On Thu, 6 Jul 2017 12:17:42 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 6 Jul 2017 05:27:13 -0500 > Andrew Walker via samba <samba at lists.samba.org> wrote: > > > I'm sorry. I probably should have linked their samba fork: > > https://github.com/freenas/samba You can look at the commits from > > around the time period of the bug report. It looks like quite a lot > > of work in ./python/samba/provision/ > > > > Yes I found them, patched 4.6.5 and I am now trying to build Samba on > ghostbsd (freebsd in disguise), if it works, then Freenas needs to > propose their patches to Samba. > > Rowland >Well it builds, but still doesn't provision: Setting up self join set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 471, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 2183, in provision skip_sysvolacl=skip_sysvolacl) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1811, in provision_fill names.domaindn, lp, use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1595, in setsysvolacl service=SYSVOL_SERVICE) File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) Looks like it needs more work ;-) Rowland
Yes. I imagine that's why Andrew Bartlett commented: "There may be some good news in the future, as I've had one of the developers at iXSystems working with me on a proper fix, specifically for zfs. It might take a little while however." As things stand, I believe that domains provision correctly within the context of FreeNAS itself (i.e. through the webui). Hence, the comment that currently FreeNAS is the only option if your want FreeBSD + ZFS + AD DC. So there is hope that things will improve in FreeBSD in general. My apologies Rowland, I appear to have initially fumbled my reply and sent it directly to you instead of the list. Andrew On Thu, Jul 6, 2017 at 7:07 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 6 Jul 2017 12:17:42 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > On Thu, 6 Jul 2017 05:27:13 -0500 > > Andrew Walker via samba <samba at lists.samba.org> wrote: > > > > > I'm sorry. I probably should have linked their samba fork: > > > https://github.com/freenas/samba You can look at the commits from > > > around the time period of the bug report. It looks like quite a lot > > > of work in ./python/samba/provision/ > > > > > > > Yes I found them, patched 4.6.5 and I am now trying to build Samba on > > ghostbsd (freebsd in disguise), if it works, then Freenas needs to > > propose their patches to Samba. > > > > Rowland > > > > Well it builds, but still doesn't provision: > > Setting up self join > set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. > ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information > received') > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", > line 471, in run > nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 2183, in provision > skip_sysvolacl=skip_sysvolacl) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 1811, in provision_fill > names.domaindn, lp, use_ntvfs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 1595, in setsysvolacl > service=SYSVOL_SERVICE) > File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", > line 162, in setntacl > smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP > | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) > > Looks like it needs more work ;-) > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
But if Samba AD does not work on the ZFS filesystem, then why bundle it with the NAS4Free OS? What filesystems does the Samba AD support? On Thu, Jul 6, 2017 at 10:54 AM, Andrew Walker via samba < samba at lists.samba.org> wrote:> Yes. I imagine that's why Andrew Bartlett commented: "There may be some > good news in the future, as I've had one of the developers at iXSystems > working with me on a proper fix, specifically for zfs. It might take a > little while however." > > As things stand, I believe that domains provision correctly within the > context of FreeNAS itself (i.e. through the webui). Hence, the comment that > currently FreeNAS is the only option if your want FreeBSD + ZFS + AD DC. So > there is hope that things will improve in FreeBSD in general. > > My apologies Rowland, I appear to have initially fumbled my reply and sent > it directly to you instead of the list. > > Andrew > > On Thu, Jul 6, 2017 at 7:07 AM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Thu, 6 Jul 2017 12:17:42 +0100 > > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > > On Thu, 6 Jul 2017 05:27:13 -0500 > > > Andrew Walker via samba <samba at lists.samba.org> wrote: > > > > > > > I'm sorry. I probably should have linked their samba fork: > > > > https://github.com/freenas/samba You can look at the commits from > > > > around the time period of the bug report. It looks like quite a lot > > > > of work in ./python/samba/provision/ > > > > > > > > > > Yes I found them, patched 4.6.5 and I am now trying to build Samba on > > > ghostbsd (freebsd in disguise), if it works, then Freenas needs to > > > propose their patches to Samba. > > > > > > Rowland > > > > > > > Well it builds, but still doesn't provision: > > > > Setting up self join > > set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. > > ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected > information > > received') > > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/_ > _init__.py", > > line 176, in _run > > return self.run(*args, **kwargs) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ > domain.py", > > line 471, in run > > nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/ > provision/__init__.py", > > line 2183, in provision > > skip_sysvolacl=skip_sysvolacl) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/ > provision/__init__.py", > > line 1811, in provision_fill > > names.domaindn, lp, use_ntvfs) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/ > provision/__init__.py", > > line 1595, in setsysvolacl > > service=SYSVOL_SERVICE) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", > > line 162, in setntacl > > smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP > > | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) > > > > Looks like it needs more work ;-) > > > > Rowland > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 6 Jul 2017 09:54:33 -0500 Andrew Walker via samba <samba at lists.samba.org> wrote:> Yes. I imagine that's why Andrew Bartlett commented: "There may be > some good news in the future, as I've had one of the developers at > iXSystems working with me on a proper fix, specifically for zfs. It > might take a little while however." > > As things stand, I believe that domains provision correctly within the > context of FreeNAS itself (i.e. through the webui). Hence, the > comment that currently FreeNAS is the only option if your want > FreeBSD + ZFS + AD DC. So there is hope that things will improve in > FreeBSD in general. > > My apologies Rowland, I appear to have initially fumbled my reply and > sent it directly to you instead of the list. > > Andrew >No problem, but being able to build Samba on freebsd isn't any good, if you cannot provision a DC. I think that all mention of acl in the source needs examining and changing to allow the use of ACLs or NFSv4 acls, something that will probably be a lot of work and beyond me. Rowland