Samba4, zfs, nfsv4 rights problem

waywardnl

Member


Messages: 28

When I install samba4 I provision with:
Code:
samba-tool domain provision –-interactive –-use-ntvfs
I answer the questions:

Code:
Real: BSD05.local
Domain: BSD05.com
dc
SAMBA_INTERNAL
10.30.0.100 (That is my router)
Password
Password
my smb4.conf
Code:
# Global parameters
[global]
        workgroup = BSD05.COM
        realm = BSD05.LOCAL
        netbios name = BSD05
        server role = active directory domain controller
        dns forwarder = 10.30.0.100

        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
[netlogon]
        path = /var/db/samba4/sysvol/bsd05.local/scripts
        read only = No

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No

[tmp]
        comment = Temporary Files
        path = /zdata/tmp
        browseable = Yes
        read only = No
        ea support = Yes
        map archive = No
        map readonly = No
        map system = No
        vfs objects = zfsacl
        nfs4:mode = special
        nfs4:acedup = merge
        nfs4:chown = yes
        zfsacl: acesort = dontcare

# Appz Drive
#
[appz]
        comment = Programma's, Games en dergelijke.
        path = /zdata/Appz
        public = no
        browseable = yes
        read only = no
I have fooled around with the tmp share, nothing seems to help.

I tried to add rights with: setacl(1), this did not work. I have tried to set rights in windows, I can set rights once, but when I have done this I have no rights to change the rights any more, also the user have rights with:
Code:
net rpc rights grant 'Domain_Admins' SeDiskOperatorPrivilege -Uadministrator
The user that tries to change the rights is a member of Domain Admins.

Also I have tried to change the rights with chmod(1), but then I do not have rights anymore in windows to change the share. I have tried to change the rights in windows explorer and in computer management to connect to my server bsd05. Actions --> Connect to other computer. I can connect, see the shares I only get an error 147.

My Questions, do I need to use the ACL, can I just use the chmod(1) like the old days. 1 user, 1 group is good enough

How do I use the ACL (windows ACL) NFSv4 successfully?

Why does windows react so strange to the rights?

I use windows 8.1 for windows and FreeBSD 9.3 and Samba 4.1.9
Any pointers are welcome, I am struggling with for a few days.
 

Attachments

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,684
Messages: 30,622

waywardnl said:
Code:
        vfs objects = zfsacl
        nfs4:mode = special
        nfs4:acedup = merge
        nfs4:chown = yes
        zfsacl: acesort = dontcare
I'd remove these first. After that you should be able to use chmod(1) and chown(1) to set the correct permissions.
 
OP
OP
W

waywardnl

Member


Messages: 28

I have the same problem with Appz, I added these lines after the permissions went wrong. Do I think correct that the users that I use must exist in /etc/group? Or is this a mistake to think of me, or does it not matter at all? I added permissions with setfacl(1). Or does one share affect another share with settings?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,684
Messages: 30,622

Normal UNIX permissions apply, so yes, you need to have users and groups.
 

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

Hi @waywardnl!

There are some things to consider. First of all, your clients, the ones you try to connect to the shares to, are they joined to the domain? If not, you have to be sure to connect with "DOMAIN_NAME\user_name" stanza to make sure you are correctly authenticated.

These are the share settings we use for our domain-joined file servers:
Code:
        vfs objects = zfsacl
        nfs4:acedup = merge
        nfs4:mode = special
        nfs4:chown = yes
        nt acl support = yes
        map acl inherit = yes
        inherit acls = yes
        inherit permissions = yes
        inherit owner = no
        ea support = yes
        store dos attributes = yes
        map hidden = no
        map system = no
        map archive = no
        case sensitive = no
Everything under "map acl inherit" is more or less optional but make it act and feel more like a "normal" windows file server (oxymoron perhaps but, you know...).

Filesystems that are to be shared are also zfs created with -o aclmode=passthrough and -o aclinherit=passthrough.

Can´t say much about your ACL's since you haven´t actually shown them, but you´d need to not only set your ACL for just the top level directory, but for all directories and files for the ACL to have effect. This is common misconception.

One way to set the ACL and propagate it is to use find with -exec:
# find /zdata/tmp -type d -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:fd----:allow {} \;
# find /zdata/tmp -type f -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:------:allow {} \;

I´m assuming here that "DOMAIN_NAME\Administrators" is nestled in through "BUILTIN\Administrators":
# net sam list builtin
Code:
Administrators
Users
# net sam listmem Administrators
Code:
# net sam listmem Administrators
BUILTIN\Administrators has 1 members
 DOMAIN_NAME\Domain Admins
Then you have applied an ACL that allows members (and nestled members) of "BUILTIN\Administrators" access to /zdata/tmp and all files and directories beneath it.

