From 5df91686a4568fcd9374aec29bc86879b1407df6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Feb 2024 13:54:20 +0100 Subject: [PATCH 1/7] ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script We can easily monitor if the service is running at all, that better than no monitoring at all... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit ff8f778e39af563d97b1d38f89368a3c148532f2) --- ctdb/config/events/legacy/48.netbios.script | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ctdb/config/events/legacy/48.netbios.script b/ctdb/config/events/legacy/48.netbios.script index 43204476d6b2..1531e4919dee 100755 --- a/ctdb/config/events/legacy/48.netbios.script +++ b/ctdb/config/events/legacy/48.netbios.script @@ -48,6 +48,13 @@ service_stop () service "$CTDB_SERVICE_NMB" stop } +service_status () +{ + service "$CTDB_SERVICE_NMB" status > /dev/null + test $? = 0 && return 0 + service "$CTDB_SERVICE_NMB" status +} + ########################### case "$1" in @@ -59,6 +66,10 @@ shutdown) service_stop ;; +monitor) + service_status + ;; + esac exit 0 -- 2.34.1 From eafb2593175061eb70f29135c406887154c07712 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Feb 2024 13:54:20 +0100 Subject: [PATCH 2/7] ctdb/events: add 47.samba-dcerpcd.script If someone wants to enable the witness service samba-dcerpcd needs to be started as standalone service BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit f1f68108cc303b92b8a88728d12c2b699fdfc731) --- .../events/legacy/47.samba-dcerpcd.script | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100755 ctdb/config/events/legacy/47.samba-dcerpcd.script diff --git a/ctdb/config/events/legacy/47.samba-dcerpcd.script b/ctdb/config/events/legacy/47.samba-dcerpcd.script new file mode 100755 index 000000000000..9492d553a621 --- /dev/null +++ b/ctdb/config/events/legacy/47.samba-dcerpcd.script @@ -0,0 +1,66 @@ +#!/bin/sh +# ctdb event script for SAMBA DCERPCD Services + +[ -n "$CTDB_BASE" ] || \ + CTDB_BASE=$(d=$(dirname "$0") && cd -P "$d" && dirname "$PWD") + +. "${CTDB_BASE}/functions" + +detect_init_style + +case $CTDB_INIT_STYLE in + *) + # distributions don't have this yet, + # but assume samba-dcerpcd as service name + CTDB_SERVICE_SAMBA_DCERPCD=${CTDB_SERVICE_SAMBA_DCERPCD:-samba-dcerpcd} + ;; +esac + +load_script_options + +service_start () +{ + # make sure samba-dcerpcd is not already started + service "$CTDB_SERVICE_SAMBA_DCERPCD" stop > /dev/null 2>&1 + killall -0 -q samba-dcerpcd && { + sleep 1 + # make absolutely sure samba-dcerpcd is dead + killall -q -9 samba-dcerpcd + } + + # start Samba dcerpcd service. Start it reniced, as under very heavy load + # the number of smbd processes will mean that it leaves few cycles + # for anything else + nice_service "$CTDB_SERVICE_SAMBA_DCERPCD" start || die "Failed to start samba-dcerpcd" +} + +service_stop () +{ + service "$CTDB_SERVICE_SAMBA_DCERPCD" stop +} + +service_status () +{ + service "$CTDB_SERVICE_SAMBA_DCERPCD" status > /dev/null + test $? = 0 && return 0 + service "$CTDB_SERVICE_SAMBA_DCERPCD" status +} + +########################### + +case "$1" in +startup) + service_start + ;; + +shutdown) + service_stop + ;; + +monitor) + service_status + ;; + +esac + +exit 0 -- 2.34.1 From 6ce6ee232f35906140ad71f65882a5a20225384f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Feb 2024 15:07:42 +0100 Subject: [PATCH 3/7] s3:utils: fix help string for 'net witness force-response' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 7a23429ed6a04bb14509758492bfaee5db6dbd0d) --- source3/utils/net_witness.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/utils/net_witness.c b/source3/utils/net_witness.c index bfa433b40f19..accff5b36e75 100644 --- a/source3/utils/net_witness.c +++ b/source3/utils/net_witness.c @@ -2350,7 +2350,7 @@ int net_witness(struct net_context *c, int argc, const char **argv) NET_TRANSPORT_LOCAL, N_("Force an AsyncNotify response based on " "json input (mostly for testing)"), - N_("net witness force-reponse\n" + N_("net witness force-response\n" " Force an AsyncNotify response based on " "json input (mostly for testing)"), }, -- 2.34.1 From f606b50b64467bb1f957cc37d5479102a77bbe49 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Feb 2024 14:25:05 +0100 Subject: [PATCH 4/7] docs-xml: add details for 'net witness' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 1d0938d6fe46c06432ae5fda9e7491b908a9ac56) --- docs-xml/manpages/net.8.xml | 567 ++++++++++++++++++++++++++++++++++++ 1 file changed, 567 insertions(+) diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index 