never managed to grasp it very well.

Permissions should just be a fire-and-forget thing. You configure it correctly one time and never bother with it again. You do this by granting access to a group and then granting access to users by making them members of the group. If you have to keep going back in to tweak permissions then you are doing it wrong.

If you want to make sure that no one other than a specific group can access a share and you don't have a windows client handy, then you can use the "valid users" smb.conf parameter. You can add it in the "auxiliary parameters" field of your share's configuration in the webgui. Syntax is "valid users = @<group>" i.e. "valid users = @PeopleILike"

Share definition access controls (smb.conf paramters) can be a bit like a permissions sledgehammer. They can in some circumstances override other methods of access controls and have undesirable side effects. For instance, the "force user" parameter tends to break the ability to manage ACLs through Explorer.

 

[pirateghost]

It sounds like you have a very flat environment.

Set up a user for you to have full control of the dataset.

Set up a guest user for your friends to have read/execute access.

Done. You don't have to manage anything. You have your access and they have theirs.

 

[cyberjock]

Lots of confusion, but if you plan to use Windows + "something else, anything else" you're pretty much saying CIFS. So yes, CIFS is the way to go for you.