[gpfsug-discuss] Supported samba options
Christof Schmitt
christof.schmitt at us.ibm.com
Fri Sep 16 17:16:23 BST 2022
On Fri, 2022-09-16 at 10:02 +0000, Paul Ward wrote:
> But we are already using 'hosts deny', 'hosts allow' and 'valid
> users' which appear to have been implemented.
> Is there a document showing what is implemented, rather than just
> supported.
Samba has a vast list of config options, that can be seen in the
smb.conf manpage (man smb.conf). Testing all possible combinations for
Scale is not feasible, and some features also do not interact well with
the clustered SMB server usecase on the CES nodes. So for Scale the
answer is: Only the SMB options exposed through mmsmb and the GUI are
tested and supported.
You can try others, but do not expect support. The official way to get
more options supported (through mmsmb) is to request this through an
RFE.
> If there are supported commands, that replace the three I have
> mentioned (and force user/ force group) please let me know.
"force user" and "force group" have been added in 5.1.3:
https://www.ibm.com/docs/en/spectrum-scale/5.1.3?topic=reference-mmsmb-command
https://www.ibm.com/docs/en/spectrum-scale/5.1.3?topic=summary-changes
> We have shares where we want to restrict access to one of more
> servers, no password required.
> And shares where we want to restrict access to multiple AD users,
> currently not specified in AD groups, although that is an option.
Restricting access to a SMB share can be done with SMB share ACLs. That
is essentially a second layer of ACLs, specific to SMB:
https://www.ibm.com/docs/en/spectrum-scale/5.1.3?topic=shares-creating-smb-share-acls
Regards,
Christof
More information about the gpfsug-discuss
mailing list