4ff99e238a27..c284cc25b49f 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -61,6 +61,16 @@ -t|--timeout seconds --dns-ttl TTL-IN-SECONDS -i|--stdin + --witness-registration=REGISTRATION_UUID + --witness-net-name=REGEX + --witness-share-name=REGEX + --witness-ip-address=REGEX + --witness-client-computer-name=REGEX + --witness-apply-to-all + --witness-new-node=NODEID + --witness-new-ip=IPADDRESS + --witness-forced-response=JSON + @@ -402,6 +412,86 @@ + + + + --witness-registration=REGISTRATION_UUID + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + + + --witness-net-name=REGEX + + This specifies the 'server name' the client + registered for monitoring. + + + + + --witness-share-name=REGEX + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + + + --witness-ip-address=REGEX + + This specifies the ip address the client + registered for monitoring. + + + + + --witness-client-computer-name=REGEX + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + + + --witness-apply-to-all + + This selects all registrations. + + + + + --witness-new-node=NODEID + + By specifying a NODEID all ip addresses + currently available on the given node are + included in the response. + By specifying '-1' as NODEID all ip addresses + of the cluster are included in the response. + + + + + --witness-new-ip=IPADDRESS + + By specifying an IPADDRESS only the specified + ip address is included in the response. + + + + + --witness-forced-response=JSON + + This allows the generation of very complex + witness_notifyResponse structures. + + + &cmdline.common.samba.client; &cmdline.common.connection; &cmdline.common.credentials; @@ -3096,6 +3186,483 @@ Requests an offline domain join by providing file-based provisioning data. This + +WITNESS + +Starting with version 4.20 Samba has support for the SMB Witness service in a cluster. + + +The following witness commands are implemented: + + +net witness list List witness registrations from rpcd_witness_registration.tdb. + + +net witness client-move Generate client move notifications for witness registrations to a new ip or node. + + +net witness share-move Generate share move notifications for witness registrations to a new ip or node. + + +net witness force-unregister Force unregistrations for witness registrations. + + +net witness force-response Force an AsyncNotify response based on json input (mostly for testing). + + + + + + +WITNESS LIST + + List witness registrations from rpcd_witness_registration.tdb + + + Note: Only supported with clustering=yes! + + + Machine readable output can be generated with the following option: + + + --json + + + The selection of registrations can be limited by the following options: + + + --witness-registration=REGISTRATION_UUID + + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + The following options all take a POSIX Extended Regular Expression, + which can further filter the selection of registrations. + These options are applied as logical AND, but each REGEX + allows specifying multiple strings using the pipe symbol. + + + --witness-net-name=REGEX + + + This specifies the 'server name' the client + registered for monitoring. + + + --witness-share-name=REGEX + + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + --witness-ip-address=REGEX + + + This specifies the ip address the client + registered for monitoring. + + + --witness-client-computer-name=REGEX + + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + + + +WITNESS CLIENT-MOVE + + Generate client move notifications for witness registrations to a new ip or node + + + Note: Only supported with clustering=yes! + + + Machine readable output can be generated with the following option: + + + --json + + + The selection of registrations can be limited by the following options: + + + --witness-registration=REGISTRATION_UUID + + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + The following options all take a POSIX Extended Regular Expression, + which can further filter the selection of registrations. + These options are applied as logical AND, but each REGEX + allows specifying multiple strings using the pipe symbol. + + + --witness-net-name=REGEX + + + This specifies the 'server name' the client + registered for monitoring. + + + --witness-share-name=REGEX + + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + --witness-ip-address=REGEX + + + This specifies the ip address the client + registered for monitoring. + + + --witness-client-computer-name=REGEX + + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + