I am trying to install samba 4.5.1 from source, as a domain controller only, under Ubuntu 16.04, with ZFS filesystem (actually inside an lxd container with ZFS backing). Out-of-the-box, samba-tool domain provision does not like the filesystem: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option. It seems that s3fs requires POSIX ACLs, and ZFS supports NFSv4 ACLs by default. Some people recommend using "--use-ntvfs" but that is deprecated and indeed removed from samba 4.5. I found a page which said to set some zfs attributes: https://morph027.gitlab.io/post/zfs-on-linux-and-samba4-acl/ root at proxmox:~# zfs set acltype=posixacl vms/subvol-107-disk-1root at proxmox:~# zfs set aclinherit=passthrough vms/subvol-107-disk-1 So I set those on my container, but I now get a different error: root at wrn-dc1:~# samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.EXAMPLE.NET --domain=AD Administrator password will be set randomly! You are not root or your system do not support xattr, using tdb backend for attributes. not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs. Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ad,DC=example,DC=net Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join xattr_tdb_removexattr() failed to get vfs_handle->data! Security context active token stack underflow! PANIC (pid 23231): Security context active token stack underflow! BACKTRACE: 46 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f7904837ca6] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7f7904837af7] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f791747174b] #3 /usr/local/samba/lib/private/libsmbd-base-samba4.so(sec_ctx_active_token+0x94) [0x7f7900b5d639] #4 /usr/local/samba/lib/private/libsmbd-base-samba4.so(get_current_nttok+0x2e) [0x7f7900b43f20] #5 /usr/local/samba/lib/private/libsmbd-base-samba4.so(try_chown+0x78) [0x7f7900b6fd88] #6 /usr/local/samba/lib/private/libsmbd-base-samba4.so(set_nt_acl+0x3a9) [0x7f7900b7023c] #7 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x280180) [0x7f7900c8c180] #8 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_fset_nt_acl+0x58) [0x7f7900b63903] #9 /usr/local/samba/lib/vfs/acl_xattr.so(+0x4ee1) [0x7f78f243aee1] #10 /usr/local/samba/lib/vfs/acl_xattr.so(+0x576e) [0x7f78f243b76e] #11 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_fset_nt_acl+0x58) [0x7f7900b63903] #12 /usr/local/samba/lib/python2.7/site-packages/samba/samba3/smbd.so(+0x20e4) [0x7f7900fe40e4] #13 /usr/local/samba/lib/python2.7/site-packages/samba/samba3/smbd.so(+0x2f7f) [0x7f7900fe4f7f] #14 python(PyEval_EvalFrameEx+0x6da2) [0x4cada2] #15 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #16 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] #17 python(PyEval_EvalFrameEx+0x5d8f) [0x4c9d8f] #18 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #19 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] #20 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #21 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] #22 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #23 python() [0x4de8b8] #24 python(PyObject_Call+0x43) [0x4b0cb3] #25 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] #26 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #27 python() [0x4de6fe] #28 python(PyObject_Call+0x43) [0x4b0cb3] #29 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] #30 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #31 python() [0x4de6fe] #32 python(PyObject_Call+0x43) [0x4b0cb3] #33 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] #34 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #35 python() [0x4de6fe] #36 python(PyObject_Call+0x43) [0x4b0cb3] #37 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] #38 python(PyEval_EvalCodeEx+0x255) [0x4c2765] #39 python(PyEval_EvalCode+0x19) [0x4c2509] #40 python() [0x4f1def] #41 python(PyRun_FileExFlags+0x82) [0x4ec652] #42 python(PyRun_SimpleFileExFlags+0x191) [0x4eae31] #43 python(Py_Main+0x68a) [0x49e14a] #44 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f79189f4830] #45 python(_start+0x29) [0x49d9d9] Can not dump core: corepath not set up Does anyone else have samba 4.5 running with ZFS and if so how? Otherwise I guess I need to rebuild this platform with a different filesystem... Thanks, Brian.