/Sebulon
 
Last edited by a moderator:
OP
OP
W

waywardnl

Member


Messages: 28

I tried the command and i think here could be a problem:

Code:
root@BSD05:/zdata # net sam listmem Administrators
Bad talloc magic value - unknown value
PANIC (pid 36925): Bad talloc magic value - unknown value
BACKTRACE: 2 stack frames:
 #0 0x804c4607c <smb_panic_s3+108> at /usr/local/lib/libsmbconf.so.0
 #1 0x8038247c5 <smb_panic+37> at /usr/local/lib/libsamba-util.so.0
Can not dump core: corepath not set up
root@BSD05:/zdata #
 

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

waywardnl said:
I tried the command and i think here could be a problem:

Code:
root@BSD05:/zdata # net sam listmem Administrators
Bad talloc magic value - unknown value
PANIC (pid 36925): Bad talloc magic value - unknown value
BACKTRACE: 2 stack frames:
 #0 0x804c4607c <smb_panic_s3+108> at /usr/local/lib/libsmbconf.so.0
 #1 0x8038247c5 <smb_panic+37> at /usr/local/lib/libsamba-util.so.0
Can not dump core: corepath not set up
root@BSD05:/zdata #
No, it does so in my SAMBA domain controller as well, I tested that from another member, which works. It´s still not quite consistent, SAMBA, may not ever be:
# net sam listmem "Domain Admins"
Code:
Can only list local group members so far.
Domain Admins is a None
It´s a little different for you in that your storage server is also your domain controller, I myself set up a CentOS virtualization host, just so that I could separate the two completely in it´s own VM :)
But never mind, just replace "BUILTIN\Administrators" in your ACL with another group that SAMBA likes better, like " DOMAIN_NAME\\Domain\ Admins" or create a new group, whatever´s your fancy.

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

I have been testing further, the reason i don't joined, is that it does not work with Windows 8.1 Pro. I have tried to join from windows XP and this works.

But I get the same results with access rights.


With /zdata/tmp I get write access with
Code:
chmod -R 0777 /zdata/tmp
, but with
Code:
chmod -R 0775 /zdata/tmp
I can only look!

This is ACL on /zdata/tmp
Code:
root@BSD05:/home/roland # getfacl /zdata/tmp
# file: /zdata/tmp
# owner: rsync
# group: bewoner
        group:Appz:rwxp--aARWcCos:------:allow
            owner@:rwxp--aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:r-x---a-R-c--s:------:allow
Of course I am logged in with a user that is part of the Appz group

I changed my smb4.conf and I did a provision with the, see picture attachment.

Also I did not do this with every share:
Code:
zfs create /zdata/name00001
Is this neccesary?

How can I join windows 8.1 to the domain?

And what is going wrong with the rights?


This is my smb4.conf right now:
Code:
# Global parameters
[global]
        workgroup = BSD05.COM
        realm = BSD05.LOCAL
        netbios name = BSD05
        server role = active directory domain controller
        dns forwarder = 10.30.0.100
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, br
owser, eventlog6, backupkey, dnsserver, winreg, srvsvc
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/db/samba4/sysvol/bsd05.local/scripts
        read only = No

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No

[tmp]
        path = /zdata/tmp
        read only = no
        browseable = yes
        guest ok = no
        comment = Tijdelijke Bestanden
[Erie]
        path = /zdata/Erie
        read only = no
        browseable = yes
        guest ok = no
        delete readonly = yes

When I use the code you have given me I cannot used BSD05\ (My Domain Controller)

Code:
root@BSD05:/home/roland # find /zdata/tmp -type d -exec setfacl -m group:BSD05\\Appz:rwxpDdaARWcCo-:fd----:allow {} \;
setfacl: malformed ACL: unknown user or group name "BSD05\Appz"
setfacl: group:BSD05\Appz:rwxpDdaARWcCo-:fd----:allow: Invalid argument
setfacl: malformed ACL: unknown user or group name "BSD05\Appz"
setfacl: group:BSD05\Appz:rwxpDdaARWcCo-:fd----:allow: Invalid argument
setfacl: malformed ACL: unknown user or group name "BSD05\Appz"
setfacl: group:BSD05\Appz:rwxpDdaARWcCo-:fd----:allow: Invalid argument
root@BSD05:/home/roland # find /zdata/tmp -type d -exec setfacl -m group:Appz:rwxpDdaARWcCo-:fd----:allow {} \;
I think i get it, i' am local, so BSD05\ is not needed, only from the windows side
I have redone the group Domain Admins