If the update should be applied to all registrations + it needs to be explicitly specified: + + + --witness-apply-to-all + + + This selects all registrations. + Note: This is mutual exclusive to the above options. + + + The content of the CLIENT_MOVE notification contains ip addresses + specified by (exactly one) of the following options: + + + --witness-new-node=NODEID + + + By specifying a NODEID all ip addresses + currently available on the given node are + included in the response. + By specifying '-1' as NODEID all ip addresses + of the cluster are included in the response. + + + --witness-new-ip=IPADDRESS + + + By specifying an IPADDRESS only the specified + ip address is included in the response. + + + + + +WITNESS SHARE-MOVE + + Generate share move notifications for witness registrations to a new ip or node + + + Note: Only supported with clustering=yes! + + + Machine readable output can be generated with the following option: + + + --json + + + The selection of registrations can be limited by the following options: + + + --witness-registration=REGISTRATION_UUID + + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + The following options all take a POSIX Extended Regular Expression, + which can further filter the selection of registrations. + These options are applied as logical AND, but each REGEX + allows specifying multiple strings using the pipe symbol. + + + --witness-net-name=REGEX + + + This specifies the 'server name' the client + registered for monitoring. + + + --witness-share-name=REGEX + + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + --witness-ip-address=REGEX + + + This specifies the ip address the client + registered for monitoring. + + + --witness-client-computer-name=REGEX + + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + If the update should be applied to all registrations + it needs to be explicitly specified: + + + --witness-apply-to-all + + + This selects all registrations. + Note: This is mutual exclusive to the above options. + + + Note: This only applies to registrations with a non empty share name! + + + The content of the SHARE_MOVE notification contains ip addresses + specified by (exactly one) of the following options: + + + --witness-new-node=NODEID + + + By specifying a NODEID all ip addresses + currently available on the given node are + included in the response. + By specifying '-1' as NODEID all ip addresses + of the cluster are included in the response. + + + --witness-new-ip=IPADDRESS + + + By specifying an IPADDRESS only the specified + ip address is included in the response. + + + + + +WITNESS FORCE-UNREGISTER + + Force unregistrations for witness registrations + + + Note: Only supported with clustering=yes! + + + Machine readable output can be generated with the following option: + + + --json + + + The selection of registrations can be limited by the following options: + + + --witness-registration=REGISTRATION_UUID + + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + The following options all take a POSIX Extended Regular Expression, + which can further filter the selection of registrations. + These options are applied as logical AND, but each REGEX + allows specifying multiple strings using the pipe symbol. + + + --witness-net-name=REGEX + + + This specifies the 'server name' the client + registered for monitoring. + + + --witness-share-name=REGEX + + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + --witness-ip-address=REGEX + + + This specifies the ip address the client + registered for monitoring. + + + --witness-client-computer-name=REGEX + + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + If the update should be applied to all registrations + it needs to be explicitly specified: + + + --witness-apply-to-all + + + This selects all registrations. + Note: This is mutual exclusive to the above options. + + + The selected registrations are removed on the server and + any pending AsyncNotify request will get a NOT_FOUND error. + + + Typically this triggers a clean re-registration on the client. + + + + + +WITNESS FORCE-RESPONSE + + Force an AsyncNotify response based on json input (mostly for testing) + + + Note: Only supported with clustering=yes! + + + Machine readable output can be generated with the following option: + + + --json + + + The selection of registrations can be limited by the following options: + + + --witness-registration=REGISTRATION_UUID + + + This does a direct lookup for REGISTRATION_UUID + instead of doing a database traversal. + + + The following