ZFS zfs features for samba

OS 12.1p4

I have an iocage jail running samba-4.10. I am trying to sync the sysvol from another DC to it. When I run rsync I get these errors.
Code:
rsync -XAavz --delete-after --rsh='ssh' [192.168.8.65]:/var/db/samba4/sysvol  /var/db/samba4
!!Warning!! -    Any deliberate attempt to access this resource without
                legitimate authorization is a criminal offence
                (R.S.C. 1985, c. C-46 - Section 342.1).
receiving file list ... done
rsync: set_acl: sys_acl_set_file(sysvol, ACL_TYPE_ACCESS): Invalid argument (22)
rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca, ACL_TYPE_ACCESS): Invalid argument (22)
rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca/Policies, ACL_TYPE_ACCESS): Invalid argument (22)
sysvol/

It is suggested on the samba mailing list that perhaps ACLs are not enabled. These are the settings on the host:
Code:
zpool get all
NAME   PROPERTY                       VALUE                          SOURCE
zroot  size                           920G                           -
zroot  capacity                       39%                            -
zroot  altroot                        -                              default
zroot  health                         ONLINE                         -
zroot  guid                           9103928625350996428            default
zroot  version                        -                              default
zroot  bootfs                         zroot/ROOT/default             local
zroot  delegation                     on                             default
zroot  autoreplace                    off                            default
zroot  cachefile                      -                              default
zroot  failmode                       wait                           default
zroot  listsnapshots                  off                            default
zroot  autoexpand                     off                            default
zroot  dedupditto                     0                              default
zroot  dedupratio                     1.00x                          -
zroot  free                           554G                           -
zroot  allocated                      366G                           -
zroot  readonly                       off                            -
zroot  comment                        -                              default
zroot  expandsize                     -                              -
zroot  freeing                        0                              default
zroot  fragmentation                  34%                            -
zroot  leaked                         0                              default
zroot  bootsize                       -                              default
zroot  checkpoint                     -                              -
zroot  feature@async_destroy          enabled                        local
zroot  feature@empty_bpobj            active                         local
zroot  feature@lz4_compress           active                         local
zroot  feature@multi_vdev_crash_dump  enabled                        local
zroot  feature@spacemap_histogram     active                         local
zroot  feature@enabled_txg            active                         local
zroot  feature@hole_birth             active                         local
zroot  feature@extensible_dataset     enabled                        local
zroot  feature@embedded_data          active                         local
zroot  feature@bookmarks              enabled                        local
zroot  feature@filesystem_limits      enabled                        local
zroot  feature@large_blocks           enabled                        local
zroot  feature@large_dnode            disabled                       local
zroot  feature@sha512                 enabled                        local
zroot  feature@skein                  enabled                        local
zroot  feature@device_removal         disabled                       local
zroot  feature@obsolete_counts        disabled                       local
zroot  feature@zpool_checkpoint       disabled                       local
zroot  feature@spacemap_v2            disabled                       local

I do not see anything that looks like ACL. Are ACLs enabled in zfs anyway. Or is there a feature setting that I am missing?
 
The issue is not about setting the correct acls on a samba_server running as a DC. The issue is why rsync is not copying the existing acls from one samba_server DC instance to another joined as a DC. Setting acls on a DC has, for me in the past, always involved setting them manually from a MS-Win workstation using RSAT. Once they are set on the DC, which they are, then they should be transferable using rsync. My question is why rsync is not doing this. As far as I can determine there are no other settings respecting zfs acls than these:

Code:
zfs get all zroot/iocage/jails/samba-02/root | grep acl
zroot/iocage/jails/samba-02/root  aclmode                 passthrough                                           inherited from zroot/iocage/jails
zroot/iocage/jails/samba-02/root  aclinherit              passthrough                                           inherited from zroot/iocage/jails

And these should suffice.

The question remains: is there an option for rsync that I am missing which prevents the errors that I am seeing during the transfer of sysvol?
 
