Operating System - OpenVMS
1748138 Members
3658 Online
108758 Solutions
New Discussion юеВ

Re: CIFS on OpenVMS IA64.

 
The Brit
Honored Contributor

Re: CIFS on OpenVMS IA64.

Hi Rob.

Just a small confusion, you have "workgroup = UK", but your example at the bottom looks like it joined Domain "UKVISTA".

Are "workgroup" and "domain" not equivalent??

Dave.
CJBe
Advisor

Re: CIFS on OpenVMS IA64.

Hello Rob,

I'm a young openVMS Admin and now taking my first steps in CIFS on OpenVMS. I looked up your configuration and found the entry

username map = ...

I also tried to use this entry but still having problems with it. I want to map an Domainuser to an existing OpenVMS-User with winbind. Could you tell me how Your entries in the "username.map" look like?

I tried something like:

OpenVMS-USER = Domainuser

Must the openVMS-User and the Domainuser use the same Password on openVMS and in the Domain?

Thanks

Chris
Shilpa K
Valued Contributor

Re: CIFS on OpenVMS IA64.

Hi Dave,

Could you please send me e-mail so that I can send you the document which might help you with CIFS file security and the uid/gid stuff?

my mail id (shilpa.krishnareddy@hp.com)

Regards,
Shilpa
Robert Atkinson
Respected Contributor

Re: CIFS on OpenVMS IA64.

Sorry to confuse Dave - the CONF file is from our Production network (UK), but the JOIN command was taken from a test network (UKVISTA).

You're correct that the two would normally be the same.

Rob.
Robert Atkinson
Respected Contributor

Re: CIFS on OpenVMS IA64.

Chris, the format for the USERNAME.MAP file is :-

VMSUSER=DOMAIN\USERNAME

i.e. ROBERT=UK\RATKINSON

If your security config is set to DOMAIN, then the authentication is done using the Windows username and password. If authentication is successful, then the SMB process is created using the persona of the VMS username.

There's something REALLY important in this, and is why we had so many problems with CIFS. Every time you do anything on a CIFS share, the CIFS server has to go off and authenticate against the Windows domain. Depending on how big your domain is, this can obviously take a certain amount of time.

If you have multiple processes polling every 5 seconds (as we do) then this load gets fairly heavy. You'll see the NMBD accounting stats get fairly high pretty quickly. This is how CIFS (SAMBA) works on all platforms, so isn't particular to VMS. In fact, the same problem gives us grief on an Equilogix SAN we're running CIFS from. CIFS doesn't cache authentication details, at least not on VMS, so that can't help us.

The good news is that if you map a Windows drive to the CIFS share, the SMB process is held in place permanently. Any processes running in that Windows security context (using the same username) will be able to access the share without re-authentication. Even if you access using a UNC instead of the drive letter, it still works.

The downside! Drives can only _normally_ be mapped by interactive users. However, we've developed a .Net system service that can do this for you at boot time, so if you have a Windows application that runs as a service, as long as you use the same username for both the DriveMapper and your own service, no more authentication problem.

Those of you who's used A/S and CIFS to the same directory will note the big difference in returning a directory listing, for instance. Most of that is down to the authentication happening in the background. Try the same test with a mapped drive and the two are very similar in speed, depending on how many files are in the directory.

Sorry for the long waffle, but it is a big 'gotcha'.

Rob.
Robert Atkinson
Respected Contributor

Re: CIFS on OpenVMS IA64.

Sorry, one more point. The .Net DriveMapper mentioned above will be made available to HP and CIFS users once we've finished testing it here.

If anyone else wants to help Beta test it, please get in touch.

Rob.
The Brit
Honored Contributor

Re: CIFS on OpenVMS IA64.

Mornin' Rob,
(Next basic Question)

Assume that I have successfully joined the domain, and I now want to map the drive to my desktop, If I just enter

\\
which vms location will it display, i.e. will it show

SAMBA$ROOT:[000000]
SAMBA$ROOT:[USERS]
SAMBA$ROOT:[TMP]

or some other.

If I put all of the user directories in SAMBA&ROOT:[USERS], how can I direct it to use this as the root folder. i.e. would the connection be to

\\\USERS

Should this path be included under the [homes] section ???

Dave.
The Brit
Honored Contributor

Re: CIFS on OpenVMS IA64.

(To continue)

Should I be worried by the fact that the "ADDSHARE" symbol gives,

$ addshare
%DCL-W-ACTIMAGE, error activating image SAMBA$ROOT:[BIN.IA64]SAMBA$ADDSHARE.EXE;
-CLI-E-IMAGEFNF, image file not found DSA400:[000000.SAMBA.][BIN.IA64]SAMBA$ADDSHARE.EXE;

Given this exe doesn't exist, what is the procedure for creating/modifying a share??

I cant find any instructions on this in the Administrator's Guide (which strikes me as a significant failing). I would have expected this to be the absolute minimum that an Administrator needs to know.

Dave
Robert Atkinson
Respected Contributor

Re: CIFS on OpenVMS IA64.

It won't show any of those folders - SAMBA doesn't share out it's directories by default.

If you include the 'Homes' directive, it will automatically offer a share with the same name as the Windows username that you're logging on with. That will be mapped to the SYS$LOGIN of the VMS username you're mapping onto.

Any other shares you want to offer need to go into SMB.CONF with a similar config to this :-

[TestArea]
comment = D2C Test Area
path = $1$DGA118:[NET.D2C]
valid users = UK\xxxxxxx, UK\yyyyyyy, UK\zzzzzzz
read only = No
vfs objects = varvfc
vms ods5 volume = No

These parameters will change quite a bit depending on the type of disk (ODS2/ODS5) and the type of data you're sharing out.

Rob.
Robert Atkinson
Respected Contributor

Re: CIFS on OpenVMS IA64.

Dave, it's definitely worth getting the SWAT service up and running, as this gives you a good overview of how SAMBA _could_ be set up. You might even prefer to use it as a permanent way of modifying your shares.

Not sure what extra benefit ADDSHARE gives, as I've never used it.

I tend to simply edit SMB.CONF, as any changes are dynamic once the SMB (user mapping) process is re-created.

Rob.