options all take a POSIX Extended Regular Expression, + which can further filter the selection of registrations. + These options are applied as logical AND, but each REGEX + allows specifying multiple strings using the pipe symbol. + + + --witness-net-name=REGEX + + + This specifies the 'server name' the client + registered for monitoring. + + + --witness-share-name=REGEX + + + This specifies the 'share name' the client + registered for monitoring. + Note that the share name is optional in the + registration, otherwise an empty string is + matched. + + + --witness-ip-address=REGEX + + + This specifies the ip address the client + registered for monitoring. + + + --witness-client-computer-name=REGEX + + + This specifies the client computer name the client + specified in the registration. + Note it is just a string chosen by the client itself. + + + If the update should be applied to all registrations + it needs to be explicitly specified: + + + --witness-apply-to-all + + + This selects all registrations. + Note: This is mutual exclusive to the above options. + + + Note this is designed for testing and debugging! + + + In short it is not designed to be used by administrators, + but developers and automated tests. + + + By default an empty response with WERR_OK is generated, + but basically any valid response can be specified by a + specifying a JSON string: + + + --witness-forced-response=JSON + + + This allows the generation of very complex + witness_notifyResponse structures. + + + As this is for developers, please read the code + in order to understand all possible values + of the JSON string format... + + + See 'net help witness force-response' for further details. + + + + + + HELP [COMMAND] -- 2.34.1 From 5f1e360a4035e4b7391b9c76c6a19227c369021a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Feb 2024 15:15:28 +0100 Subject: [PATCH 5/7] smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run rpcd_witness needs ncacn_ip_tcp support and that's only available if samba-dcerpcd is not started on demand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit d8bfdaaaa737032c6a8623512fcb2cd01850628a) --- source3/smbd/smb2_tcon.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index fca35e36ce5c..8855202d7fd7 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -428,6 +428,8 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, if (*out_share_type == SMB2_SHARE_TYPE_DISK) { bool persistent = false; /* persistent handles not implemented yet */ bool cluster = lp_clustering(); + bool scaleout = cluster; + bool witness = cluster && !lp_rpc_start_on_demand_helpers(); bool asymmetric = false; /* shares are symmetric by default */ bool announce; @@ -461,7 +463,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, announce = lp_parm_bool(SNUM(tcon->compat), "smb3 share cap", "SCALE OUT", - cluster); + scaleout); if (announce) { *out_capabilities |= SMB2_SHARE_CAP_SCALEOUT; } @@ -472,7 +474,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, announce = lp_parm_bool(SNUM(tcon->compat), "smb3 share cap", "CLUSTER", - cluster); + witness); if (announce) { *out_capabilities |= SMB2_SHARE_CAP_CLUSTER; } -- 2.34.1 From f35bd74a80153cd275d554d535d8af22de241a46 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Feb 2024 15:31:10 +0100 Subject: [PATCH 6/7] smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 32b84c5bce00c4f91191596dc00d9824e82e0f24) --- source3/smbd/smb2_tcon.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index 8855202d7fd7..b228036510aa 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -425,7 +425,9 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, * For disk shares we can change the client * behavior on a cluster... */ - if (*out_share_type == SMB2_SHARE_TYPE_DISK) { + if (conn->protocol >= PROTOCOL_SMB3_00 && + *out_share_type == SMB2_SHARE_TYPE_DISK) + { bool persistent = false; /* persistent handles not implemented yet */ bool cluster = lp_clustering(); bool scaleout = cluster; @@ -486,10 +488,12 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, * an isolated transport and witness registration for the * specific share. */ - announce = lp_parm_bool(SNUM(tcon->compat), - "smb3 share cap", - "ASYMMETRIC", - asymmetric); + if (conn->protocol >= PROTOCOL_SMB3_02) { + announce = lp_parm_bool(SNUM(tcon->compat), + "smb3 share cap", + "ASYMMETRIC", + asymmetric); + } if (announce) { *out_capabilities |= SMB2_SHARE_CAP_ASYMMETRIC; } -- 2.34.1 From ab775f21d20a31fe9d997c6c884a4794fbe74470 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Feb 