[WIP] Remove confusing --use-xattrs option from samba-tool domain provision
Rowland Penny
repenny241155 at gmail.com
Sun Sep 4 14:37:21 UTC 2016
On Sun, 4 Sep 2016 17:02:33 +0300
Alexander Bokovoy <ab at samba.org> wrote:
> On Sun, 04 Sep 2016, Rowland Penny wrote:
> > On Sun, 4 Sep 2016 16:21:24 +0300
> > Alexander Bokovoy <ab at samba.org> wrote:
> >
> > > On Sun, 04 Sep 2016, Rowland Penny wrote:
> > > > On Sun, 04 Sep 2016 22:32:46 +1200
> > > > Andrew Bartlett <abartlet at samba.org> wrote:
> > > >
> > > > > We keep it if built with NTVFS support, but it should cause
> > > > > less confusion once most users stop seeing it.
> > > > >
> > > > > I realise this may break some scripts, but in this case I
> > > > > think it is worth it for the simplification.
> > > > >
> > > > > This isn't for 4.5 (we don't change this kind of thing during
> > > > > an RC), but should help simplify things for 4.6, and make it
> > > > > clear to others that the default of --use-xattr is and has
> > > > > always been perfectly correct.
> > > > >
> > > > > I'm running an autobuild to confirm I haven't broken anything
> > > > > else.
> > > > >
> > > > > Comment welcome.
> > > > >
> > > > > Andrew Bartlett
> > > >
> > > > Hi Andrew, there is this in the patch header:
> > > >
> > > > The only reasonable use --use-xattrs=no should be used is in
> > > > selftest, and there is no need for that or --use-xattrs=auto
> > > > without --use-ntvfs, all systems we support in production for
> > > > the AD DC have xattrs, as using smbd needs posix ACLs.
> > > >
> > > > I take it we are no longer supporting UNIX OS's, because from my
> > > > testing on Freebsd, you cannot provision an AD DC on that OS,
> > > > this is because '--use-ntvfs' has been removed from the options
> > > > and Freebsd uses ntvfs4 ACLs.
> > > >
> > > > Can I also ask why, now that we only seem to support OS's that
> > > > also support posix ACLs, why we are still using ntvfs, wouldn't
> > > > this be a good time to get rid of it. I mean, what is the point
> > > > of keeping code around that will never be used except for
> > > > testing against.
> > > Rowland, FreeBSD has support for POSIX ACLs and extended
> > > attributes for years. See http://zewaren.net/site/node/154 for
> > > example how to enable them in UFS volumes.
> > >
> >
> > ON UFS they may do, but I was trying to find out why a user was
> > having problems and he was using ZFS. To provision a DC on ZFS, you
> > have to use '--use-ntvfs', the only problem is that this option no
> > longer exists, so you have to ptovision with an earlier version and
> > then update Samba.
> ZFS does not provide POSIX ACLs, it provides NFSv4 ACLs. You need to
> use vfs_zfsacl which requires libsunacl. libsunacl is available in
> FreeBSD ports collection.
>
> https://wiki.freebsd.org/NFSv4_ACLs describes briefly how it is done.
>
> A typical setup is shown here:
> https://daniel.washburn.at/howtos/freebsd-samba4-zfs-recipe
Stop me if I am wrong, but that smb.conf doesn't look like an AD DC
smb.conf, it looks like it was one once but not now.
I also tried the passthrough trick, but it didn't work, it seems the
trick is as I said, provision with '--use-ntvfs' and then do the
changes to the filesystem and smb.conf.
>
> I think we need to look into the provision script and add a
> configuration variant for installing with vfs_zfsacl.
>
We need to do something.
Rowland
More information about the samba-technical
mailing list