That’s fine by me. I was thinking along the same lines. Ian McWilliam
> On 24 Apr 2021, at 10:47, Jeremie Courreges-Anglas <j...@wxcvbn.org> wrote: > > > The AD DC support has been suffering from a crash since a long time > already (maybe 2018). > > samba version 4.9.18 started. > Copyright Andrew Tridgell and the Samba Team 1992-2018 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 9341 (4.9.18) > If you are running a recent Samba version, and if you think this problem is > not yet fixed in the latest versions, please consider reporting this bug, see > https://wiki.samba.org/index.php/Bug_Reporting > =============================================================== > smb_panic_default: PANIC (pid 9341): internal error > BACKTRACE: 11 stack frames: > #0 0x511a7962f55 <log_stack_trace+53> at /usr/local/lib/libsamba-util.so.5.0 > #1 0x511a7962dd4 <smb_panic+164> at /usr/local/lib/libsamba-util.so.5.0 > #2 0x511a7962d45 <smb_panic+21> at /usr/local/lib/libsamba-util.so.5.0 > #3 0x511a7963133 <log_stack_trace+531> at /usr/local/lib/libsamba-util.so.5.0 > #4 0x511a7962d29 <fault_setup+137> at /usr/local/lib/libsamba-util.so.5.0 > #5 0x511a1176005 > #6 0x511db65cd5b <ntvfs_init+171> at /usr/local/lib/samba/libntvfs-samba4.so > #7 0x511f70ff9ef <samba_init_module+47> at /usr/local/lib/samba/service/smb.so > #8 0x51122b68668 <run_init_functions+72> at > /usr/local/lib/samba/libsamba-modules-samba4.so > #9 0x50efc88fbb2 <???+5561924516786> at samba > #10 0x50efc88ed31 <???+5561924513073> at samba > Abort trap (core dumped) > > If I'm not mistaken I got no report about it, and I'm pretty sure nobody > proposed an analysis or diffs to fix it. So let's drop the AD DC > support that was enabled years ago, when I was working in a samba shop. > It's not like running a DC server on OpenBSD has ever been a good idea > anyway, with the deprecation of the ntvfs server code upstream and our > lack of xattrs/ACLs. > > The next steps would be to figure out how to properly update tdb/talloc > and samba itself to a newer release. > > Sending this for tests and comments. Ian, are you ok with that? > > > Index: Makefile > =================================================================== > --- Makefile.orig > +++ Makefile > @@ -21,16 +21,15 @@ PKG_ARCH-docs = * > LDB_V = 1.4.8 > TEVENT_V = 0.9.37 > > -REVISION-ldb = 3 > -REVISION-main = 3 > -REVISION-tevent = 1 > +REVISION-ldb = 4 > +REVISION-main = 4 > +REVISION-tevent = 2 > > SHARED_LIBS = asn1-samba4 0.0 \ > com_err-samba4 0.0 \ > dcerpc 0.0 \ > dcerpc-binding 2.0 \ > dcerpc-samr 0.0 \ > - dcerpc-server 7.0 \ > gssapi-samba4 0.0 \ > hcrypto-samba4 0.0 \ > hdb-samba4 0.0 \ > @@ -170,7 +169,7 @@ CONFIGURE_ARGS = --enable-fhs \ > --without-acl-support \ > --without-libarchive \ > --disable-rpath \ > - --with-ntvfs-fileserver \ > + --without-ad-dc \ > --without-gpgme \ > --without-ldb-lmdb > > Index: pkg/PLIST-main > =================================================================== > --- pkg/PLIST-main.orig > +++ pkg/PLIST-main > @@ -5,7 +5,6 @@ > @pkgpath net/samba,,-main > @rcscript ${RCDIR}/nmbd > @rcscript ${RCDIR}/samba > -@rcscript ${RCDIR}/samba_ad_dc > @rcscript ${RCDIR}/smbd > @rcscript ${RCDIR}/winbindd > @sample ${SYSCONFDIR}/samba/ > @@ -29,7 +28,6 @@ bin/pidl > @bin bin/regshell > @bin bin/regtree > @bin bin/rpcclient > -bin/samba-tool > @bin bin/sharesec > @bin bin/smbcacls > @bin bin/smbclient > @@ -55,7 +53,6 @@ include/samba-4.0/core/werror.h > include/samba-4.0/core/werror_gen.h > include/samba-4.0/credentials.h > include/samba-4.0/dcerpc.h > -include/samba-4.0/dcerpc_server.h > include/samba-4.0/domain_credentials.h > include/samba-4.0/gen_ndr/ > include/samba-4.0/gen_ndr/atsvc.h > @@ -136,7 +133,6 @@ include/samba-4.0/util_ldb.h > include/samba-4.0/wbclient.h > @lib lib/libdcerpc-binding.so.