2024 15:43:39 +0100 Subject: [PATCH 7/7] docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224 (cherry picked from commit 7a674ee9ffeca047ceed7ac046db1b168d4025a6) --- .../smbdotconf/protocol/smb3sharecaps.xml | 202 ++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 docs-xml/smbdotconf/protocol/smb3sharecaps.xml diff --git a/docs-xml/smbdotconf/protocol/smb3sharecaps.xml b/docs-xml/smbdotconf/protocol/smb3sharecaps.xml new file mode 100644 index 000000000000..add89f1644a9 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb3sharecaps.xml @@ -0,0 +1,202 @@ + + + + The SMB3 protocol introduced the SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY + flag. It means clients can have different expectations from the + server (or cluster of servers). + + + + Note: this option only applies to disk shares. + + + In a ctdb cluster shares are continuously available, + but windows clients mix this with the global persistent + handles support. + + + Persistent handles are requested if + SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY is present + even without SMB2_CAP_PERSISTENT_HANDLES. + + + And SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY is + required for SMB2_SHARE_CAP_CLUSTER to have + an effect. + + + So we better don't announce this by default + until we support persistent handles. + + + The option + can be used to force the announcement of SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY. + + + + Warning: only use this if you know what you are doing! + + + + smb3 share cap:CONTINUOUS AVAILABILITY = yes + + +smb3 share cap:CLUSTER + + + + + + The SMB3 protocol introduced the SMB2_SHARE_CAP_SCALEOUT + flag. It means clients can have different expectations from + cluster of multiple servers and alters the retry/reconnect + behavior. + + + + Note: this option only applies to disk shares. + + + In a ctdb cluster we have multiple active nodes, + so we announce SMB2_SHARE_CAP_SCALEOUT in a cluster. + + + The option + can be used to disable the announcement of SMB2_SHARE_CAP_SCALEOUT, + even if is yes. + + + + clustering = yes + smb3 share cap: SCALE OUT = no + + +clustering + + + + + + The SMB3 protocol introduced the SMB2_SHARE_CAP_CLUSTER + flag. It means clients can expect that all cluster nodes + provide a witness service in order to use the [MS-SWN] + protocol to monitor the server cluster. + + + + Note: this option only applies to disk shares. + + + rpcd_witness is only active if + samba-dcerpcd8 + is not started as on demand helper and only in a ctdb cluster. + + + So we announce SMB2_SHARE_CAP_CLUSTER only if + is yes and + is no. + + + The option + can be used to control the announcement of SMB2_SHARE_CAP_CLUSTER + independent of + and + . + + + Example to disable the announcement of SMB2_SHARE_CAP_CLUSTER: + + + clustering = yes + rpc start on demand helpers = no + smb3 share cap: CLUSTER = no + + + Example to force the announcement of SMB2_SHARE_CAP_CLUSTER: + + + smb3 share cap: CLUSTER = yes + + + Example to let Windows clients use the witness service, + see option + and USE AT YOUR OWN RISK!: + + + + clustering = yes + rpc start on demand helpers = no + # This is the default with the above: + # smb3 share cap: CLUSTER = yes + # + # Use at you own risk! + smb3 share cap: CONTINUOUS AVAILABILITY = yes + + +clustering +rpc start on demand helpers +smb3 share cap:CONTINUOUS AVAILABILITY +smb3 share cap:ASYMMETRIC + + + + + + The SMB3_02 protocol introduced the SMB2_SHARE_CAP_ASYMMETRIC + flag. It means clients alters its behavior and uses + isolated transport connections and witness registrations for + the share. It means a client may connect to different + cluster nodes for individual shares and + net witness share-move can be used + to control the node usage. + + + + Note: this option only applies to disk shares. + + + Shares in a ctdb cluster are symmetric by design, + so we don't announce SMB2_SHARE_CAP_ASYMMETRIC by default. + + + The option + can be used to force the announcement of SMB2_SHARE_CAP_ASYMMETRIC. + + + Example to force the announcement of SMB2_SHARE_CAP_ASYMMETRIC: + + + + smb3 share cap: ASYMMETRIC = yes + + + Example to let Windows clients use the witness service, + see option + and USE AT YOUR OWN RISK!: + + + + clustering = yes + rpc start on demand helpers = no + # This is the default with the above: + # smb3 share cap: CLUSTER = yes + # + # Use at you own risk! + smb3 share cap: CONTINUOUS AVAILABILITY = yes + smb3 share cap: ASYMMETRIC = yes + + +smb3 share cap:CLUSTER + -- 2.34.1