I saw your recent post about updating Samba and built a new ipfire machine to test it out. I have a need to make the machine a print server … and it’s not working.
A couple of notes & questions …
-
The web dialog is unable to add a user. You have a default in there, but I cannot add new user or change password manually at the # prompt.
[root@ipfire ~]# smbpasswd -a user New SMB password: Retype new SMB password: Failed to add entry for user user. [root@ipfire ~]#
Tried it multiple times with full fails.
–
The smb.conf - I got the impression after digging around on the machine that you wanted to keep everything you manage under the var/ipfire directory. This is problematic from a standards point of view. I’d recommend staying with the standard /etc/samba
folder.
Perusing the smb.conf - the web dialog offers no real options, and so I loaded my own, but you set everything up to use /var/ipfire/samba and this is a non-standard strategy that just makes administering samba a PIA. This may be why adding users, and being able to simply managing the smb.conf is mucked up by doing things in a nonstandard fashion. Just install it the way it is normally installed.
-
There are features to Samba that can make creating automated config file easier. Little things like %L & %m in the smb.conf shares that makes an automatic host identifier out of
a share.[%L-somesharename] browsable = yes read only = no valid users = user path = /somesharename comment = %m Some Share Name Directory
would show IPFIRE-somesharename
in a network browser. This makes the shares immediately identified with the server they are on. Why is this important? Because when you browse shares on various machines, smb attachments don’t usually identify their origins, and the simplicity of the %L adds this automatically.
–
5. You’re not using some very important options that can increase performance.
After dealing with performance issues with Samba on Linux, I did some digging around and found this out on the net to add to the smb,conf.
I’ll warn ya, you need to be able to tweak these to your machines … and so these parameters should be modifiable from your web dialogs.
# IF YOU USE A FILE SYSTEM THAT DOES NOT SUPPORT UNWRITTEN
# EXTENTS, SET "strict allocate = no".
strict allocate = no
# THIS IS TO COUNTERACT SPACE WASTAGE THAT CAN BE CAUSED BY THE PREVIOUS OPTION
allocation roundup size = 4096
# ALLOW READS OF 65535 BYTES IN 1 PACKET - MAJOR PERFORMANCE BENEFIT.
# SUPPORT RAW WRITE SMBs WHEN TRANSFERRING DATA FROM CLIENTS.
read raw = Yes
write raw = Yes
# SERVER SIGNING SLOWS THINGS DOWN WHEN ENABLED -
# DISABLED BY DEFAULT BEFORE SAMBA 4.
server signing = No
# WHEN "strict locking = no", THE SERVER PERFORMS FILE LOCK CHECKS ONLY WHEN THE
# CLIENT EXPLICITLY ASKS FOR THEM. WELL-BEHAVED CLIENTS ALWAYS ASK FOR LOCK CHECKS
# WHEN IT IS IMPORTANT, SO IN THE VAST MAJORITY OF CASES,
# "strict locking = auto" OR "strict locking = no" IS ACCEPTABLE.
strict locking = auto
# TCP_NODELAY: SEND AS MANY PACKETS AS NECESSARY TO KEEP DELAY LOW
# IPTOS_LOWDELAY: [Linux IPv4 Tweak] MINIMIZE DELAYS FOR INTERACTIVE TRAFFIC
# SO_RCVBUF: ENLARGE SYSTEM SOCKET RECEIVE BUFFER
# SO_SNDBUF: ENLARGE SYSTEM SOCKET SEND BUFFER
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
# SMBWriteX CALLS GREATER THAN "min receivefile size" WILL BE
# PASSED DIRECTLY TO KERNEL recvfile/splice SYSTEM CALL.
# TO ENABLE POSIX LARGE WRITE SUPPORT (SMB/CIFS WRITES UP TO 16MB),
# THIS OPTION MUST BE NONZERO.
# THIS OPTION WILL HAVE NO EFFECT IF SET ON A SMB SIGNED CONNECTION.
# MAX VALUE = 128k
min receivefile size = 16384
# USE THE MORE EFFICIENT sendfile() SYSTEM CALL FOR EXCLUSIVELY OPLOCKED FILES.
use sendfile = Yes
# READ FROM FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER THAN THIS VALUE.
# WRITE TO FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER THAN THIS VALUE
# NOTE: SAMBA MUST BE BUILT WITH ASYNCHRONOUS I/O SUPPORT
### aio read size = 16384
### aio write size = 16384
aio read size = 4096
aio write size = 4096
### default max xmit = 65535
max xmit = 8192
dead time = 15
getwd cache = yes