Andy Smith
2016-Jan-15 10:19 UTC
[Samba] problems with initial install, simple server config
Hi list, I'm attempting my first ever install of Samba4, my requirements are pretty simple: I just need the quickest easiest way to get a standalone server for use as a Windows file server with password aging and password complexity rules. My OS is FreeBSD 10.2 running on ZFS, samba from binary package samba43-4.3.3. I've had a google for some guides and I've been using the steps here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Provisioning_the_Samba_Active_Directory However when I run the interactive provisioning I'm getting this error when provisioning as a DC: Setting up self join ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option. If I try provisioning as a standalone I get no errors but after provisioning Winbind doesn't seem to work. Ie: [root at samba1 ~]# wbinfo -p Ping to winbindd succeeded [root at samba1 ~]# wbinfo -u Error looking up domain users [root at samba1 ~]# wbinfo --user-info=andys failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user andys Grateful for any advise, thanks, Andy.
Rowland penny
2016-Jan-15 11:56 UTC
[Samba] problems with initial install, simple server config
On 15/01/16 10:19, Andy Smith wrote:> > > Hi list, > > I'm attempting my first ever install of Samba4, my requirements are > pretty simple: I just need the quickest easiest way to get a standalone > server for use as a Windows file server with password aging and password > complexity rules. > > My OS is FreeBSD 10.2 running on ZFS, samba from binary package > samba43-4.3.3. > > I've had a google for some guides and I've been using the steps here: > > https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Provisioning_the_Samba_Active_Directory > > > However when I run the interactive provisioning I'm getting this error > when provisioning as a DC: > > Setting up self join > ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - > ProvisioningError: Your filesystem or build does not support posix ACLs, > which s3fs requires. Try the mounting the filesystem with the 'acl' > option.The error message is pretty explicit, your underlying filesystem doesn't understand posix ACLs. I think you have three choices here if you want an AD DC: Search the internet for info on how to make Samba 4 provision on ZFS. Use the ntvfs backend instead of s3fs, this is not something I would recommend, the ntvfs backend is not really maintained any more and could be removed at any time. Use a different OS or filesystem that does understand posix ACLs> > If I try provisioning as a standalone I get no errors but after > provisioning Winbind doesn't seem to work. Ie:You can only provision as a DC, nothing else works, if you want to set up a standalone server, see the Samba wiki, but you will still have the posix ACLs problem, but there is a vfs to get round this. Rowland
Andy Smith
2016-Jan-15 12:16 UTC
[Samba] problems with initial install, simple server config
on 2016-01-15, ROWLAND PENNY wrote:> The error message is pretty explicit, your underlying filesystem doesn't > understand posix ACLs. I think you have three choices here if you want > an AD DC:Hi Rowland, thanks for replying. Yes it is pretty explicit, but at this point I haven't been allowed to specify what directories in what file systems I want to share. What directory is it testing for posix ACLs? I can mount UFS or configure ZFS correctly for this purpose, but I don't necessarily want to touch my root ZFS file system. Understood regarding provisioning, strange to include several options that do not work tho! thanks again, Andy.
Rowland penny
2016-Jan-15 13:10 UTC
[Samba] problems with initial install, simple server config
On 15/01/16 12:16, Andy Smith wrote:> > > on 2016-01-15, ROWLAND PENNY wrote: > >> The error message is pretty explicit, your underlying filesystem doesn't >> understand posix ACLs. I think you have three choices here if you want >> an AD DC: > Hi Rowland, > > thanks for replying. Yes it is pretty explicit, but at this point I > haven't been allowed to specify what directories in what file systems I > want to share. What directory is it testing for posix ACLs? I can mount > UFS or configure ZFS correctly for this purpose, but I don't necessarily > want to touch my root ZFS file system.Try running 'samba -b' this will show you where the AD DC expects to find things, you should be able to work out from there what needs changing on your system.> > Understood regarding provisioning, strange to include several options > that do not work tho!'s3fs' depends on posix ACL's and as far as I am aware freebsd doesn't use them, everything does work on Linux which I suppose is Samba's main target. 'ntvfs' was created in the early phase of Samba4, but was ultimately dropped in favour of 's3fs', I understand it was dropped because of the amount of work that was required to complete everything it was designed to do and a lack of time (or something like this). Rowland> thanks again, Andy. >
Andy Smith
2016-Jan-15 14:22 UTC
[Samba] problems with initial install, simple server config
On 2016-01-15, ROWLAND PENNY wrote:> Try running 'samba -b' this will show you where the AD DC expects to > find things, you should be able to work out from there what needs > changing on your system.Ok thanks. I wasn't sure which of the listed directories was important. I ran samba-tool with debug 9 and I think the issue is where it tries to create the sysvol volume, so I've created a new ZFS file system there and applied the following two options: aclmode=passthrough aclinherit=passthrough
Possibly Parallel Threads
- Segmentation fault in samba_upgradedns - Samba 4.4.5
- Segmentation fault in samba_upgradedns - Samba 4.4.5
- Samba4 AD DC using s3fs an OpenIndiana/Illumos/Solaris
- Filesystem does not support posix ACLs
- Cannot Join Samba 4.1 to an existing Windows 2008 domain as a Backup DC