On Tue, 6 Dec 2016 14:48:39 +0000 Brian Candler via samba <samba at lists.samba.org> wrote:> I am trying to install samba 4.5.1 from source, as a domain > controller only, under Ubuntu 16.04, with ZFS filesystem (actually > inside an lxd container with ZFS backing). > > Out-of-the-box, samba-tool domain provision does not like the > filesystem: > > ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed > - ProvisioningError: Your filesystem or build does not support posix > ACLs, which s3fs requires. Try the mounting the filesystem with the > 'acl' option. > > It seems that s3fs requires POSIX ACLs, and ZFS supports NFSv4 ACLs > by default. Some people recommend using "--use-ntvfs" but that is > deprecated and indeed removed from samba 4.5. > > I found a page which said to set some zfs attributes: > https://morph027.gitlab.io/post/zfs-on-linux-and-samba4-acl/ > > root at proxmox:~# zfs set acltype=posixacl > vms/subvol-107-disk-1root at proxmox:~# zfs set aclinherit=passthrough > vms/subvol-107-disk-1 So I set those on my container, but I now get a > different error: > > root at wrn-dc1:~# samba-tool domain provision --server-role=dc > --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.EXAMPLE.NET > --domain=AD > Administrator password will be set randomly! > You are not root or your system do not support xattr, using tdb > backend for attributes. > not using extended attributes to store ACLs and other metadata. If > you intend to use this provision in production, rerun the script as > root on a system supporting xattrs. > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=ad,DC=example,DC=net > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > xattr_tdb_removexattr() failed to get vfs_handle->data! > Security context active token stack underflow! > PANIC (pid 23231): Security context active token stack underflow! > BACKTRACE: 46 stack frames: > #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) > [0x7f7904837ca6] > #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) > [0x7f7904837af7] > #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) > [0x7f791747174b] > #3 > /usr/local/samba/lib/private/libsmbd-base-samba4.so(sec_ctx_active_token+0x94) > [0x7f7900b5d639] > #4 > /usr/local/samba/lib/private/libsmbd-base-samba4.so(get_current_nttok+0x2e) > [0x7f7900b43f20] > #5 /usr/local/samba/lib/private/libsmbd-base-samba4.so(try_chown+0x78) > [0x7f7900b6fd88] > #6 > /usr/local/samba/lib/private/libsmbd-base-samba4.so(set_nt_acl+0x3a9) > [0x7f7900b7023c] > #7 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x280180) > [0x7f7900c8c180] > #8 > /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_fset_nt_acl+0x58) > [0x7f7900b63903] > #9 /usr/local/samba/lib/vfs/acl_xattr.so(+0x4ee1) [0x7f78f243aee1] > #10 /usr/local/samba/lib/vfs/acl_xattr.so(+0x576e) [0x7f78f243b76e] > #11 > /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_fset_nt_acl+0x58) > [0x7f7900b63903] > #12 > /usr/local/samba/lib/python2.7/site-packages/samba/samba3/smbd.so(+0x20e4) > [0x7f7900fe40e4] > #13 > /usr/local/samba/lib/python2.7/site-packages/samba/samba3/smbd.so(+0x2f7f) > [0x7f7900fe4f7f] > #14 python(PyEval_EvalFrameEx+0x6da2) [0x4cada2] > #15 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #16 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #17 python(PyEval_EvalFrameEx+0x5d8f) [0x4c9d8f] > #18 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #19 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #20 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #21 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #22 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #23 python() [0x4de8b8] > #24 python(PyObject_Call+0x43) [0x4b0cb3] > #25 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #26 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #27 python() [0x4de6fe] > #28 python(PyObject_Call+0x43) [0x4b0cb3] > #29 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #30 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #31 python() [0x4de6fe] > #32 python(PyObject_Call+0x43) [0x4b0cb3] > #33 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #34 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #35 python() [0x4de6fe] > #36 python(PyObject_Call+0x43) [0x4b0cb3] > #37 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #38 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #39 python(PyEval_EvalCode+0x19) [0x4c2509] > #40 python() [0x4f1def] > #41 python(PyRun_FileExFlags+0x82) [0x4ec652] > #42 python(PyRun_SimpleFileExFlags+0x191) [0x4eae31] > #43 python(Py_Main+0x68a) [0x49e14a] > #44 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) > [0x7f79189f4830] > #45 python(_start+0x29) [0x49d9d9] > Can not dump core: corepath not set up > > Does anyone else have samba 4.5 running with ZFS and if so how? > Otherwise I guess I need to rebuild this platform with a different > filesystem... > > Thanks, > > Brian.Just don't use ZFS, you can only setup a DC on this if you use ntvfs and, as you have found, this isn't installed any more. Rowland
On 06/12/2016 14:48, Brian Candler wrote:> root at wrn-dc1:~# samba-tool domain provision --server-role=dc > --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.EXAMPLE.NET > --domain=AD > Administrator password will be set randomly! > You are not root or your system do not support xattr, using tdb > backend for attributes.Aside: the zfs "xattr" property is already on by default. Inside the container it works for me with user xattrs: root at wrn-dc1:~# setfattr -n user.bar -v baz /tmp/foo root at wrn-dc1:~# getfattr -n user.bar /tmp/foo getfattr: Removing leading '/' from absolute path names # file: tmp/foo user.bar="baz" But when I strace "samba-tool domain provision": open("/usr/local/samba/tmpE7Z_yH", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 3 fcntl(3, F_GETFD) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 fstat(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 fcntl(3, F_GETFL) = 0x28002 (flags O_RDWR|O_LARGEFILE|O_NOFOLLOW) setxattr("/usr/local/samba/tmpE7Z_yH", "security.NTACL", "\1\0\1\0\0\0\2\0\1\0\0\200\34\0\0\0(\0\0\0\0\0 \0\0\0\0\0\0\1\1\0\0\0\0\0\5 \0\0\0\1\1\0\0\0\0\0\5 \0\0", 52, 0) = -1 EPERM (Operation not permitted) write(2, "You are not root or your system "..., 89You are not root or your system do not support xattr, using tdb backend for attributes. ) = 89 close(3) = 0 unlink("/usr/local/samba/tmpE7Z_yH") = 0 write(2, "not using extended attributes to"..., 171not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs. ) = 171 And indeed: root at wrn-dc1:~# setfattr -n security.NTACL -v baz /tmp/foo setfattr: /tmp/foo: Operation not permitted The samba wiki only mentions zfs in passing in two places. Searching further, it looks like Samba has ZFS support when run on Solaris: https://lists.samba.org/archive/samba/2012-August/168660.html and possibly FreeBSD. For Ubuntu I tried doing "apt-get install libzfslinux-dev" and re-running "./configure", but there is no mention of zfs in its output. Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". That's clear enough :-) Regards, Brian.
On Tue, 2016-12-06 at 14:48 +0000, Brian Candler via samba wrote:> I am trying to install samba 4.5.1 from source, as a domain > controller > only, under Ubuntu 16.04, with ZFS filesystem (actually inside an > lxd > container with ZFS backing).Sadly while Samba contains all the moving parts required (like the ZFS ACL module, backing Samba onto NFSv4 ACLs), we haven't had an skilled and enthusiastic (for ZFS) python developer who can implement the < 100 lines or so required, and then the (larger) set of tests. Sorry, Andrew Bartlett> Out-of-the-box, samba-tool domain provision does not like the > filesystem: > > ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed > - > ProvisioningError: Your filesystem or build does not support posix > ACLs, > which s3fs requires. Try the mounting the filesystem with the 'acl' > option. > > It seems that s3fs requires POSIX ACLs, and ZFS supports NFSv4 ACLs > by > default. Some people recommend using "--use-ntvfs" but that is > deprecated and indeed removed from samba 4.5. > > I found a page which said to set some zfs attributes: > https://morph027.gitlab.io/post/zfs-on-linux-and-samba4-acl/ > > root at proxmox:~# zfs set acltype=posixacl > vms/subvol-107-disk-1root at proxmox:~# zfs set aclinherit=passthrough > vms/subvol-107-disk-1 So I set those on my container, but I now get > a > different error: > > root at wrn-dc1:~# samba-tool domain provision --server-role=dc > --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.EXAMPLE.NET > --domain=AD > Administrator password will be set randomly! > You are not root or your system do not support xattr, using tdb > backend > for attributes. > not using extended attributes to store ACLs and other metadata. If > you > intend to use this provision in production, rerun the script as root > on > a system supporting