Code:
root@BSD05:/zdata # samba-tool group listmembers 'Domain Admins'
Administrator
root@BSD05:/zdata # samba-tool group addmembers 'Domain Admins' roland,admin
Added members to group Domain Admins
root@BSD05:/zdata # net rpc rights grant 'Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Enter administrator's password:
Successfully granted rights.
root@BSD05:/zdata # samba-tool group listmembers 'Domain Admins'
Administrator
roland
admin
root@BSD05:/zdata #
 

Attachments

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

waywardnl said:
I have been testing further, the reason i don't joined, is that it does not work with Windows 8.1 Pro. I have tried to join from windows XP and this works.

...

How can I join windows 8.1 to the domain?
You have to configure the client to use the domain controller as DNS. On the 8.1 client, edit the network settings to enter the IP address to "bsd05" in the DNS field.

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

Did that and I can join, but I get an error:
Code:
samba[1720] NTLMSSP NTLM2 packet check failed due to invalid signature!
But Windows 8.1 is joined, why did I do this with Windows XP? and not with Windows 8.1?
 
OP
OP
W

waywardnl

Member


Messages: 28

waywardnl said:
Did that and i can join, but i get an error:
Code:
samba[1720] NTLMSSP NTLM2 packet check failed due to invalid signature!
[user]But windows 8.1 is joined, why did i do this with windows xp? and not with windows 8.1?[/user]

Yes, I can log in with BSD05/admin ;-) I am gonna going to test if the ACL rights finally work the way I expect.
 
OP
OP
W

waywardnl

Member


Messages: 28

Can´t say much about your ACL's since you haven´t actually shown them, but you´d need to not only set your ACL for just the top level directory, but for all directories and files for the ACL to have effect. This is common misconception.

One way to set the ACL and propagate it is to use find with -exec:
# find /zdata/tmp -type d -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:fd----:allow {} \;
# find /zdata/tmp -type f -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:------:allow {} \;
I cannot use BUILTIN, is this necessarry?

I now am setting the rights for Domain admins
 
OP
OP
W

waywardnl

Member


Messages: 28

So I can join, i can add extra groups, and when i do, i do not see the name of the group in Windows.

I did manage to add groups to:
Code:
 # find /zdata/tmp -type d -exec setfacl -m group:'Domain Admins:rwxpDdaARWcCo-:fd----:allow {} \;
# find /zdata/tmp -type f -exec setfacl -m group:Domain Admins:rwxpDdaARWcCo-:------:allow {} \;
When I add Administrator to all directories and files in ZFS container zdata I can access them with Administrator.

When I add groups it seems to work also, but I cannot see the group name in the Windows security tab under administrator or a domain adminitsrators account. All I see are numbers.

When I change diretcories I get errors like
Code:
samba[61187] make connection: couldn't find service "A directory on zdata"
A little background, when I made the ZFS pool, I did a copy over NFS with the command:
Code:
cp -rpnv * /zdata
8 TB went by and I was happy, but how can I share?

So how do I go about this? Is it naming, wich ISO mode do I use, how do I use it? In Samba 3.4 I never had this problem.

This is a dump of two directories:
Code:
# file: /zdata/Appz/Windows
# owner: rsync
# group: Appz
group:BSD05.COM\Appz:rwxpDdaARWcCo-:fd----:allow
        group:Appz:rwxpDdaARWcCo-:fd----:allow
         user:root:rwxpDdaARWcCo-:fd----:allow
group:BSD05.COM\Domain Admins:rwxpDdaARWcCo-:fd----:allow
            owner@:rwxp--aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:------a-R-c--s:------:allow
root@BSD05:/zdata # getfacl /zdata/Appz/Apparaten/
# file: /zdata/Appz/Apparaten/
# owner: rsync
# group: Appz
group:BSD05.COM\Appz:rwxpDdaARWcCo-:fd----:allow
        group:Appz:rwxpDdaARWcCo-:fd----:allow
         user:root:rwxpDdaARWcCo-:fd----:allow
group:BSD05.COM\Domain Admins:rwxpDdaARWcCo-:fd----:allow
            owner@:rwxp--aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:------a-R-c--s:------:allow
root@BSD05:/zdata #
Windows does not work, Apparaten does work in Windows Xp and Windows 8.1


