Hi all, I am in the process of finding the best way to use Samba4 as an AD under FreeBSD and ZFS. The following is based on own research, google, mail archives, a bit of source code etc. So please correct me if I am wrong. 1. ZFS is using NFSv4 ACLs. 2. NFSv4 ACLs are modelled with NTFS (Windows) ACLs in mind. 3. Samba4 started with a new ntvfs file server but that was abandoned (or delayed?) to get samba4 released 4. Samba4 was released with s3fs as a default (the "old" Samba3 smbd) 5. s3fs is relying on POSIX ACLs which are not implemented on ZFS 6. There is a libsunacl library, a wrapper around FreeBSD ZFS NFSv4 ACLs I can install an experimental module but cannot provision AD with s3fs. 7. The provisioning with ntvfs seems to work For me, there are two uncertainties: a) Will be ntvfs supported in the future? Or will it be the default later? b) Will s3fs gain support for NFSv4 ACLs? If a) is the case, I am happy to proceed with using ntvfs. If b) is the case, I may try to use ZFS on volume management level (for samba4 jails only, I am running other "stuff" on the FreeBSD boxes with ZFS). I may create ZFS volumes and create UFS volumes, with POSIX support. Later I may revert them to ZFS, if s3fs provides ZFS NFSv4 ACL support. The other option would be to run it with ntvfs for now, switching to s3fs when it is "ZFS ready". I do not know who has any plans in any directions. Of course, "Solaris people" (Oracle, illumos) may have interests and plans in this area too. I am happy to become a FreeBSD beta tester for any kind of FreeBSD ZFS support. But I am afraid I am not good enough to code it myself. I am a sysadmin who reads C code frequently, it does not make me a good coder.. Can you give any hints or advice? Thank you Peter
On Thu, 2013-09-26 at 14:55 +1000, Petros wrote:> Hi all, > I am in the process of finding the best way to use Samba4 as an AD > under FreeBSD and ZFS. > > The following is based on own research, google, mail archives, a bit > of source code etc. So please correct me if I am wrong. > > 1. ZFS is using NFSv4 ACLs. > 2. NFSv4 ACLs are modelled with NTFS (Windows) ACLs in mind. > 3. Samba4 started with a new ntvfs file server but that was abandoned > (or delayed?) to get samba4 released > 4. Samba4 was released with s3fs as a default (the "old" Samba3 smbd) > 5. s3fs is relying on POSIX ACLs which are not implemented on ZFS > 6. There is a libsunacl library, a wrapper around FreeBSD ZFS NFSv4 ACLs > I can install an experimental module but cannot provision AD with s3fs. > 7. The provisioning with ntvfs seems to work > > For me, there are two uncertainties: > a) Will be ntvfs supported in the future? Or will it be the default later?No, and No. We support the ntvfs file server with the existing functionality, but are not developing it. Essentially we are keeping it as a technology demonstration, as well not breaking any existing users.> b) Will s3fs gain support for NFSv4 ACLs?smbd has NFSv4 ACLs> If a) is the case, I am happy to proceed with using ntvfs. > > If b) is the case, I may try to use ZFS on volume management level > (for samba4 jails only, I am running other "stuff" on the FreeBSD > boxes with ZFS). > > I may create ZFS volumes and create UFS volumes, with POSIX support. > > Later I may revert them to ZFS, if s3fs provides ZFS NFSv4 ACL support. > > The other option would be to run it with ntvfs for now, switching to > s3fs when it is "ZFS ready". > > I do not know who has any plans in any directions. Of course, "Solaris > people" (Oracle, illumos) may have interests and plans in this area too. > > I am happy to become a FreeBSD beta tester for any kind of FreeBSD ZFS > support. But I am afraid I am not good enough to code it myself. I am > a sysadmin who reads C code frequently, it does not make me a good > coder..The issue is essentially that the python-based provision code need to detect the use of zfs, load the zfsacl module in the generated smb.conf, and instead of testing simple posix ACLs, proceed to setting a full NT ACL when we create the sysvol share. Thanks, -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Hi Andrew, thanks for the quick answer. Apologies that some of my "guesswork" wasn't right. From: "Andrew Bartlett" <abartlet at samba.org>> smbd has NFSv4 ACLsGreat!> On Thu, 2013-09-26 at 14:55 +1000, Petros wrote: >> I am happy to become a FreeBSD beta tester for any kind of FreeBSD ZFS >> support. But I am afraid I am not good enough to code it myself. I am >> a sysadmin who reads C code frequently, it does not make me a good >> coder.. > > The issue is essentially that the python-based provision code need to > detect the use of zfs, load the zfsacl module in the generated smb.conf, > and instead of testing simple posix ACLs, proceed to setting a full NT > ACL when we create the sysvol share.Okay.. python is one of the languages I did not learn so far. Well, I will see what I can do. For the sake of clarification: In case - I get the provisioning right, - Have the zfsacl module in the generated smb.conf I will have a working smbd? Thanks again Peter
Seemingly Similar Threads
- Samba4 AD DC using s3fs an OpenIndiana/Illumos/Solaris
- Segmentation fault in samba_upgradedns - Samba 4.4.5
- Segmentation fault in samba_upgradedns - Samba 4.4.5
- Samba 4 Alpha 17 to 4.0.x update - questions concerning S3FS / NTVFS
- ntvfs file server and selftest background