Done, thanks! christos
> On Jul 27, 2020, at 8:49 PM, Matthias Petermann <m...@petermann-it.de> wrote: > > Hello everyone, > > with the introduction of FFS ACLs Samba can be used as windows domain > controller (DC). The DC needs a directory to persist its policies and scripts > - the so called Sysvol. > > The creation of the Sysvol typically takes place during the domain > provisioning with samba-tool. At the moment, the default Samba4 from pkgsrc > is configured to put Sysvol below /var/run/sysvol. Unfortunately, there is a > critical issue with this location: Everything inside /var/run gets purged as > part of the systems startup sequence. So this means losing all your policies, > ultimately a corruption of the domain controller state at the next reboot. > > Therefore, Sysvol needs to be relocated to a persistent place. > > I checked how this is implemented elsewhere: > > * On Linux systems Sysvol is typically located at /var/lib/samba/sysvol > * On FreeBSD the location is /var/db/samba4/sysvol > > As /var/lib is not mentioned in HIER(7) at all, I guess this is Linux > specific. Therefore I would propose the FreeBSD-way and put it below > /var/db/samba4/sysvol. In addition to that I think it would be a good idea to > relocate the variable Samba data (databases, caches) currently located at > /usr/pkg/etc/samba/private) as well. My proposal for the target is > /var/db/samba4/private. > > Attached is a patch which applies to pkgsrc-current. I did perform the usual > tests (removing all previous configuration and databases, provisioning a new > domain, joining a Windows client to the domain) - no issues so far. > > What do you think? > > Kind regards > Matthias > <pkgsrc_net_samba4.patch.txt>
signature.asc
Description: Message signed with OpenPGP