${LIBdcerpc-binding_VERSION} > @lib lib/libdcerpc-samr.so.${LIBdcerpc-samr_VERSION} > -@lib lib/libdcerpc-server.so.${LIBdcerpc-server_VERSION} > @lib lib/libdcerpc.so.${LIBdcerpc_VERSION} > @lib lib/libndr-krb5pac.so.${LIBndr-krb5pac_VERSION} > @lib lib/libndr-nbt.so.${LIBndr-nbt_VERSION} > @@ -157,7 +153,6 @@ include/samba-4.0/wbclient.h > @lib lib/libwbclient.so.${LIBwbclient_VERSION} > lib/pkgconfig/dcerpc.pc > lib/pkgconfig/dcerpc_samr.pc > -lib/pkgconfig/dcerpc_server.pc > lib/pkgconfig/ndr.pc > lib/pkgconfig/ndr_krb5pac.pc > lib/pkgconfig/ndr_nbt.pc > @@ -229,7 +224,6 @@ lib/python${MODPY_VERSION}/site-packages > @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/winreg.so > @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/wkssvc.so > @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/xattr.so > -@so lib/python${MODPY_VERSION}/site-packages/samba/dckeytab.so > lib/python${MODPY_VERSION}/site-packages/samba/descriptor.py > lib/python${MODPY_VERSION}/site-packages/samba/descriptor.pyc > lib/python${MODPY_VERSION}/site-packages/samba/descriptor.${MODPY_PYOEXTENSION} > @@ -242,8 +236,6 @@ lib/python${MODPY_VERSION}/site-packages > lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.py > lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.pyc > lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.${MODPY_PYOEXTENSION} > -@so lib/python${MODPY_VERSION}/site-packages/samba/dsdb.so > -@so lib/python${MODPY_VERSION}/site-packages/samba/dsdb_dns.so > lib/python${MODPY_VERSION}/site-packages/samba/emulate/ > lib/python${MODPY_VERSION}/site-packages/samba/emulate/__init__.py > lib/python${MODPY_VERSION}/site-packages/samba/emulate/__init__.pyc > @@ -953,13 +945,6 @@ lib/python${MODPY_VERSION}/site-packages > @so lib/python${MODPY_VERSION}/site-packages/samba/xattr_tdb.so > lib/samba/auth/ > @so lib/samba/auth/script.so > -lib/samba/bind9/ > -@so lib/samba/bind9/dlz_bind9.so > -@so lib/samba/bind9/dlz_bind9_10.so > -@so lib/samba/bind9/dlz_bind9_11.so > -@so lib/samba/bind9/dlz_bind9_9.so > -lib/samba/gensec/ > -@so lib/samba/gensec/krb5.so > lib/samba/idmap/ > @so lib/samba/idmap/ad.so > @so lib/samba/idmap/autorid.so > @@ -970,56 +955,9 @@ lib/samba/idmap/ > @so lib/samba/idmap/tdb2.so > lib/samba/krb5/ > @so lib/samba/krb5/winbind_krb5_locator.so > -@so lib/samba/ldb/acl.so > -@so lib/samba/ldb/aclread.so > -@so lib/samba/ldb/anr.so > -@so lib/samba/ldb/audit_log.so > -@so lib/samba/ldb/descriptor.so > -@so lib/samba/ldb/dirsync.so > -@so lib/samba/ldb/dns_notify.so > -@so lib/samba/ldb/dsdb_notification.so > -@so lib/samba/ldb/encrypted_secrets.so > -@so lib/samba/ldb/extended_dn_in.so > -@so lib/samba/ldb/extended_dn_out.so > -@so lib/samba/ldb/extended_dn_store.so > -@so lib/samba/ldb/group_audit_log.so > @so lib/samba/ldb/ildap.so > -@so lib/samba/ldb/instancetype.so > -@so lib/samba/ldb/lazy_commit.so > @so lib/samba/ldb/ldbsamba_extensions.so > -@so lib/samba/ldb/linked_attributes.so > -@so lib/samba/ldb/local_password.so > -@so lib/samba/ldb/new_partition.so > -@so lib/samba/ldb/objectclass.so > -@so lib/samba/ldb/objectclass_attrs.so > -@so lib/samba/ldb/objectguid.so > -@so lib/samba/ldb/operational.so > -@so lib/samba/ldb/partition.so > -@so lib/samba/ldb/password_hash.so > -@so lib/samba/ldb/ranged_results.so > -@so lib/samba/ldb/repl_meta_data.so > -@so lib/samba/ldb/resolve_oids.so > -@so lib/samba/ldb/rootdse.so > -@so lib/samba/ldb/samba3sam.so > -@so lib/samba/ldb/samba3sid.so > -@so lib/samba/ldb/samba_dsdb.so > -@so lib/samba/ldb/samba_secrets.so > -@so lib/samba/ldb/samldb.so > -@so lib/samba/ldb/schema_data.so > -@so lib/samba/ldb/schema_load.so > -@so lib/samba/ldb/secrets_tdb_sync.so > -@so lib/samba/ldb/show_deleted.so > -@so lib/samba/ldb/simple_dn.so > -@so lib/samba/ldb/simple_ldap_map.so > -@so lib/samba/ldb/subtree_delete.so > -@so lib/samba/ldb/subtree_rename.so > -@so lib/samba/ldb/tombstone_reanimate.so > -@so lib/samba/ldb/unique_object_sids.so > -@so lib/samba/ldb/update_keytab.so > -@so lib/samba/ldb/vlv.so > -@so lib/samba/ldb/wins_ldb.so > @so lib/samba/libCHARSET3-samba4.so > -@so lib/samba/libHDB-SAMBA4-samba4.so > @so lib/samba/libLIBWBCLIENT-OLD-samba4.so > @so lib/samba/libMESSAGING-SEND-samba4.so > @so lib/samba/libMESSAGING-samba4.so > @@ -1043,14 +981,9 @@ lib/samba/krb5/ > @so lib/samba/libcmdline-credentials-samba4.so > @lib lib/samba/libcom_err-samba4.so.${LIBcom_err-samba4_VERSION} > @so lib/samba/libcommon-auth-samba4.so > -@so lib/samba/libdb-glue-samba4.so > @so lib/samba/libdbwrap-samba4.so > @so lib/samba/libdcerpc-samba-samba4.so > @so lib/samba/libdcerpc-samba4.so > -@so lib/samba/libdfs-server-ad-samba4.so > -@so lib/samba/libdlz-bind9-for-torture-samba4.so > -@so lib/samba/libdnsserver-common-samba4.so > -@so lib/samba/libdsdb-garbage-collect-tombstones-samba4.so > @so lib/samba/libdsdb-module-samba4.so > @so lib/samba/libevents-samba4.so > @so lib/samba/libflag-mapping-samba4.so > @@ -1086,13 +1019,10 @@ lib/samba/krb5/ > @so lib/samba/libnon-posix-acls-samba4.so > @so lib/samba/libnpa-tstream-samba4.so > @so lib/samba/libnss-info-samba4.so > -@so lib/samba/libntvfs-samba4.so > -@so lib/samba/libpac-samba4.so > @so lib/samba/libpopt-samba3-cmdline-samba4.so > @so lib/samba/libpopt-samba3-samba4.so > @so lib/samba/libposix-eadb-samba4.so > @so lib/samba/libprinting-migrate-samba4.so > -@so lib/samba/libprocess-model-samba4.so > @so lib/samba/libregistry-samba4.so > @lib lib/samba/libroken-samba4.so.${LIBroken-samba4_VERSION} > @so lib/samba/libsamba-cluster-support-samba4.so > @@ -1104,11 +1034,9 @@ lib/samba/krb5/ > @so lib/samba/libsamba-sockets-samba4.so > @so lib/samba/libsamba3-util-samba4.so > @so lib/samba/libsamdb-common-samba4.so > -@so lib/samba/libscavenge-dns-records-samba4.so > @so lib/samba/libsecrets3-samba4.so > @so lib/samba/libserver-id-db-samba4.so > @so lib/samba/libserver-role-samba4.so > -@so lib/samba/libservice-samba4.so > @so lib/samba/libshares-samba4.so > @so lib/samba/libsmb-transport-samba4.so > @so lib/samba/libsmbclient-raw-samba4.so > @@ -1135,25 +1063,6 @@ lib/samba/nss_info/ > @so lib/samba/nss_info/rfc2307.so > @so lib/samba/nss_info/sfu.so > @so lib/samba/nss_info/sfu20.so > -lib/samba/process_model/ > -@so lib/samba/process_model/prefork.so > -@so lib/samba/process_model/standard.so > -lib/samba/service/ > -@so lib/samba/service/cldap.so > -@so lib/samba/service/dcerpc.so > -@so lib/samba/service/dns.so > -@so lib/samba/service/dns_update.so > -@so lib/samba/service/drepl.so > -@so lib/samba/service/kcc.so > -@so lib/samba/service/kdc.so > -@so lib/samba/service/ldap.so > -@so lib/samba/service/nbtd.so > -@so lib/samba/service/ntp_signd.so > -@so lib/samba/service/s3fs.so > -@so lib/samba/service/smb.so > -@so lib/samba/service/web.so > -@so lib/samba/service/winbindd.so > -@so lib/samba/service/wrepl.so > lib/samba/vfs/ > @so lib/samba/vfs/acl_tdb.so > @so lib/samba/vfs/acl_xattr.so > @@ -1175,7 +1084,6 @@ lib/samba/vfs/ > @so lib/samba/vfs/media_harmony.so > @so lib/samba/vfs/netatalk.so > @so lib/samba/vfs/offline.so > -@so lib/samba/vfs/posix_eadb.so > @so lib/samba/vfs/preopen.so > @so lib/samba/vfs/readahead.so > @so lib/samba/vfs/readonly.so > @@ -1345,12 +1253,7 @@ libexec/samba/ > @man man/man8/winbindd.8 > @bin sbin/eventlogadm > @bin sbin/nmbd > -@bin sbin/samba > sbin/samba-gpupdate > -sbin/samba_dnsupdate > -sbin/samba_kcc > -sbin/samba_spnupdate > -sbin/samba_upgradedns > @bin sbin/smbd > @bin sbin/winbindd > share/doc/pkg-readmes/${PKGSTEM} > @@ -1359,118 +1262,6 @@ share/examples/samba/ > share/examples/samba/smb.conf.default > @sample ${SYSCONFDIR}/samba/smb.conf > @comment share/perl5/ > -share/samba/ > -share/samba/setup/ > -share/samba/setup/DB_CONFIG > -share/samba/setup/ad-schema/ > -share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf > -share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf > -share/samba/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf > -share/samba/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf > -share/samba/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf > -share/samba/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf > -share/samba/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf > -share/samba/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf > -share/samba/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt > -share/samba/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt > -share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt > -share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt > -share/samba/setup/ad-schema/licence.txt > -share/samba/setup/adprep/ > -share/samba/setup/adprep/WindowsServerDocs/ > -share/samba/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md > -share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff > -share/samba/setup/adprep/WindowsServerDocs/Sch50.ldf.diff > -share/samba/setup/adprep/WindowsServerDocs/Sch51.ldf.diff > -share/samba/setup/adprep/WindowsServerDocs/Sch57.ldf.diff > -share/samba/setup/adprep/WindowsServerDocs/Sch59.ldf.diff > -share/samba/setup/adprep/WindowsServerDocs/Schema-Updates.md > -share/samba/setup/adprep/fix-forest-rev.ldf > -share/samba/setup/aggregate_schema.ldif > -share/samba/setup/cn=samba.ldif > -share/samba/setup/display-specifiers/ > -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt > -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt > -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt > -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt > -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt > -share/samba/setup/dns_update_list > -share/samba/setup/extended-rights.ldif > -share/samba/setup/fedora-ds-init.ldif > -share/samba/setup/fedorads-dna.ldif > -share/samba/setup/fedorads-index.ldif > -share/samba/setup/fedorads-linked-attributes.ldif > -share/samba/setup/fedorads-pam.ldif > -share/samba/setup/fedorads-partitions.ldif > -share/samba/setup/fedorads-refint-add.ldif > -share/samba/setup/fedorads-refint-delete.ldif > -share/samba/setup/fedorads-samba.ldif > -share/samba/setup/fedorads-sasl.ldif > -share/samba/setup/fedorads.inf > -share/samba/setup/idmap_init.ldif > -share/samba/setup/krb5.conf > -share/samba/setup/memberof.conf > -share/samba/setup/mmr_serverids.conf > -share/samba/setup/mmr_syncrepl.conf > -share/samba/setup/modules.conf > -share/samba/setup/named.conf > -share/samba/setup/named.conf.dlz > -share/samba/setup/named.conf.update > -share/samba/setup/named.txt > -share/samba/setup/olc_mmr.conf > -share/samba/setup/olc_seed.ldif > -share/samba/setup/olc_serverid.conf > -share/samba/setup/olc_syncrepl.conf > -share/samba/setup/olc_syncrepl_seed.conf > -share/samba/setup/prefixMap.txt > -share/samba/setup/provision.ldif > -share/samba/setup/provision.reg > -share/samba/setup/provision.zone > -share/samba/setup/provision_basedn.ldif > -share/samba/setup/provision_basedn_modify.ldif > -share/samba/setup/provision_basedn_options.ldif > -share/samba/setup/provision_basedn_references.ldif > -share/samba/setup/provision_computers_add.ldif > -share/samba/setup/provision_computers_modify.ldif > -share/samba/setup/provision_configuration.ldif > -share/samba/setup/provision_configuration_basedn.ldif > -share/samba/setup/provision_configuration_modify.ldif > -share/samba/setup/provision_configuration_references.ldif > -share/samba/setup/provision_dns_accounts_add.ldif > -share/samba/setup/provision_dns_add_samba.ldif > -share/samba/setup/provision_dnszones_add.ldif > -share/samba/setup/provision_dnszones_modify.ldif > -share/samba/setup/provision_dnszones_partitions.ldif > -share/samba/setup/provision_group_policy.ldif > -share/samba/setup/provision_init.ldif > -share/samba/setup/provision_partitions.ldif > -share/samba/setup/provision_privilege.ldif > -share/samba/setup/provision_rootdse_add.ldif > -share/samba/setup/provision_rootdse_modify.ldif > -share/samba/setup/provision_schema_basedn.ldif > -share/samba/setup/provision_schema_basedn_modify.ldif > -share/samba/setup/provision_self_join.ldif > -share/samba/setup/provision_self_join_config.ldif > -share/samba/setup/provision_self_join_modify.ldif > -share/samba/setup/provision_self_join_modify_config.ldif > -share/samba/setup/provision_self_join_modify_schema.ldif > -share/samba/setup/provision_users.ldif > -share/samba/setup/provision_users_add.ldif > -share/samba/setup/provision_users_modify.ldif > -share/samba/setup/provision_well_known_sec_princ.ldif > -share/samba/setup/refint.conf > -share/samba/setup/schema-map-fedora-ds-1.0 > -share/samba/setup/schema-map-openldap-2.3 > -share/samba/setup/schema_samba4.ldif > -share/samba/setup/secrets.ldif > -share/samba/setup/secrets_dns.ldif > -share/samba/setup/secrets_init.ldif > -share/samba/setup/secrets_sasl_ldap.ldif > -share/samba/setup/secrets_simple_ldap.ldif > -share/samba/setup/share.ldif > -share/samba/setup/slapd.conf > -share/samba/setup/spn_update_list > -share/samba/setup/ypServ30.ldif > @mode 0750 > @sample /var/cache/samba/ > @sample ${SAMBA_LOGDIR}/ > Index: pkg/README-main > =================================================================== > --- pkg/README-main.orig > +++ pkg/README-main > @@ -27,18 +27,3 @@ Winbind on OpenBSD does not support loca > is no nsswitch support. Winbind support is included for external > systems like Dovecot or Squid that are able to use it to authenticate > users. > - > -Nmbd and AD DC mode > -=================== > -Note that nmbd(8) daemon currently doesn't work properly when samba is > -set up as an AD DC controller. > - > -Max open files limit > -==================== > -To use Samba as a domain controller it is advised to bump the values of > -openfiles-max in /etc/login.conf and kern.maxfiles over 16384. If you > -are using /etc/login.conf.db (not usually recommended) then be sure to > -rebuild it. > - > -Don't forget to add the entry kern.maxfiles=16384 to the > -/etc/sysctl.conf file to keep the change across reboots. > Index: pkg/samba_ad_dc.rc > =================================================================== > --- pkg/samba_ad_dc.rc > +++ /dev/null > @@ -1,22 +0,0 @@ > -#!/bin/ksh > -# > -# $OpenBSD: samba_ad_dc.rc,v 1.4 2018/11/30 15:17:31 jca Exp $ > - > -smbcontrol="${TRUEPREFIX}/bin/smbcontrol" > - > -daemon="${TRUEPREFIX}/sbin/samba -D" > - > -. /etc/rc.d/rc.subr > - > -pexp="^samba: root process" > -rc_usercheck=NO > - > -rc_check() { > - ${smbcontrol} samba ping > -} > - > -rc_reload() { > - ${smbcontrol} samba reload-config > -} > - > -rc_cmd $1 > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
