Way back when I first started looking at ZFS I remember testing the sun
samba/zfs acl integration. I had some problems with the special ace''s
at
first, but I thought those were resolved by installing the latest samba
patch. However, after working on other pieces of our developing
infrastructure for a while, I went back to revisit samba, and it
doesn''t
work :(. I initially tested with S10U4, I''m currently running U5 with a
few additional patches.
Given a file with the following ACL:
-rw------- 1 henson csupomona 0 Sep 3 12:19
/export/user/henson/test.file
owner@:rw-pdDaARWcC--:------:allow
group@:--------------:------:allow
everyone@:--------------:------:allow
I connect to the samba share from Windows XP, right-click on the file,
click properties and then security, give "everyone" read privileges,
and
then after applying here is what happens:
-r--r--r--+ 1 henson csupomona 0 Sep 3 12:19
/export/user/henson/test.file
group:csupomona:-------------s:------:allow
everyone@:r-----a-R-c--s:------:allow
user:henson:rw-pdDaARWcC--:------:allow
The special owner/group entries are replaced with explicit user/group
entries, the order is changed, and the "s" permission spuriously
applied.
I tried installing the Sun provided samba source code package to try to do
some debugging on my own, but it won''t even compile, configure fails
with:
checking for ldap_add_result_entry... no
configure: error: Active Directory support requires ldap_add_result_entry
Looking at the README.sfw included in the source package, there is
evidently some "libsunwrap.a" file necessary to access that function
call
in the Sun LDAP library as it is not exported; this does not appear to be
included in the samba source package.
Anybody have any ideas about this? I''m considering trying to install
another S10U4 system like I initially tested with to confirm whether or not
it actually worked then or if I''m just being prematurely senile 8-/.
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | henson at csupomona.edu
California State Polytechnic University | Pomona CA 91768
0n Wed, Sep 03, 2008 at 12:57:52PM -0700, Paul B. Henson wrote:
>I tried installing the Sun provided samba source code package to try to
do
>some debugging on my own, but it won''t even compile, configure
fails with:
Oh, where did you get that from ?
-aW
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914. If you have received this email in error, you are requested to contact
the sender and delete the email.
Wilkinson, Alex wrote:> 0n Wed, Sep 03, 2008 at 12:57:52PM -0700, Paul B. Henson wrote: > > >I tried installing the Sun provided samba source code package to try to do > >some debugging on my own, but it won''t even compile, configure fails with: > > Oh, where did you get that from ? >Source packages are usually in a Solaris distribution (overloaded term, but look at something like Solaris 10 5/08) and typically end in "S" So look in the Product directory for something like SUNWsambaS. Of course, this means that if you think you are installing everything when you tell the installer to install all, then you are wrong for assuming all meant everything -- a pet peeve of mine, and probably a new pet peeve for you, too :-( -- richard
On Wed, 3 Sep 2008, Richard Elling wrote:> Source packages are usually in a Solaris distribution (overloaded term, > but look at something like Solaris 10 5/08) and typically end in "S" So > look in the Product directory for something like SUNWsambaS. Of course,SUNWsmbaS as it turns out... You will need to reapply your latest Samba patch after installing the source code if you have already installed and patched the server packages, otherwise the source code will be out of date. Not that it compiles anyway :(. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768
Paul B. Henson stated: < [snip] < < < I tried installing the Sun provided samba source code package to try to do < some debugging on my own, but it won''t even compile, configure fails with: < < < checking for ldap_add_result_entry... no < configure: error: Active Directory support requires ldap_add_result_entry < < < Looking at the README.sfw included in the source package, there is < evidently some "libsunwrap.a" file necessary to access that function call < in the Sun LDAP library as it is not exported; this does not appear to be < included in the samba source package. < < Anybody have any ideas about this? I''m considering trying to install < another S10U4 system like I initially tested with to confirm whether or not < it actually worked then or if I''m just being prematurely senile 8-/. The sfw project''s bit has whats needed here, the libsunwrap.a src etc, http://www.opensolaris.org/os/project/sfwnv/ though these bits are really for opensolaris & co., so YMMV. < < < -- < Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ < Operating Systems and Network Analyst | henson at csupomona.edu < California State Polytechnic University | Pomona CA 91768 < _______________________________________________ < zfs-discuss mailing list < zfs-discuss at opensolaris.org < http://mail.opensolaris.org/mailman/listinfo/zfs-discuss -- Sean. .
On Sat, 6 Sep 2008, Sean McGrath wrote:> The sfw project''s bit has whats needed here, the libsunwrap.a src etc, > http://www.opensolaris.org/os/project/sfwnv/Thanks for the pointer, I was able to pull out the libsunwrap.a source code and use it to compile the bundled samba source from S10U5. Although a couple of functions in vfs_zfsacl.c returned NTSTATUS instead of BOOL, which initially caused a compilation error until I fixed it. I don''t think the source code shipped with Solaris is the same source code actually used to make the binary packages :(. For the benefit of anyone with a similar problem that finds this thread via a search, it turns out the issue was actually with the nfs4acl module, which vfs_zfsacl.c uses.>From README.nfs4acls.txt:mode = [simple|special] - simple: don''t use OWNER@ and GROUP@ special IDs in ACEs. - default - special: use OWNER@ and GROUP@ special IDs in ACEs instead of simple user&group ids. The default for the NFS4 ACL mapper subsystem is to remove special ACEs and replace them with specific user/group ACEs. Kind of seems like a dumb default to me. If you add "nfs4: mode = special" to your smb.conf things work as expected. Thanks again for the help... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768