Samba 4.4 / NFSv4 ACLs / AD provision fail

Hi all. I'm a very fresh FreeBSD user and trying to configure a home network with Samba. Running FreeBSD 10.3, net/samba44 (built with vfs_zfsacl and libsunacl library installed) and experiencing issues with domain provision. OS drive running UFS and a ZFS mirror configured. I've digged through this forum and the interweb but can't seem to resolve the issue. Any advice would be most useful. Output:

Code:
# samba-tool domain provision --option="interfaces=bge1" --option="bind interfaces only=yes" --use-rfc2307 --interactive
Realm [TEST.HOME]:
 Domain [TEST]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=test,DC=home
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 461, in run
  nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2171, in provision
  skip_sysvolacl=skip_sysvolacl)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1805, in provision_fill
  names.domaindn, lp, use_ntvfs)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1557, in setsysvolacl
  raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "

Code:
# Global parameters
[global]
bind interfaces only = Yes
interfaces = bge1
netbios name = DC
realm = TEST.HOME
workgroup = TEST
server string = TEST DOMAIN
hosts allow = 192.168.1.
security = ads
name resolve order = wins bcast
dns forwarder = 192.168.1.1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
domain master = yes
preferred master = yes
domain logons = yes
nt acl support = yes
inherit acls = no

[hddpool]
comment = HDD Pool
path = /hddpool
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
map archive = No
map readonly = no
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes

[netlogon]
 path = /var/db/samba4/sysvol/andromeda.home/scripts
 read only = No
[sysvol]
 path = /var/db/samba4/sysvol
 read only = No
Code:
# zfs get aclmode /hddpool
NAME  PROPERTY  VALUE  SOURCE
hddpool  aclmode  passthrough  local
Code:
# zfs get aclinherit /hddpool/
NAME  PROPERTY  VALUE  SOURCE
hddpool  aclinherit  passthrough  local
 
UFS supports both POSIX ACLs and NFSv4 ACLs, ZFS supports only NFSv4 ACLs. Based on the error message it's trying to use POSIX ACL functionality on a ZFS filesystem.
 
Update: thought the error message wasn't specific enough to point towards ZFS so investigated UFS and found ACLs were not enabled in /etc/fstab. This is what is looks like now:
Code:
# cat /etc/fstab
# Device  Mountpoint  FStype  Options Dump  Pass#
/dev/ada0p2  /  ufs  rw,acls 1  1
/dev/ada0p3  none  swap  sw  0  0
Domain provision now returns 'Segmentation fault (core dumped)'. Also noticed that testparm returns the following:
Code:
# testparm
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[hddpool]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Isn't that odd, given I'm explicitly stating 'server role = active directory domain controller' in smb4.conf?
 
I also got that "Segmentation fault" problem. Thus I switched back to Samba 4.3, which works like it should. (despite my other odd problem with bind...)
 
Thanks Leifur - tested with Samba 4.3 and had no problems provisioning the domain. I'll use that version going forward.
 
I got error like this. But i can't solve it. I have FreeBSD 11.0 and zfs. Now samba do not have ntvfs option (look like it depricated). So i create zvol with reservation=none option and create ufs with acl on it.
root# mount
---- purged -----
/dev/zvol/zroot/home1 on /home1 (ufs, local, acls)

and then:
samba-tool domain provision --realm=homefree.GREEN --domain=GREEN --adminpass=Cfvfhf2016 --server-role=dc
i got the same error:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 461, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2171, in provision
skip_sysvolacl=skip_sysvolacl)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1805, in provision_fill
names.domaindn, lp, use_ntvfs)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1557, in setsysvolacl
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.

So i will be very happy in any help or hint.

i clean DB and conf before. But it did not help.
 
  • Thanks
Reactions: sdf
Back
Top