I copied a directory that gave the error:
Code:
NT_STATUS_OBJECT_NAME_NOT_FOUND
Did add the group again and there was no problem:
Code:
root@BSD05:/zdata/Appz/Apparaten # ls
Android		Fiat_Panda	Nintendo DS	Router		Sitecom-router	TomTom		Windows		Xbox360
root@BSD05:/zdata/Appz/Apparaten # cp -rv /zdata/Appz/Apparaten/Android/ /zdata/Appz/Apparaten/Android.2
/zdata/Appz/Apparaten/Android/ -> /zdata/Appz/Apparaten/Android.2
/zdata/Appz/Apparaten/Android/Firefox_19.0.apk -> /zdata/Appz/Apparaten/Android.2/Firefox_19.0.apk
root@BSD05:/zdata/Appz/Apparaten # cd Android
root@BSD05:/zdata/Appz/Apparaten/Android # ls
Firefox_19.0.apk
root@BSD05:/zdata/Appz/Apparaten/Android # cd ..
root@BSD05:/zdata/Appz/Apparaten # ls -ilsa
total 483
  589186  19 drwxrwx---+ 11 rsync  Appz   11 Sep  6 21:27 .
  428381  56 drwxrwx---+ 11 rsync  Appz   16 Sep  5 19:54 ..
  589190  19 drwxrwx---+  2 rsync  Appz    3 Apr 21  2013 Android
15269898  19 drwxrwx---+  2 root   Appz    3 Sep  6 21:27 Android.2
  614663  19 drwxrwx---+  3 rsync  Appz    6 Sep  1  2009 Fiat_Panda
  614706 257 drwxrwx---+  6 rsync  Appz  569 Mar 10  2012 Nintendo DS
  589187  19 drwxrwx---+  2 rsync  Appz    4 Oct 18  2011 Router
  614704  19 drwxrwx---+  2 rsync  Appz    3 Dec 26  2011 Sitecom-router
  615759  19 drwxrwx---+  3 rsync  Appz    3 Jul 14  2013 TomTom
  589192  19 drwxrwx---+  7 rsync  Appz    7 Jul  6  2011 Windows
  614700  19 drwxrwx---+  3 rsync  Appz    3 Dec 16  2006 Xbox360
root@BSD05:/zdata/Appz/Apparaten # find /zdata/Appz/Apparaten/Android.2 -type d -exec setfacl -m group:Appz:rwxpDdaARWcCo-:fd----:allow {} \;
root@BSD05:/zdata/Appz/Apparaten # find /zdata/Appz/Apparaten/Android.2 -type f -exec setfacl -m group:Appz:rwxpDdaARWcCo-:------:allow {} \;
root@BSD05:/zdata/Appz/Apparaten #
I can access it, is there anything corrupt, how can I check ACL tables (is it called like this?) in ZFS?
 

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

waywardnl said:
Did that and I can join, but I get an error:
Code:
samba[1720] NTLMSSP NTLM2 packet check failed due to invalid signature!
But Windows 8.1 is joined, why did I do this with Windows XP? and not with Windows 8.1?
Well, simply because XP is older (EOL) and less demanding; didn´t use NTLMv2, as far as i remember. You have to enter at least "forward" names for all clients on the network in the domain controller´s DNS for NTLMv2 authentication to work (I think).

waywardnl said:
So I can join, i can add extra groups, and when i do, i do not see the name of the group in Windows.

...

When I add groups it seems to work also, but I cannot see the group name in the Windows security tab under administrator or a domain adminitsrators account. All I see are numbers.

When I change diretcories I get errors like
Code:
samba[61187] make connection: couldn't find service "A directory on zdata"
I´ve already told you what options you need in your [shares], have you added them?
https://forums.freebsd.org/posting.php?mode=quote&f=43&p=267574#pr267505

I strongly advise you to download and install Remote Systems Administration Tools (RSAT) for Windows. It makes administering domains so much easier than doing it all though CLI:
http://www.microsoft.com/en-us/download/details.aspx?id=39296

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

No I did not, I use the FreeBSD server as domain controller, where my clients connect to, So this server is not joined with another domain, we are speaking about:

Code:
            vfs objects = zfsacl
            nfs4:acedup = merge
            nfs4:mode = special
            nfs4:chown = yes
            nt acl support = yes
            map acl inherit = yes
            inherit acls = yes
            inherit permissions = yes
            inherit owner = no
            ea support = yes
            store dos attributes = yes
            map hidden = no
            map system = no
            map archive = no
            case sensitive = no
So does these apply to me too?

