SMB
The Content Software for File implementation of the SMB protocol for shared Windows clients is described.
About SMB
SMB (Server Message Block) is a network file sharing protocol that allows remote systems to connect to shared file and print services. Content Software for File's implementation is based on the open-source Samba package and provides support for SMB versions 2 and 3.
The Content Software for File implementation of SMB makes storage services available to Windows and macOS clients. Content Software for File provides shared access from multiple clients, including multi-protocol access to the same files from SMB, NFS, and Content Software for File native filesystem drivers.
SMB implementation key features
Implementation of the SMB feature in the Content Software for File system is scalable, resilient, and distributed.
- Scalable: The Content Software for File system currently supports an SMB cluster of between 3 to 8 hosts. These hosts run the SMB gateway service, while the backend filesystem can be any Content Software for File filesystem. Therefore, it is practically unlimited in size and performance.
- Resilient: The Content Software for File system implementation of SMB provides clustered access to files in a Content Software for File file store, enabling multiple servers to work together. Consequently, if a server failure occurs, another server is available to take over operations, thereby ensuring failover support and high availability. Content Software for File standard resiliency against failures also protects the SMB filesystems.
- Distributed: A Content Software for File implementation is distributed over a cluster, where all nodes in the cluster handle all SMB filesystems concurrently. Therefore, performance supported by SMB can scale with more hardware resources, and high availability is ensured.
SMB user-mapping
The Content Software for File ssystem SMB supports authentication by a single Active Directory with multiple trusted domains. The POSIX users (uid) and groups (gid) mapping for the SMB access must be resolved by the Active Directory.
The Content Software for File system pulls users and groups information from the Active Directory automatically and supports two types of id-mapping from the Active Directory:
RFC2307whereuidNumberandgidNumbermust be defined in the AD user attributes.ridwhich creates local mapping with the AD users and groups.
Using rid mapping can ease the configuration, where user IDs are tracked automatically. All domain user accounts and groups are automatically available on the domain member, and no attributes need to be set for domain users and groups. On the other hand, if the rid AD range configuration changes, user mapping might change and result in wrong uids/gids resolution.
Active Directory attributes
The following are the Active Directory attributes relevant for users according to RFC2307:
| AD Attribute | Description |
| uidNumber | 0-4290000000 |
| gidNumber | 0-4290000000; must correlate with a real group. |
The following are the Active Directory attributes relevant for groups of users according to RFC2307:
| AD Attribute | Description |
| gidNumber | 0-4290000000 |
The range specified above is the default configuration for the Content Software for File system for the AD server IDs and can be changed. This is the main AD range (if additional trusted domains are defined).
To avoid ID overlapping and collisions, set the range or ranges (for multiple domains).
When joining multiple domains, it is required to set the ID range for each of them, and the ranges cannot overlap. There is also a (configurable) default mapping range for users not part of any domain.
For more information, see Active Directory attributes.
Configuring SMB
Refer to the CLI commands for setting up an SMB cluster over Content Software for File filesystems. See the the weka smb cluster command in the Hitachi Content Software for File Command Line Reference Guide.
Work flow
To configure the Content Software for File SMB support, you can use either the Content Software for File system GUI or CLI commands.
- Configure SMB cluster: Set the Content Software for File system hosts that participate in the SMB cluster.
- Join the SMB cluster in the Active Directory: Connect and define the Content Software for File system in the Active Directory.
- Create shares and their folders, and set permissions. By default, the filesystem permissions are
root/root/755and initially can only be set using a Content Software for File FS/NFS mount.
Establishing an SMB cluster
Before you begin
Each Content Software for File cluster only supports a single SMB cluster.
Verify that the DNS "nameserver" of the hosts participating in the SMB cluster is configured to the Active Directory server.
Each Content Software for File cluster only supports a single SMB cluster.
Procedure
Select the Content Software for File hosts participating in the SMB cluster and set the domain name.
In on-premises deployments, it is possible to configure a list of public IP addresses distributed across the SMB cluster. If a node fails, the IP addresses from that node are reassigned to another node.
Configuring the round-robin DNS server
To ensure that the various SMB clients will balance the load on the various Content Software for File hosts serving SMB, it is recommended to define a Round-robin DNS entry which will resolve to the list of floating IPs, ensuring that client loads will be equally distributed across all hosts.
Creating SMB shares
After establishing an SMB cluster, it is possible to declare SMB shares. Each share should have a name and a share path, specifically the path into the Content Software for File filesystem, which can be the root of the filesystem or a subdirectory. This is created in the shell using either a WekaFS mount or an NFS mount.
