Samba4 on OpenBSD: a report (tags: waf, s3fs, ntvfs)

[Jeremy Allison]

On Mon, Aug 31, 2015 at 05:41:32PM +0200, Jérémie Courrèges-Anglas wrote:
> 
> Hi,
> 
> last week we (OpenBSD) have switched the net/samba package in our ports
> tree from latest Samba3 (+ patches) to Samba4 - samba-4.1.19 to be
> exact.  The work on Samba4 was started by OpenBSD developer Vadim
> Zhukov, who did a big amount of work.  The co-maintainers of this samba
> port are Ian (cc'd) and I.
> 
> Here's a bit of feedback about the transition to samba4.
> 
> One thing made the transition complicated: waf.  The problem is that, as
> opposed to autotools that have been tested on and have knowledge of tons
> of environments, waf is young.  Plus it encourages you to write custom
> code, which then breaks on "exotic" setups.  This is the case on
> OpenBSD, where we use a traditional shared libraries naming scheme.
> Right now updating to samba-4.2.3 is not possible because of changes in
> this regard in samba 4.2.x.  I'll try to discuss these problems in time
> with Samba developers that want to give a hand.

Yeah, opinions in the Team are very divided over waf. Those who
love it, really love it. Those who don't... are less happy :-).

As always, patches to make us work better on OpenBSD would be
very welcome.

> There is another particular point that matters for OpenBSD support: s3fs
> vs. ntvfs.  I have lightly tested a Samba AD DC setup, which required
> the use of ntvfs instead of s3fs (the default).  s3fs failed because ACL
> support is required, alas "POSIX" ACLs aren't available on OpenBSD (and
> there is no plan to change that).  Thus I'd like to inquire what are the
> plans regarding ntvfs and s3fs.  Maybe s3fs could be made to work
> without requiring ACLs?

Unfortunately that can't be done. AD-DC *requires* ACL support
on the filesystem. You could run it in a configuration that
allows Windows ACLs to be stored in extended attributes (or
a tdb database) but then it wouldn't be safe to allow local
users access to the files.