I will install the Windows things.


Also I found out that when you chmod(), you have to apply setfacl() again.
 

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

waywardnl said:
No I did not, I use the FreeBSD server as domain controller, where my clients connect to, So this server is not joined with another domain, we are speaking about:
Yes, and those clients, the Windows 8.1 and Windows XP needs to be registered in your domain controller´s DNS for NTLMv2 authentication to work.

waywardnl said:
So does these apply to me too?
Yes.

waywardnl said:
Also I found out that when you chmod(), you have to apply setfacl() again.
You can prevent that by changing the aclmode and aclinherit options of those filesystems, like I showed you how to create new ones, you can also change options for existing ones like:
# zfs set -o <option>=<value> <filesystem>

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

First of all thank you for clearing that up!

I have done these settings on ZFS:
Code:
root@BSD05:/home/roland # zfs set aclmode=passthrough zdata
root@BSD05:/home/roland # zfs set aclinherit=passthrough zdata
And did this again:
Code:
 # find /zdata/tmp -type d -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:fd----:allow {} \;
# find /zdata/tmp -type f -exec setfacl -m group:BUILTIN\\administrators:rwxpDdaARWcCo-:------:allow {} \;
Added this to the shares inside smb4.conf:

Code:
vfs objects = zfsacl
            nfs4:acedup = merge
            nfs4:mode = special
            nfs4:chown = yes
            nt acl support = yes
            map acl inherit = yes
            inherit acls = yes
            inherit permissions = yes
            inherit owner = no
            ea support = yes
            store dos attributes = yes
            map hidden = no
            map system = no
And I am testing.
 
OP
OP
W

waywardnl

Member


Messages: 28

I am getting the same problem, some directories cannot be accessed within Appz. And I still don't see usernames/groups in Windows. With getfacl I get the right information. Does anyone have the same problem? Or are there some other pointers?
 

Sebulon

Aspiring Daemon

Reaction score: 128
Messages: 709

waywardnl said:
I am getting the same problem, some directories cannot be accessed within Appz. And I still don't see usernames/groups in Windows. With getfacl I get the right information. Does anyone have the same problem? Or are there some other pointers?
Please show entire "/usr/local/etc/smb4.conf" and output of:
# samba-tool group list
# getfacl /zdata/Appz

And probably (I don´t know, you haven´t shown zfs list, but):
# for i in aclmode aclinherit; do zfs get -H $i zdata/Appz; done

/Sebulon
 
OP
OP
W

waywardnl

Member


Messages: 28

Little bit more history, when I was installing FreeBSD I had created the ZFS pool, I did something stupid. So I started to reinstall, imported the ZFS pool and worked on that. Then I have read some things about inherit in aclmode() and set it up, then I used [man=]setfacl[/man] and I think I messed it up really good with all that experimental.

Now I have set it up again and started to copy. I complete ignore all the FreeBSD commands, I have set up ZFS:

Code:
root@BSD05:/zdata # zfs set aclinherit=passthrough zdata/Special
root@BSD05:/zdata # zfs set aclmode=passthrough zdata/Special
and went straight to my Windows 8.1 and setup domain admins as full rights through Windows and now I see the name's instead of the PID numbers. I got a good feeling about this.

Because it is so much data (8 terabyte) the rights are not fast to apply. But I will set up a virtual machine so i can shutdown my laptop and let my server do his stuff.

Also I have found an interesting one:
Code:
zfs create -o casesensitivity=insensitive zdata/Special
Case sensitivity is not imported for MS, so I figured I use this one.
https://lists.samba.org/archive/samba-technical/2014-February/098084.html


Interesting is that when I wanted to add attributes to zdata and all the directories underneath it, it would go through all the files. So now I have set all shares up in separate ZFS containers. Wish me luck.
 
OP
OP
W

waywardnl

Member


Messages: 28

I also found out, that chmod 0777 on the directory's is okay. When you delete the everybody user group from the directory's in your zfs() pool, that only the one that are in the correct groups have access to that directory.

Don't know if this is normal, but I can live with this.


Moving on, and I will keep you posted.
 