xattrs. > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=ad,DC=example,DC=net > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > xattr_tdb_removexattr() failed to get vfs_handle->data! > Security context active token stack underflow! > PANIC (pid 23231): Security context active token stack underflow! > BACKTRACE: 46 stack frames: > #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) > [0x7f7904837ca6] > #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) > [0x7f7904837af7] > #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) > [0x7f791747174b] > #3 > /usr/local/samba/lib/private/libsmbd-base- > samba4.so(sec_ctx_active_token+0x94) > [0x7f7900b5d639] > #4 > /usr/local/samba/lib/private/libsmbd-base- > samba4.so(get_current_nttok+0x2e) > [0x7f7900b43f20] > #5 /usr/local/samba/lib/private/libsmbd-base- > samba4.so(try_chown+0x78) > [0x7f7900b6fd88] > #6 > /usr/local/samba/lib/private/libsmbd-base- > samba4.so(set_nt_acl+0x3a9) > [0x7f7900b7023c] > #7 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x280180) > [0x7f7900c8c180] > #8 > /usr/local/samba/lib/private/libsmbd-base- > samba4.so(smb_vfs_call_fset_nt_acl+0x58) > [0x7f7900b63903] > #9 /usr/local/samba/lib/vfs/acl_xattr.so(+0x4ee1) [0x7f78f243aee1] > #10 /usr/local/samba/lib/vfs/acl_xattr.so(+0x576e) [0x7f78f243b76e] > #11 > /usr/local/samba/lib/private/libsmbd-base- > samba4.so(smb_vfs_call_fset_nt_acl+0x58) > [0x7f7900b63903] > #12 > /usr/local/samba/lib/python2.7/site- > packages/samba/samba3/smbd.so(+0x20e4) > [0x7f7900fe40e4] > #13 > /usr/local/samba/lib/python2.7/site- > packages/samba/samba3/smbd.so(+0x2f7f) > [0x7f7900fe4f7f] > #14 python(PyEval_EvalFrameEx+0x6da2) [0x4cada2] > #15 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #16 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #17 python(PyEval_EvalFrameEx+0x5d8f) [0x4c9d8f] > #18 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #19 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #20 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #21 python(PyEval_EvalFrameEx+0x6099) [0x4ca099] > #22 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #23 python() [0x4de8b8] > #24 python(PyObject_Call+0x43) [0x4b0cb3] > #25 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #26 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #27 python() [0x4de6fe] > #28 python(PyObject_Call+0x43) [0x4b0cb3] > #29 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #30 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #31 python() [0x4de6fe] > #32 python(PyObject_Call+0x43) [0x4b0cb3] > #33 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #34 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #35 python() [0x4de6fe] > #36 python(PyObject_Call+0x43) [0x4b0cb3] > #37 python(PyEval_EvalFrameEx+0x2ad1) [0x4c6ad1] > #38 python(PyEval_EvalCodeEx+0x255) [0x4c2765] > #39 python(PyEval_EvalCode+0x19) [0x4c2509] > #40 python() [0x4f1def] > #41 python(PyRun_FileExFlags+0x82) [0x4ec652] > #42 python(PyRun_SimpleFileExFlags+0x191) [0x4eae31] > #43 python(Py_Main+0x68a) [0x49e14a] > #44 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) > [0x7f79189f4830] > #45 python(_start+0x29) [0x49d9d9] > Can not dump core: corepath not set up > > Does anyone else have samba 4.5 running with ZFS and if so how? > Otherwise I guess I need to rebuild this platform with a different > filesystem... > > Thanks, > > Brian.-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On 06/12/2016 16:06, Brian Candler wrote:> Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". That's > clear enough :-)FYI, I rebuilt the system using btrfs but initially I got the same issue [^1] It turns out this came from running inside an unprivileged lxd container. After setting "security.privileged true" it was happy. So I guess it might have been all right with ZFS, but I'll leave it as it is now. Regards, Brian. [^1] ... You are not root or your system do not support xattr, using tdb backend for attributes. not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs. ... xattr_tdb_removexattr() failed to get vfs_handle->data! Security context active token stack underflow! PANIC (pid 32130): Security context active token stack underflow!
Possibly Parallel Threads
- Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC
- [OT?] VM or Container for an AD DC?
- 'samba-tool dbcheck' reports only a "Bus error"
- Re: Memory corruption when testing nbdkit python plugin with nbd-tester-client?
- multithreading calling from the rpy Python package