Odd behaviour with Samba4 member server NTVFS mode

Andrew Bartlett abartlet at samba.org
Thu Feb 27 17:14:30 MST 2014

On Tue, 2014-02-25 at 11:50 +0000, Mark Walker wrote:
> Hi All,
> We have been attempting to expand our Samba4 setup with a remote 4.0.14
> member server for serving up user profiles and home dirs.
> As our existing Samba 4 DC is still an Alpha 12 release running the NTVFS
> server we attempted to mirror the use of this on the member server until we
> were in a position to upgrade it.
> I cannot help but notice that while we have specified -s3fs in the
> configuration there are still references in the logs to smbd being used and
> also reflected in the ps output furthermore there are acls being set.
> So my questions are:
> Is the use of NTVFS in a member server completely unsupported and
> impossible?

As Jeremy has indicated, you really shouldn't be running the ntvfs file
server on a member server.  While the code was written to be able to be
a member server as well as a DC, and there are even tests for that in
our make test, the reality is you are the first to try doing that in
production for a very long time. 

> If so is it normal to still see security.NTACL attributes being set?
> I am seeing unix permissions on the profile directories to be that of Unix
> UIDs instead of root...should these be reset to root and then the
> permissions be set using windows acl management tools?

Both file servers will try and set the user to be correct for the
Windows ACL.  The difference is that the ACLs will be properly set at
the POSIX layer when smbd (s3fs) is used.

Do try and migrate to the smbd file server as soon as possible, perhaps
engaging some assistance if you can't manage it.  That will free up some
of the complexity from the alpha12 upgrade, which will itself be

Is this the same installation you have been trying to upgrade since


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list