Important
- Only tested on the following systems:
Ubuntu 24.04Debian Trixie
# Disable system-resolved ports
sudo sh -c 'mkdir -p /etc/systemd/resolved.conf.d && printf "[Resolve]\nDNSStubListener=no\n" | tee /etc/systemd/resolved.conf.d/no-stub.conf'
sudo sh -c 'rm -f /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
systemctl restart systemd-resolved# Install Packages
apt install \
samba winbind libpam-winbind libnss-winbind krb5-config samba-vfs-modules \
zfsutils-linux zfs-auto-snapshotSource: https://wiki.debian.org/ZFS
# Add Backports lists
codename=$(lsb_release -cs);echo "deb http://deb.debian.org/debian $codename-backports main contrib non-free"|tee -a /etc/apt/sources.list.d/debian-backports.list
apt update
# Install ZFS Package
apt install linux-headers-amd64
apt install -t stable-backports zfsutils-linux# Install Packages
apt install \
samba winbind libpam-winbind libnss-winbind krb5-config samba-vfs-modules \
zfs-auto-snapshotfdisk -lprintf "o\nn\np\n1\n\n\nw\n" | fdisk /dev/sdals -lha /dev/disk/by-id/
## as mirror with 2 disks
# zpool create files mirror /dev/disk/by-id/[ID1] /dev/disk/by-id/[ID2]
## as strip with 2 disks
# zpool create files /dev/disk/by-id/[ID1] /dev/disk/by-id/[ID2]
zpool create files /dev/disk/by-id/ata-VBOX_HARDDISK_VB398dd1e3-efbda4d6zfs create -o nbmand=on files/office
zfs create -o nbmand=on files/dev
zfs create -o nbmand=on files/prod
zfs create -o nbmand=on files/homeSource: https://www.kalinin.dev/posts/debian-smb-file-shares/
nano /etc/samba/smb.conf[global]
workgroup = testdom
password server = srv-dc.testdom.internal
realm = testdom.internal
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
nano /etc/nsswitch.confThe next step is to modify the name service config file (/etc/nsswitch.conf) to use winbind for authentication checking. The main things to change here are the lines for passwd, group, and shadow. These lines should say files winbind sss. Below is an example of what my configuration file looked like after the changes.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files winbind sss
group: files winbind sss
shadow: files winbind sss
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Source: https://www.kalinin.dev/posts/debian-smb-file-shares/
# Change IP, FQDN and Hostname to your use case
echo "192.168.0.21 srv-data.testdom.internal srv-data" >> /etc/hosts
echo "192.168.0.31 srv-dc.testdom.internal srv-dc" >> /etc/hosts
sed -i '/^127\.0\.1\.1\s\+/d' /etc/hostsnet ads join -U AdministratorIf see a dns update error, use the following command:
net ads join -U Administrator --no-dns-updatessystemctl restart winbind smbd nmbdbash -c "chmod -R 0770 /files/{office,dev,prod,home}"
bash -c "chgrp -R 'domain users' /files/{office,dev,prod,home}"
Source: https://blog.grufo.com/2022/12/01/zfs-snapshots-und-samba-shadow-copy/
rm /etc/cron*/zfs-auto-snapshotcat > /etc/cron.d/zfs-auto-snapshot <<EOF
*/5 * * * * root /usr/local/sbin/zfs-auto-snapshot -q -g -p zfsautosnap --label=frequent --keep=24 //
00 * * * * root /usr/local/sbin/zfs-auto-snapshot -q -g -p zfsautosnap --label=hourly --keep=24 //
00 4 * * * root /usr/local/sbin/zfs-auto-snapshot -q -g -p zfsautosnap --label=daily --keep=14 //
00 4 * * 0 root /usr/local/sbin/zfs-auto-snapshot -q -g -p zfsautosnap --label=weekly --keep=4 //
00 4 1 * * root /usr/local/sbin/zfs-auto-snapshot -q -g -p zfsautosnap --label=monthly --keep=18 //
EOFcp -a /usr/sbin/zfs-auto-snapshot /usr/local/sbin/zfs-auto-snapshot
sed -i "s/^opt_sep=.*$/opt_sep=''/g" /usr/local/sbin/zfs-auto-snapshot
sed -i 's/^DATE=.*$/DATE=$(date +%Y%m%d%H%M%S)/g' /usr/local/sbin/zfs-auto-snapshot
sed -i 's/^SNAPNAME=.*$/SNAPNAME="$opt_prefix${opt_label:+$opt_sep$opt_label}_$DATE"/g' /usr/local/sbin/zfs-auto-snapshotnano /etc/samba/smb.conf[global]
#...
vfs objects = shadow_copy2
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:format = _%Y%m%d%H%M%S
shadow:snapprefix = ^zfsautosnap\(daily\)\{0,1\}\(hourly\)\{0,1\}\(frequent\)\{0,1\}\(monthly\)\{0,1\}\(weekly\)\{0,1\}
shadow:delimiter = _
shadow:localtime = no
nano /etc/samba/smb.conf
Once the folder is created and permissions set, we just need to add an entry to /etc/samba/smb.conf so that it is shared. The config section to add will look like the following:
[prod]
comment = Produktion
path = /files/prod
valid users = "@TESTDOM\Domain Users"
force group = "domain users"
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
[home]
comment = Homeverzeichnis
path = /files/home/%U
valid users = "@TESTDOM\Domain Users"
force group = "domain users"
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
systemctl restart smbdcat > /usr/local/bin/re-set-umask-for-smb-shares <<EOF
#!/bin/bash
bash -c "chmod -R 0770 /files/{office,dev,prod,home}"
bash -c "chgrp -R 'domain users' /files/{office,dev,prod,home}"
EOF
chmod +x /usr/local/bin/re-set-umask-for-smb-sharescat > /etc/cron.d/re-set-umask-for-smb-shares <<EOF
@reboot root /usr/local/bin/re-set-umask-for-smb-shares
*/1 * * * * root /usr/local/bin/re-set-umask-for-smb-shares
EOFhttps://ubuntu.com/tutorials/setup-zfs-storage-pool#3-creating-a-zfs-pool
https://gist.github.com/meetnick/fb5587d25d4174d7adbc8a1ded642d3c
https://www.kalinin.dev/posts/debian-smb-file-shares/
https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_a_Universal_Log_Level
https://blog.grufo.com/2022/12/01/zfs-snapshots-und-samba-shadow-copy/
https://docs.oracle.com/cd/E19253-01/820-2313/gbiqe/index.html