A related question: What settings does an iocage jail require to support acl's on zfs, if any?
 
how are you mouning this in iocage? I have a similar setup with smb/sftp .. all that was required was to make dataset ie zroot/ftp configure the smb as normal.

then in iocage
iocage exec JAIL mkdir /media/ftp
iocage fstab -a FQDNOFJAIL zroot/ftp /media/ftp nullfs rw 0 0

then as long as you samba is configured permission wise should work.

the errors your getting appear to be related to an issue with older versions of rsync (where it basically does not see all of the permissions properly) .. so I would upgrade the client and server versions first..
 
The rsync version on both hosts is rsync version 3.1.3 protocol version 31.

Code:
SAMBA-01]# rsync --version
rsync  version 3.1.3  protocol version 31
Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
    64-bit files, 32-bit inums, 64-bit timestamps, 64-bit long ints,
    socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
    append, ACLs, xattrs, iconv, symtimes, no prealloc, file-flags

Code:
samba-02]# rsync --version
rsync  version 3.1.3  protocol version 31
Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
    64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
    socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
    append, ACLs, xattrs, iconv, symtimes, no prealloc, file-flags

I was unaware of iocage's fstab command and never thought to look for it on a zfs jail.
 
yeah works great..

I did up a few related how to's .. just skip to step III of this one https://forums.freebsd.org/threads/jailed-plex-server-with-iocage.73794/
replace plex with smb and the shared video directories would be your smb mounts as datasets.

win win.. easily share with smb and gain all the power of zfs under the hood..

In my case I have a smb share called backup .. access is just an ad permission .. so as far as the users are conserned its a normal windows volume .. and becasue it runs on zfs a simple 1 liner cron tab does all my snapshotting and zfs send to replicate the entire thing to tarsnap .. super easy, super awesome..

have fun!
 
However, I am perplexed as to how this applies to my situation. My difficulty is that the Windows ACLs are not transferred from one FreeBSD systom installed on a UFS, to another FreeBSD system installed on ZFS. How does this address that? Excuse my ignorance but I do not see the relationship. Does one use something like iocage fstab -a <jailname> zroot/jails/<jailname> /var/samba4 nullfs rw 0 0? How are the ACLs handled?
 
Windows ACLs are not transferred from one FreeBSD systom installed on a UFS, to another FreeBSD system installed on ZFS

ok well thats really kind of important to mention.. try modifying your rsync command .. what happens if you remove -A .. or specifically set user/group permissions (to a user that exisist on the jail).. or remove permissions or set it to --nobody? once you figure out what works and what doesnt you can compaire the files and see whats getting going on.

try changing your command to include more verbosity ( one v is very basic)
-v -v -v or (-vvv) or adding --verbose .. you could also include --debug or --log-file=/tmp/rlog

ie:
stat file

another proof of concept would be to create and pass a zvol to the jail, then create a ufs file system on it and prove that that works.
 
Thank you. The existing UFS based Samba Server runs in a BHyve vm on top of ZFS.

Varying the options on rsync makes no detectable difference. The error is:
Code:
rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca, ACL_TYPE_ACCESS): Invalid argument (22)

I have likewise tried to transfer sysvol using tar --acls, and gtar. However, nothing seems to handle the ACL_TYPE_ACCESS value being passed.
 
better question.. is any file been written at all?

You may also want to replicate your jail and try upgrading samaba to 4.12.3 as 4.10 is over a year old.
try creating a new share thats wide open in the new jail.
if the original samba host is a formated ufs on zfs .. do you get the same result if you use zfs send/recieve from the host?

tbh what your posting sounds more like a program/configuration error.. than a zfs file system error.. that rsync error seems to indicate its erroring out before any file is written.
 
All the files, that I can identify, are written. The files just do not display the Samab DC access permissions and users.
 
As for upgrading samba to a later version. It was only last week that I obtained a version of samba410 that did not need to be patched in order to provision a domain. I have no idea if samba411 can provision on zfs or not. And 412 is not even in the ports repository much less packages.
 
Back
Top