tuxera / ntfs-3g

NTFS-3G Safe Read/Write NTFS Driver
https://www.tuxera.com/company/open-source
GNU General Public License v2.0
994 stars 149 forks source link

Mounting takes a long time with big UserMapping file #65

Open b2ag opened 2 years ago

b2ag commented 2 years ago

Hi,

I try to get correct user mappings for a NTFS partition (inside VHDX backup) but so far failed. First I tried running the gauntlet with ntfsusermap but out of 5 folders I tested afterwarts only one had correct ownership. I love that this tool gives you no option to correct mistakes without running to the end. Then I tried to get the user mapping with LDAPsearch from our AD and had build a UserMapping with around 3300 entries. The mount command now hangs on me since 30 minutes. Don't know yet if it will succeed in the end. Also I'm pretty confused why I can't find a way to make NTFS-3G look up SIDs through Samba/Winbind which is configured and working fine on the workstation in question.

Issues

  1. I think I overwelmed the thing with my UserMapping which I consider a bug.
  2. NTFS-3G doesn't seem to cooperate at all with Samba. Winbind already has all the information which NTFS-3G needs for user mapping. What can I do about that?

Sorry for mixing up multiple problems here.

Br, Thomas

EDIT: Gave up waiting for mount because of fear of kernel mode memory corruptions.

unsound commented 2 years ago

Hi,

I think the UserMapping file issue is more immediately solvable, while Samba interoperability is a larger task requiring more information. Feel free to create a feature request issue for that one separately while we look into the issue with the large UserMapping file in this ticket.

jpandre commented 2 years ago

ntfsusermap was developed long ago as a way to quickly get user mappings in usual client situations. If you need 3300 entries, this must be a server configuration and ntfsusermap is definitely not the right tool. Also the processing of mappings in ntfs-3g is probably not suited for managing so many entries.

Would you please give some details about how Samba interferes with access to the ntfs files through ntfs-3g, and why you need both ways to access them ?

Generally I get better results by running "ntfssecaudit -u" on significant user files and manually merging the outputs with the help of "sort -u". You should begin this way for a few users to compare the views from ntfs-3g and from Samba. Only if satisfactory you could tackle a translation of Samba tables, and the possible performance issue which would ensue.

b2ag commented 1 year ago

More details: My goal is to migrate some shares from an old Windows server to a Samba server. Doing this with Microsoft tools like Robocopy failed due to my Samba server configuration not preserving everything 100% (Posix Draft ACLs on NFS share) and M$ copy tools failing instantly when conflicts happen.

It's quite a small server so I tried mounting a VHDX disk backup (disk2vhd on Windows and qemu-nbd for mouting in Linux) which enables me to work with Unix tools. Than I stumbled over the fact that UserMapping wasn't correct. In my simple understanding having Linux joined to the same Domain as the Windows server and having NSS+Samba configured to look up Domain User should have been enough. After I noticed that it is not enough I tried to dump the Domains User directory into the UserMapping file. The file has way more entries than needed but it's too hard for me to predict which ones will be needed so I dumped everything.

Those shares have quite a legacy. Probing ACLs on some sample files will not give a complete picture. I guess I have to risk breaking things with migrating servers and wait for people to complain.

Still it would be nice to warning future user if they try to have a UserMapping which is too big. Or to fix the performance issues :)