Sharing Datasets with SMB & NFS4 simultaneously

, ,

Hi,

I am currently trying to set up sharing datasets (mainly user’s /home and /group folders) from our TrueNAS simultaneously to Nextcloud (working, via SMB) and to several Linux servers (not yet working, via NFS4).

The problem I run into is that user and group IDs differ between TrueNAS and the Linux servers. TrueNAS translates user and group IDs to 10000xxxxxx while SSSD on the Linux servers uses 8000xxxxx, regardless which settings I set for low/high ID range in SSSD’s config. TrueNAS is configured against our MS-AD with the default settings for low/high range and has the “SSSD Compat” option turned off.

From what I gathered, the “SSSD Compat” setting may be what would harmonize the ID enumeration on TrueNAS and the Linux servers. However, I am hesitant to just turn this setting on since I assume it will re-calculate user/group IDs on the TrueNAS and potentially break (I guess?) the working SMB mounts (or rather the ACLs on the underlying datasets) in Nextcloud (which is productively used).

Is my assumption correct that this setting will break current ACLs on the existing datasets?

Thanks in advance!

Any specific reason you’re not wanting to connect the Linux servers via SMB and simplify things?

The last time I tried SMB on Linux (granted, that was about 4-5 years ago) the performance and reliability was really bad, especially on /home dirs.

And there were quite a few issues with ACLs when the SMB-Shares were mounted on a Linux system and also on Windows PCs. I’m not sure these issues have gotten better in recent years?

I don’t see any performance difference in-fact if NFS is syncing writes and your system is not designed for that it can often be slower.

In my business all Linux servers/clients connect via SMB with only a few odd niche use cases where NFS is used.

Make sure permissions are controlled on the TrueNAS end and don’t mess around with them on your Linux server and you should be just fine.

I could try it on a few test datasets and check the performance. :thinking:

Would SMB require me to set the ACLs entirely/additionally on the SMB-share in TrueNAS or will it play nicely if ACLs are only configured on the datasets/filesystem-level?

No, just dataset ACLs are plenty. I tend to leave the share ACLs alone and work with the defaults using dataset ACLs to control access.

That actually sounds like a more stress-free alternative, then. And access-based enum would also be a welcome benefit of SMB, especially with group folders. I’ll check it out today!

1 Like