Re: Samba DC provisioning fails with Posix ACL enabled FFS
Thanks :-) Am 29.11.21 um 21:03 schrieb Jaromír Doleček: UFS_ACL enabled in XEN3_DOMU now. Le lun. 29 nov. 2021 à 17:46, Matthias Petermann a écrit : Am 28.11.21 um 17:32 schrieb Christos Zoulas: Thanks for the bug report :-) christos You're welcome :-) One more small question: currently the UFS_ACL option in the XEN3_DOMU is not enabled by default for the amd64 architecture. For XEN_DOM0 the option is enabled. I guess that the main use case for the ACLs for many users will be Samba. If one installs Samba on a Xen system, it will probably be in a DOMU rather than a DOM0. What do you think about enabling this UFS_ACL for XEN3_DOMU as well? Kind regards Matthias
Re: Samba DC provisioning fails with Posix ACL enabled FFS
UFS_ACL enabled in XEN3_DOMU now. Le lun. 29 nov. 2021 à 17:46, Matthias Petermann a écrit : > > Am 28.11.21 um 17:32 schrieb Christos Zoulas: > > Thanks for the bug report :-) > > > > christos > > > > You're welcome :-) > > One more small question: currently the UFS_ACL option in the XEN3_DOMU > is not enabled by default for the amd64 architecture. For XEN_DOM0 the > option is enabled. I guess that the main use case for the ACLs for many > users will be Samba. If one installs Samba on a Xen system, it will > probably be in a DOMU rather than a DOM0. > > What do you think about enabling this UFS_ACL for XEN3_DOMU as well? > > Kind regards > Matthias
Re: Samba DC provisioning fails with Posix ACL enabled FFS
Am 28.11.21 um 17:32 schrieb Christos Zoulas: Thanks for the bug report :-) christos You're welcome :-) One more small question: currently the UFS_ACL option in the XEN3_DOMU is not enabled by default for the amd64 architecture. For XEN_DOM0 the option is enabled. I guess that the main use case for the ACLs for many users will be Samba. If one installs Samba on a Xen system, it will probably be in a DOMU rather than a DOM0. What do you think about enabling this UFS_ACL for XEN3_DOMU as well? Kind regards Matthias
Re: Samba DC provisioning fails with Posix ACL enabled FFS
Hello all, it turned out that my problem was a result of an inconsistency in the ACL variant (NFSv4 vs. POSIX1e) that existed in NetBSD-current for about 2 months. Christos was kind enough to look at it and fix it right away[1]. My big thanks for that! With all NetBSD-current builds with sources from 2021-11-27 and newer the provisioning of an AD domain can be expected to works now. I tested this with success with Samba from pkgsrc-2021Q3. Many greetings Matthias [1] https://anonhg.netbsd.org/src/rev/21d465dbb2a8
Re: Samba DC provisioning fails with Posix ACL enabled FFS
On 25.11.21 14:49, Matthias Petermann wrote: I am using Samba 4.13.11 from pkgsrc-2021Q3 (compiled with acl-Option). The NetBSD version is: NetBSD net.local 9.99.92 NetBSD 9.99.92 (XEN3_DOMU_CUSTOM) #0: Thu Nov 25 06:26:36 CET 2021 mpeterma@sysbldr92.local:/home/mpeterma/netbsd-current/obj/sys/arch/amd64/compile/XEN3_DOMU_CUSTOM amd64 Just to add another data point: I just found out that I have a VM with NetBSD 9.99.88 build from 2021-11-03 with Samba 4.13.10 for which the provisioning works. So it looks like there is only a small time window I have to investigate for possible changes. In case someone expected the same issue and knows what the problem is - I will be thankful for any hint. In case I find the issue by myself, I will send an update as soon as possible. Kind regards Matthias
Samba DC provisioning fails with Posix ACL enabled FFS
Hello all, has anyone tried provisioning a Samba DC on NetBSD current recently? I managed to do this about half a year ago. Currently, however, there seems to be a problem that I can't quite figure out yet. I use as storage for Samba / Sysvol a FFS with Posix ACLs enabled. I have enabled these with tunefs after formatting and also give them as mount options. However, when trying to provision I get: ``` net# samba-tool domain provision --use-rfc2307 --interactive Realm [LOCAL]: MPNET.LOCAL Domain [MPNET]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.1]: 192.168.2.254 Administrator password: Retype password: ... INFO 2021-11-25 13:53:38,235 pid:1640 /usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py #1570: Setting up well known security principals INFO 2021-11-25 13:53:38,260 pid:1640 /usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py #1584: Setting up sam.ldb users and groups INFO 2021-11-25 13:53:38,351 pid:1640 /usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py #1592: Setting up self join Repacking database from v1 to v2 format (first record CN=Print-Media-Ready,CN=Schema,CN=Configuration,DC=mpnet,DC=local) Repack: re-packed 1 records so far Repacking database from v1 to v2 format (first record CN=msCOM-PartitionSet-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=mpnet,DC=local) Repacking database from v1 to v2 format (first record CN=Builtin,DC=mpnet,DC=local) set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was passed to a service or function.') File "/usr/pkg/lib/python3.8/site-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/pkg/lib/python3.8/site-packages/samba/netcmd/domain.py", line 487, in run result = provision(self.logger, File "/usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py", line 2341, in provision provision_fill(samdb, secrets_ldb, logger, names, paths, File "/usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py", line 1979, in provision_fill setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, File "/usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py", line 1764, in setsysvolacl _setntacl(os.path.join(root, name)) File "/usr/pkg/lib/python3.8/site-packages/samba/provision/__init__.py", line 1753, in _setntacl return setntacl( File "/usr/pkg/lib/python3.8/site-packages/samba/ntacls.py", line 236, in setntacl smbd.set_nt_acl( net# ``` I am using Samba 4.13.11 from pkgsrc-2021Q3 (compiled with acl-Option). The NetBSD version is: NetBSD net.local 9.99.92 NetBSD 9.99.92 (XEN3_DOMU_CUSTOM) #0: Thu Nov 25 06:26:36 CET 2021 mpeterma@sysbldr92.local:/home/mpeterma/netbsd-current/obj/sys/arch/amd64/compile/XEN3_DOMU_CUSTOM amd64 (yes, I am using a custom XEN3_DOMU kernel as the provided kernel conf lacks the UFS_ACL option) Has anyone an idea what is wrong here? Kind regards Matthias