If the share uses the root, it is not necessary to create a root folder (it already exists). If the share is declared without providing a sub-directory, the WekaFS root will be used. If sub-folders have to be created (an operation that is performed manually), the permissions have to be adjusted accordingly.
Filesystem permissions and access rights
Once the SMB cluster is connected to the Active Directory, it can assign permissions and access rights of SMB cluster filesystems to specific users or user groups. This is performed according to POSIX permissions (Windows permissions are stored in the POSIX permissions system). Any change in the Windows permissions is adapted to the POSIX permissions.
uidNumber and gidNumber of zero (0).Integration with previous versions of Windows
Creating snapshots of the Content Software for File filesystem and naming the access point in the @GMT_%Y.%m.%d-%H.%M.%S format will expose those to the windows previous versions mechanism.
To view a list of available previous versions that correspond to the filesystem snapshots, right-click a file or a folder in the Content Software for File SMB share in the windows client, and select Properties -> Previous Versions.
$ weka fs snapshot create fs_name snapshot_name --access-point `TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S`
For more information, See Snapshots and Creating a snapshot.
SMB management using the GUI
SMB management is described that includes the setting up an SMB cluster over Content Software for File filesystems and managing the cluster itself using the GUI.
Configuring an SMB cluster using the GUI
From the menu, select Manage > Protocols.
From the Protocols pane, select SMB.
On the SMB tab, select Configure.
In the SMB Cluster Configuration dialog, set the following properties:
- Name: A NetBIOS name for the SMB cluster.
- Domain: The domain which the SMB cluster is to join.
- Domain NetBIOS Name: (Optional) The domain NetBIOS name.
- Hosts: List of 3-8 Content Software for File system hosts to participate in the SMB cluster, based on the host IDs in Content Software for File.
- IPs: (Optional) List of public IPs (comma-separated) used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA (do not assign these IPs to any host on the network). For IP range, use the following format: a.b.c.x-y.
Note In AWS installations, it is not possible to set a list of SMB service addresses. The SMB service must be accessed using the primary addresses of the cluster nodes.Select Save.
Once the system completes the configuration process, the host statuses change from not ready (red X icon) to ready (green V icon), as shown in the following example:
Joining the SMB cluster to an Active Directory using the GUI
Before you begin
To enable the organizational Active Directory to resolve the access of users and user groups to the SMB cluster, join the SMB cluster in the Active Directory (AD).
To enable the Content Software for File storage nodes to join the AD domain, verify that the AD server is the DNS server.
Procedure
To join the SMB cluster to an Active Directory, click the Join button when all hosts have been prepared and are ready. The following window will be displayed:
In the Join to Active Directory dialog, set the following properties:
- Username and Password: A username and password of an account that has access privileges to the Active Directory. Content Software for File does not save the user password. A computer account is created on behalf of the user for the SMB cluster.
- Server: (Optional) Content Software for File identifies the AD server automatically based on the AD name. You do not need to set the server name. In some cases, if required, specify the AD server.
- Computers Org. Unit: The default organization unit is the Computers directory. You can define any other directory to connect to in Active Directory, such as SMB servers or Corporate computers.
Once the SMB cluster joins in the Active Directory, the join status next to the domain changes to Joined.NoteTo join a different Active Directory to the existing SMB cluster configuration, select Leave. To confirm the action, enter the username and password used to connect to the Active Directory.
Deleting an SMB cluster using the GUI
Before you begin
Procedure
In the SMB Cluster Configuration, select the trash icon.
In the SMB Configuration Reset message, select Reset.
Displaying the SMB shares list using the GUI
From the menu, select Manage > Protocols.
From the Protocols pane, select SMB.
Select the Shares tab. You can filter the list using any column in the table.
Adding an SMB share using the GUI
In the Shares tab, select +Create.
In the Add SMB Share dialog, set the following properties:
- Name: A meaningful name for the SMB share.
- Description: A description of the SMB share.
- Filesystem: The filesystem to use for the SMB share. Select one from the list. A filesystem set with required authentication cannot be used for SMB share.
- Path: A valid internal path, relative to the root, within the filesystem to expose for the SMB share.
- Files/Directories POSIX Mode Mask: Set the new default file and directory permissions in a numeric (octal) format created through the share.
- ACLs Enabled: Determines whether to enable the Windows Access-Control Lists (ACLs) on the share. Weka translates the ACLs to POSIX.
Select Save.
Removing an SMB share using the GUI
In the Shares tab, select the three dots of the share and select Remove.
In the confirmation message that appears, select Confirm. The removed share no longer appears in the SMB Shares list.