samba-tool ERROR ( Samba 4.8.4 as DC on FreeBSD 11.2 with ZFS )

S

sdf

Hello everyone,

When I set up Samba as an DC, I encountered an error and can't find a solution.

FreeBSD 11.2 with ZFS
Samba 4.8.4 as DC

samba-tool domain provision
Code: 
Realm [EXAMPLE.COM]:
Domain [EXAMPLE]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password:
Retype password:
...

ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local variable 'set_simple_acl' referenced before assignment
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 500, in run
    plaintext_secrets=plaintext_secrets)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2275, in provision
    skip_sysvolacl=skip_sysvolacl)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1891, in provision_fill
    names.domaindn, lp, use_ntvfs)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1622, in setsysvolacl
    set_simple_acl(file.name, 0755, gid)


How to fix this error?
Thanks.
 
I am also currently having this problem with Samba 4.8.

On my setup I have root on ZFS and Samba installed in a jail created with ezjail.

To my knowledge, ACL's are enabled by default on ZFS. I am not sure if this is true of jail environments however, I am researching this at present.

Also, the error appears to be related to that of this bug report, although as can be seen in the report, the stack trace differs. Though the exception is still thrown at the "Setting up self Join" stage.
 
  • Thanks
Reactions: sdf
VisionIncision said:
I am also currently having this problem with Samba 4.8
Click to expand...
Thank you very much.
I temporarily interrupted the test. I didn't modify the inheritance mode of zfs acl as I described in this article, but I don't know if this is the cause of the problem.

https://wiki.freebsd.org/Samba4ZFS
sudo zfs set aclmode=passthrough zroot
sudo zfs set aclinherit=passthrough zroot

Continue testing when I am free and look forward to your good news.
 
I have a temporary workaround. If you build with NTVFS enabled (though it is deprecated) and provision with --use-ntvfs the provision succeeds.

However, I would not recommend this for a production system and would migrate away as soon as possible.
 
The below command should get you going:
Code: 
# samba-tool domain provision --use-rfc2307 --interactive --option="vfs objects"="dfs_samba4 zfsacl"
 
And as expected that you are using ZFS, you need set ACL permission as follows:
Code: 
# zfs set aclmode=passthrough zroot
# zfs set aclinherit=passthrough zroot
 
You must log in or register to reply here.
Back
Top