On Wed, 2017-06-14 at 22:02 +0100, Rowland Penny via samba
wrote:> On Wed, 14 Jun 2017 16:23:03 -0400
> Zaphod Beeblebrox via samba <samba at lists.samba.org> wrote:
>
> > So... in the provision script, at some point after "self
join" is
> > printed, we do:
> >
> > smbd.set_simple_acl(file.name, 0755, gid)
> >
> > .... where file.name is "/var/db/samba4/sysvol/tmpwXFu1C"
and gid
> > is
> > 0 (at least on FreeBSD).
> >
> > the "OSError" here is a '-1' ... which is
startlingly unhelpful.
> >
> > ... but the filesystem is zfs and acls of both posix and nfsv4 are
> > working.
> >
> > ... having googled and tested several dozen ideas over the past day
> > or so, I'm relatively confident that somethings wrong with the
> > test.
>
> You could always try asking 'Deep Thought' or 'Marvin' ;-)
>
> But seriously:
>
> No, the test works on Linux. I tried to get a Samba AD DC provisioned
> on Freebsd and I ran into the problem that you have found, ACLs do
> not
> work against zfs, I also couldn't get it work with ufs either and as
> ntvfs is probably going to be remove at some point (you have to make
> configure build it now, anyway), you may not be able to use Samba as
> an AD DC on Freebsd at present.
There may be some good news in the future, as I've had one of the
developers at iXSystems working with me on a proper fix, specifically
for zfs. It might take a little while however.
For now, it isn't a tested, viable option for Samba AD DC on FreeBSD.
Sorry,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba