Ok so how can I setup the SAMBA AD on the ZFS? I ma using this tutorial guide to do what I need it to do. Now, I do have the samba service being installed o a UFS formatted ZFS Volume. I know that without that, it won't work right. On Mon, Jul 3, 2017 at 12:52 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 3 Jul 2017 12:23:24 -0400 > phillip mobley via samba <samba at lists.samba.org> wrote: > > > Hello all, > > > > I am looking to setup a Samba AD on my NAS. I am currently using the > > latest version of NAS4Free which has Samba bundled into it already. > > > > However, I am getting a very nasty error when I go in to setup the > > samba service: > > > > Initializing... > > Looking up IPv4 addresses > > Looking up IPv6 addresses > > No IPv6 address will be assigned > > Setting up share.ldb > > Setting up secrets.ldb > > Setting up the registry > > Setting up the privileges database > > Setting up idmap db > > Setting up SAM db > > Setting up sam.ldb partitions and settings > > Setting up sam.ldb rootDSE > > Pre-loading the Samba 4 and AD schema > > Adding DomainDN: DC=testdomain,DC=local > > Adding configuration container > > Setting up sam.ldb schema > > Setting up sam.ldb configuration data > > Setting up display specifiers > > Modifying display specifiers > > Adding users container > > Modifying users container > > Adding computers container > > Modifying computers container > > Setting up sam.ldb data > > Setting up well known security principals > > Setting up sam.ldb users and groups > > Setting up self join > > set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. > > ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected > > information received') > > File > > "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", > > line 176, in _run return self.run(*args, **kwargs) > > File > > "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line > > 471, in run nosync=ldap_backend_nosync, > > ldap_dryrun_mode=ldap_dryrun_mode) File > > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", > > line 2175, in provision skip_sysvolacl=skip_sysvolacl) > > File > > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", > > line 1806, in provision_fill names.domaindn, lp, use_ntvfs) > > File > > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", > > line 1593, in setsysvolacl service=SYSVOL_SERVICE) > > File "/usr/local/lib/python2.7/site-packages/samba/ntacls.py", line > > 162, in setntacl > > smbd.set_nt_acl(file, security.SECINFO_OWNER | > > security.SECINFO_GROUP | security.SECINFO_DACL | > > security.SECINFO_SACL, sd, service=service) > > > > > > I don't think you have identified the problem correctly. > > NAS4Free == Freebsd == ZFS > > ZFS == NFSv4 ACLs > > NFSv4 ACLs != Samba AD DC > > Sorry, but a Samba AD DC expects acl_xattr > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Mon, 3 Jul 2017 15:23:01 -0400 phillip mobley <phillipmobley2 at gmail.com> wrote:> Ok so how can I setup the SAMBA AD on the ZFS? I ma using this > tutorial guide to do what I need it to do. Now, I do have the samba > service being installed o a UFS formatted ZFS Volume. I know that > without that, it won't work right. >I don't think you can at present, I tried to set up a Samba AD DC on freebsd and failed for precisely the same reason as yours, NFSv4 ACLs. These do not work with a Samba AD DC. It used to be possible to use the deprecated ntvfs server, but this is no longer built by default. If your filesystem can use acls and passes the tests here: https://wiki.samba.org/index.php/File_System_Support#Testing_your_filesystem then it should provision as a DC, but as I said, unless things have changed, you will not be able to provision a DC on Freebsd or distros based on it. Rowland
On Wed, 5 Jul 2017 14:12:12 -0400 phillip mobley <phillipmobley2 at gmail.com> wrote:> So what is the best option right now to create a samba active > directory? Should I install a virtual box with ubuntu on it and then > install the samba service? >If you want use the latest 4.6 packages, then use the packages from here: http://apt.van-belle.nl/ These will work on Debian or Devuan (systemd or no systemd). If you use Ubuntu, you will not get a recent version of Samba. Rowland
On Wed, 5 Jul 2017 15:09:58 -0400 phillip mobley <phillipmobley2 at gmail.com> wrote:> I take it that I should install a virtual machine or will these work > with a UFS formatted ZVOL? >I would use a virtual machine with an ext4 filesystem. Rowland
I believe that iXsystems recently patched Samba 4.6 in FreeNAS so that it can act as an AD DC. https://bugs.freenas.org/issues/23566 As is mentioned here: https://lists.samba.org/archive/samba/2017-June/209021.html I imagine that maybe a fix for vanilla FreeBSD is coming soon. As things stand, if you want to use FreeBSD as an AD DC on ZFS, I believe that FreeNAS is the only option. On Mon, Jul 3, 2017 at 2:39 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 3 Jul 2017 15:23:01 -0400 > phillip mobley <phillipmobley2 at gmail.com> wrote: > > > Ok so how can I setup the SAMBA AD on the ZFS? I ma using this > > tutorial guide to do what I need it to do. Now, I do have the samba > > service being installed o a UFS formatted ZFS Volume. I know that > > without that, it won't work right. > > > > I don't think you can at present, I tried to set up a Samba AD DC on > freebsd and failed for precisely the same reason as yours, NFSv4 ACLs. > These do not work with a Samba AD DC. It used to be possible to use the > deprecated ntvfs server, but this is no longer built by default. > > If your filesystem can use acls and passes the tests here: > > https://wiki.samba.org/index.php/File_System_Support# > Testing_your_filesystem > > then it should provision as a DC, but as I said, unless things have > changed, you will not be able to provision a DC on Freebsd or distros > based on it. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >