Solved Problem Samba411

R

Reken

Please, help me

FreeBSD 11.3 Release (64bit)
Samba411
File system: ZFS

I enter the team :
Code: 
samba-tool domain provision --use-rfc2307 --host-ip=192.168.10.10 --interactive

Conclusion :
Code: 
Repacking database from v1 to v2 format (first record CN=Physical-Location-Object,CN=Schema,CN=Configuration,DC=domenfo,DC=local)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=mSMQConfiguration-Display,CN=404,CN=DisplaySpecifiers,CN=Configuration,DC=domenfo,DC=local)
Repacking database from v1 to v2 format (first record CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,DC=domenfo,DC=local)

set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER.
ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was passed to a service or function.')

  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/domain.py", line 542, in run
    backend_store_size=backend_store_size)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py", line 2395, in provision
    backend_store_size=backend_store_size)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py", line 1995, in provision_fill
    names.domaindn, lp, use_ntvfs)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py", line 1773, in setsysvolacl
    _setntacl(sysvol)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py", line 1770, in _setntacl
    service=SYSVOL_SERVICE, session_info=session_info)
  File "/usr/local/lib/python3.7/site-packages/samba/ntacls.py", line 232, in setntacl
    service=service, session_info=session_info)

How to install a patch? To fix the error "set_nt_acl_no_snum: fset_nt_acl"
 
forums.freebsd.org

Samba domain controller

Anyone know if it's currently possible to run a Samba DC with ZFS? I've tried 4.8 and the latest pkg for 4.10 which is supposed to contain "fix(?) for provision on ZFS". I can only get as far as "Setting up self join", then get an error such as the following - set_nt_acl_no_snum: fset_nt_acl...
forums.freebsd.org forums.freebsd.org
 
vfs objects = freebsd # in /usr/local/etc/smb4.conf
add --option="vfs objects"="freebsd" # Same error

Port Edit Method:
Code: 
cat << __EOF__ > /usr/ports/net/samba410/files/patch-bfs-provisioning
But in SAMBA411 there is no such file #patch-bfs-provisioning

Has anyone encountered such a problem?
 
If I understood correctly vfs objects = freebsd is for UFS, not ZFS.
 
I did the following:

1) pkg delete samba411
2)
Code: 
cat << __EOF__ > /usr/ports/net/samba410/files/patch-bfs-provisioning
--- source3/param/loadparm.c.orig    2020-03-11 07:17:30.827605000 -0300
+++ source3/param/loadparm.c    2020-03-11 07:20:28.867874000 -0300
@@ -2742,6 +2742,13 @@
         if (!vfs_objects || !vfs_objects[0]) {
             if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
                 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+    /*
+      * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+      * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+      * This workaround is freebsd-specific.
+      */
+            } else if (pathconf(get_dyn_STATEDIR(), _PC_ACL_NFS4) == 1){
+                lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
             } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
                 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
             } else {
__EOF__
3)
cd /usr/ports/net/samba410
make install clean

System asks :
Code: 
===>  Applying FreeBSD patches for samba410-4.10.15
File to patch:

Which patch should I specify?
 
Where did the diff come from?

If the patch you specified above is one that needs to be applied, then source3/param/loadparm.c is the file path.

Then again, I'm easily confused. 🤔
 
I don’t know where the difference is ...
I see the following:
Code: 
root@DC1:/usr/ports/net/samba410 # make reinstall clean
===>  Deinstalling for samba410
===>   samba410 not installed, skipping
===>  Patching for samba410-4.10.15
===>  Applying extra patch /usr/ports/net/samba410/files/0001-Zfs-provision-1.patch with -p1
Ignoring previously applied (or reversed) patch.
3 out of 3 hunks ignored--saving rejects to python/samba/provision/__init__.py.rej
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source3/lib/sysacls.c.rej
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source3/param/loadparm.c.rej
Ignoring previously applied (or reversed) patch.
5 out of 5 hunks ignored--saving rejects to source3/smbd/pysmbd.c.rej
===>  FAILED Applying extra patch /usr/ports/net/samba410/files/0001-Zfs-provision-1.patch with -p1
===>  Applying extra patch /usr/ports/net/samba410/files/0001-provision-use-ASCII-quotes.patch with -p1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source4/setup/extended-rights.ldif.rej
===>  FAILED Applying extra patch /usr/ports/net/samba410/files/0001-provision-use-ASCII-quotes.patch with -p1
===>  Applying FreeBSD patches for samba410-4.10.15
File to patch:

I don’t know the solution yet problem ...
 
Code: 
root@DC1:/usr/ports/net/samba410 # make -de
===>  Patching for samba410-4.10.15
===>  Applying extra patch /usr/ports/net/samba410/files/0001-Zfs-provision-1.patch with -p1
Ignoring previously applied (or reversed) patch.
3 out of 3 hunks ignored--saving rejects to python/samba/provision/__init__.py.rej
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source3/lib/sysacls.c.rej
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source3/param/loadparm.c.rej
Ignoring previously applied (or reversed) patch.
5 out of 5 hunks ignored--saving rejects to source3/smbd/pysmbd.c.rej
===>  FAILED Applying extra patch /usr/ports/net/samba410/files/0001-Zfs-provision-1.patch with -p1
===>  Applying extra patch /usr/ports/net/samba410/files/0001-provision-use-ASCII-quotes.patch with -p1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to source4/setup/extended-rights.ldif.rej
===>  FAILED Applying extra patch /usr/ports/net/samba410/files/0001-provision-use-ASCII-quotes.patch with -p1
===>  Applying FreeBSD patches for samba410-4.10.15
File to patch:
 
I have no idea. It shouldn't matter unless there's some issue that's release specific.

Run make maintainer and post a question to the port developer.

You could also run make -dA and watch it spew out everything, but I'm not sure it will do anything but confuse you more.
 
Look in files/ that's where patches are.
In post #5 you cat the patch, so what's the confusion? Perhaps the make is failing before applying the patch you mention.
 
How to install the patch?
I do so ...
Just paste the following text into the command line and press enter:
Code: 
cat << __EOF__ > /usr/ports/net/samba411/files/patch-bfs-provisioning
--- source3/param/loadparm.c.orig    2020-03-11 07:17:30.827605000 -0300
+++ source3/param/loadparm.c    2020-03-11 07:20:28.867874000 -0300
@@ -2742,6 +2742,13 @@
         if (!vfs_objects || !vfs_objects[0]) {
             if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
                 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+    /*
+      * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+      * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+      * This workaround is freebsd-specific.
+      */
+            } else if (pathconf(get_dyn_STATEDIR(), _PC_ACL_NFS4) == 1){
+                lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
             } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
                 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
             } else {
__EOF__
Am I doing the right thing? Or is the patch installed differently?
 
Where is this text concerning the patch from?

You install a patch by:
patch < /usr/ports/net/samba411/files/patch-bfs-provisioning

But why are you doing this manually? Why isn't the make taking care of it? The patch you show above is in samba's files/ directory so make will use it to patch.
 
I entered another command :
Code: 
root@DC1:~ # samba-tool domain provision --domain=domenfo --host-name=DC1 --host-ip=192.168.10.10 --use-rfc2307 --realm=domenfo.local --server-role=dc --dns-backend=BIND9_DLZ --adminpass=******** --use-ntvfs

Conclusion:
Code: 
INFO 2020-05-13 16:12:02,127 pid:66735 /usr/local/lib/python3.7/site-packages/samba/netcmd/domain.py #497: You are not root or your system does not support xattr, using tdb backend for attributes.
INFO 2020-05-13 16:12:02,128 pid:66735 /usr/local/lib/python3.7/site-packages/samba/netcmd/domain.py #502: not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.
INFO 2020-05-13 16:12:02,134 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2153: Looking up IPv6 addresses
WARNING 2020-05-13 16:12:02,134 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2160: No IPv6 address will be assigned
INFO 2020-05-13 16:12:02,588 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2331: Setting up secrets.ldb
INFO 2020-05-13 16:12:02,598 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2337: Setting up the registry
INFO 2020-05-13 16:12:02,607 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2340: Setting up the privileges database
INFO 2020-05-13 16:12:02,624 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2343: Setting up idmap db
INFO 2020-05-13 16:12:02,636 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2350: Setting up SAM db
INFO 2020-05-13 16:12:02,641 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #898: Setting up sam.ldb partitions and settings
INFO 2020-05-13 16:12:02,642 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #910: Setting up sam.ldb rootDSE
INFO 2020-05-13 16:12:02,644 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1339: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-05-13 16:12:02,662 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1417: Adding DomainDN: DC=domenfo,DC=local
INFO 2020-05-13 16:12:02,669 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1449: Adding configuration container
INFO 2020-05-13 16:12:02,676 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1464: Setting up sam.ldb schema
INFO 2020-05-13 16:12:05,185 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1482: Setting up sam.ldb configuration data
INFO 2020-05-13 16:12:05,309 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1523: Setting up display specifiers
INFO 2020-05-13 16:12:06,854 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1531: Modifying display specifiers and extended rights
INFO 2020-05-13 16:12:06,881 pid:66735 /usr/local/lib/python3.7/site-packages/sa
mba/provision/__init__.py #1538: Adding users container
INFO 2020-05-13 16:12:06,882 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1544: Modifying users container
INFO 2020-05-13 16:12:06,883 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1547: Adding computers container
INFO 2020-05-13 16:12:06,884 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1553: Modifying computers container
INFO 2020-05-13 16:12:06,885 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1557: Setting up sam.ldb data
INFO 2020-05-13 16:12:06,997 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1587: Setting up well known security principals
INFO 2020-05-13 16:12:07,027 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1601: Setting up sam.ldb users and groups
INFO 2020-05-13 16:12:07,211 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #1609: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-DFSR-StagingCleanupTriggerInPercent,CN=Schema,CN=Configuration,DC=domenfo,DC=local)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=sitesContainer-Display,CN=415,CN=DisplaySpecifiers,CN=Configuration,DC=domenfo,DC=local)
Repacking database from v1 to v2 format (first record CN=PSPs,CN=System,DC=domenfo,DC=local)
INFO 2020-05-13 16:12:07,738 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1140: Adding DNS accounts
INFO 2020-05-13 16:12:07,748 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1174: Creating CN=MicrosoftDNS,CN=System,DC=domenfo,DC=local
INFO 2020-05-13 16:12:07,763 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1187: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-05-13 16:12:07,791 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1192: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=dc1,DC=domenfo.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domenfo,DC=local)
Repacking database from v1 to v2 format (first record DC=ForestDnsZones,DC=domenfo,DC=local)
INFO 2020-05-13 16:12:08,575 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1274: See /var/db/samba4/bind-dns/named.conf for an example configuration include file for BIND
INFO 2020-05-13 16:12:08,578 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/sambadns.py #1276: and /var/db/samba4/bind-dns/named.txt for further documentation required for secure DNS updates
INFO 2020-05-13 16:12:08,837 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2040: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-05-13 16:12:08,842 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2045: Fixing provision GUIDs
INFO 2020-05-13 16:12:09,989 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2406: A Kerberos configuration suitable for Samba AD has been generated at /var/db/samba4/private/krb5.conf
INFO 2020-05-13 16:12:09,989 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2407: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-05-13 16:12:10,052 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #2110: Setting up fake yp server settings
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #491: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #495: Server Role:           active directory domain controller
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #496: Hostname:              DC1
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #497: NetBIOS Domain:        DOMENFO
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #498: DNS Domain:            domenfo.local
INFO 2020-05-13 16:12:10,105 pid:66735 /usr/local/lib/python3.7/site-packages/samba/provision/__init__.py #499: DOMAIN SID:            S-1-5-21-2250669394-40055203-283216443
root@DC1:~ #

Team output:
Code: 
root@DC1:~ # smbclient -L localhost -U%

        Sharename       Type      Comment
        ---------       ----      -------
        sysvol          Disk
        netlogon        Disk
        IPC$            IPC       IPC Service (Samba 4.11.8)
SMB1 disabled -- no workgroup available

log.samba
Code: 
  samba version 4.11.8 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2020/05/13 16:03:49.266145,  0] ../../lib/util/pidfile.c:197(pidfile_create)
  ERROR: samba is already running. File /var/run/samba4/samba.pid exists and process id 66553 is running.
[2020/05/13 16:09:48.837732,  0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
  dnsupdate_nameupdate_done: Failed DNS update with exit code 7

Why may be SMB1 disabled?

P.S.
Code: 
Where is this text concerning the patch from?
This text https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239105
(Comment47)
 
First off, you're side-tracking the questions with more questions.


How about focusing on one thing at a time and solving that?

1. Did you run samba-tool domain provision as root?
2. SMB1 is bad. Why would it be enabled? If you really need to enable it, I think it's client min protocol = NT1 in smb4.conf

3. Ok, reading the bug report for your patch makes it obvious this is still an ongoing issue.
Anyway, just place it in a file (let's call it my.patch) and then sh my.patch. This will create the patch. Then go into /usr/ports/net/samba411 and make patch. What's the result?

HOWEVER

You have a major problem. You're attempting to patch 411 with a patch written for 410. Now, unless the code has not change at all, the patch will always fail.

The alternative is to edit the source in work directly, changing the appropriate lines of code as per the patch.
 
Thanks Mark_j for help
My SAMBA Domen works ... I managed to enter into the domain from computer Windows 10. I will continue to study SAMBA and control via RSAT

Conclusion:
The option with the team worked ...
Code: 
root@DC1:~ # samba-tool domain provision --domain=domenfo --host-name=DC1 --host-ip=192.168.10.10 --use-rfc2307 --realm=domenfo.local --server-role=dc --dns-backend=BIND9_DLZ --adminpass=******** --use-ntvfs

It turns out the problem fset_nt_acl is no longer relevant to me
 
You must log in or register to reply here.
Back
Top