OP
OP
W

waywardnl

Member


Messages: 28

I think I got the root source of all these problems. My OS partition is running on a Mirror, one of the hard disks seem to have problems a lot of the time. Because it was a mirror setup the problems would be corrected by my controller. But finally the failing hard drive gave in:

Code:
2014/9/14 17:58:0 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0bae00 sectors 0x80 .
	2014/9/14 17:58:0 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:58:0 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0ba780 sectors 0x80 .
	2014/9/14 17:58:0 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:58:0 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0ba080 sectors 0x80 .
	2014/9/14 17:57:0 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:56:56 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b9980 sectors 0x80 .
	2014/9/14 17:56:56 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:56:26 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b8a80 sectors 0x80 .
	2014/9/14 17:56:26 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:56:26 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b7600 sectors 0x80 .
	2014/9/14 17:56:19 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:55:50 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b6f00 sectors 0x80 .
	2014/9/14 17:55:50 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:55:20 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b5f80 sectors 0x80 .
	2014/9/14 17:55:20 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:55:20 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b5880 sectors 0x80 .
	2014/9/14 17:55:20 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:55:20 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b5200 sectors 0x80 .
	2014/9/14 17:55:20 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:55:20 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b4b00 sectors 0x80 .
	2014/9/14 17:54:42 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:54:38 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b4400 sectors 0x80 .
	2014/9/14 17:54:38 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:54:8 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b2700 sectors 0x80 .
	2014/9/14 17:54:8 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:54:8 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b2000 sectors 0x80 .
	2014/9/14 17:54:8 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
	2014/9/14 17:54:8 	Successfully repaired bad sector on disk 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11: LBA 0x1d0b1980 sectors 0x80 .
	2014/9/14 17:53:7 	An error occured on the disk at 'SAMSUNG HD103UJ-S13PJDWS222266' at Controller1-Channel11.
So I replaced the failing harddrive and I am starting over again.

The hint for me was: I could not install Windows 7 in my Virtualbox, it stopped while installing and the hard disk indicator of the VirtualBox would stay red. I could only kill the process and then I could start over. RAID is cool, but sometimes you don't see immediately what is wrong.

Moving on!
 

von_Gaden

Active Member

Reaction score: 12
Messages: 122

Sebulon said:
It´s a little different for you in that your storage server is also your domain controller, I myself set up a CentOS virtualization host, just so that I could separate the two completely in it´s own VM :)
/Sebulon
What are the benefits from such separation?
I've noticed an annoying behavior of Samba4 DC - suddenly after its promotion/provision it becomes invisible in the Windows network and may be contacted only via its \\name This should not be normal, but I don't think I've misconfigured something...
For successful provision of Samba4 DC we have to use ntvfs. But it seems that this doesn't support some valuable vfs objects such as recycle...
And one more off-topic complaint: I managed to bring DNS updates to life only via Samba internal DNS, which does not meet my requirements for reliable DNS needed eg. for mail server.
So, is there a way to build Samba4 AD DC with file/storage server, interface/IP limitations and reliable DNS? I'd appreciate any help.
 
OP
OP
W

waywardnl

Member


Messages: 28

No problem, I think it is on topic. I don't know if this will help you, but I noticed with the whole new installation that there is an update of samba and i don't have to make the directory's /var/log/samba4. So maybe this version has a few fixes in it.
 
OP
OP
W

waywardnl

Member


Messages: 28

With my new setup, the new harddisk drive in mij RAID 1 configuration, and the freshly joined windows machines with samba 4(), i had a problem:

sympton:
Loosing connection with BSD05 (My Samba4() configuration). When i was copying under i have gotten errors that the server lost connection. Now i also have a backup server where i' am copying data from. This is Samba 3.6(), here i had the line
Code:
become master = yes
, now i have set this line to
Code:
 no
. This problem is also solved, i dont loose connection anymore. I figured that these two server are fighting to become master and on the way i lost connection :e

In all these years of building a new server with samba(), Copying old data (from the old server) to the new server freebsd() configuration i never had this problem before. So i think i learned something here! :stud If you have two samba servers in your network, point out wich server is going to be the master. So i really did not know exactly how samba operated, i had no problems anyway.

Now i only have one problem left: Sometimes my windows tells me i don't have the right, i press try again and it goes further. I think this has something todo with my 2 samba servers in my network. I will look further and keep you posted with my findings and any input is welcome!

In the mean while copying goes fairly well except the occassionally warning about rights, but i will figure this out too! (Thankyou for the input)

Ohh yeah these errors come back in my log, and i have choosen internal samba and nog named() from bind 9.x():
https://forums.freebsd.org/viewtopic.php?f=43&t=46986&p=268725

So if anyone could give me pointers about this problem?
 
Top