Samba4 on OpenBSD: a report (tags: waf, s3fs, ntvfs)
Andrew Bartlett
abartlet at samba.org
Tue Sep 1 01:43:49 UTC 2015
On Mon, 2015-08-31 at 11:29 -0700, Jeremy Allison wrote:
> On Mon, Aug 31, 2015 at 05:41:32PM +0200, Jérémie Courrèges-Anglas
> wrote:
> >
> > Hi,
> >
> > last week we (OpenBSD) have switched the net/samba package in our
> > ports
> > tree from latest Samba3 (+ patches) to Samba4 - samba-4.1.19 to be
> > exact. The work on Samba4 was started by OpenBSD developer Vadim
> > Zhukov, who did a big amount of work. The co-maintainers of this
> > samba
> > port are Ian (cc'd) and I.
> >
> > Here's a bit of feedback about the transition to samba4.
> >
> > One thing made the transition complicated: waf. The problem is
> > that, as
> > opposed to autotools that have been tested on and have knowledge of
> > tons
> > of environments, waf is young. Plus it encourages you to write
> > custom
> > code, which then breaks on "exotic" setups. This is the case on
> > OpenBSD, where we use a traditional shared libraries naming scheme.
> > Right now updating to samba-4.2.3 is not possible because of
> > changes in
> > this regard in samba 4.2.x. I'll try to discuss these problems in
> > time
> > with Samba developers that want to give a hand.
>
> Yeah, opinions in the Team are very divided over waf. Those who
> love it, really love it. Those who don't... are less happy :-).
The waf journey has been an interesting one. One thing it has done
(along with autobuild to enforce it) is raise the bar substantially on
what we expect out of a build system.
> As always, patches to make us work better on OpenBSD would be
> very welcome.
>
> > There is another particular point that matters for OpenBSD support:
> > s3fs
> > vs. ntvfs. I have lightly tested a Samba AD DC setup, which
> > required
> > the use of ntvfs instead of s3fs (the default). s3fs failed
> > because ACL
> > support is required, alas "POSIX" ACLs aren't available on OpenBSD
> > (and
> > there is no plan to change that). Thus I'd like to inquire what
> > are the
> > plans regarding ntvfs and s3fs. Maybe s3fs could be made to work
> > without requiring ACLs?
>
> Unfortunately that can't be done. AD-DC *requires* ACL support
> on the filesystem. You could run it in a configuration that
> allows Windows ACLs to be stored in extended attributes (or
> a tdb database) but then it wouldn't be safe to allow local
> users access to the files.
Exactly. The only area that I can see some forward progress being
possible on is allowing a provision onto an NFSv4-ACLed filesystem, as
that is mostly a matter of setting up the right VFS modules. I don't
see OpenBSD supporting the AD DC any time soon.
This won't stop it being used as a great file server, however.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list