[WIP] Remove confusing --use-xattrs option from samba-tool domain provision

Rowland Penny repenny241155 at gmail.com
Mon Sep 5 17:55:20 UTC 2016 

On Mon, 5 Sep 2016 10:05:37 -0700
Jeremy Allison <jra at samba.org> wrote:

> On Mon, Sep 05, 2016 at 09:00:23AM +0100, Rowland Penny wrote:
> > On Mon, 5 Sep 2016 09:35:32 +0200
> > Stefan Metzmacher <metze at samba.org> wrote:
> > 
> > > Hi,
> > > 
> > > > I did a little more digging and I think all that is really
> > > > required is: Add a switch to the provision command, something
> > > > like '--use-zfs' if this is set, don't do the simple acl check.
> > > > when creating smb.conf add the zfsacl lines
> > > > and hopefully this will do the job, but there will probably be
> > > > other things to do, only time will tell.
> > > 
> > > maybe a generic --additional-sysvol-vfs-modules=zfsacl option
> > > would be better, that way it's not limited to zfs.
> > > 
> > > metze
> > > 
> > 
> > Confused now, do you mean 'zfsacl' can be used with file systems
> > other than ZFS ? if so, why is it called 'zfsacl' ?
> > 
> > Or do you mean '--additional-sysvol-vfs-modules=X' , where 'X' is a
> > vfs module ? If you do mean this, then I do not agree, nobody will
> > want to type that. How about 'use-vfs=X'.
> 
> Let's have both :-). How about a '--additional-sysvol-vfs-modules=X'
> but a '--use-zfs' which maps into
> '--additional-sysvol-vfs-modules=zfsacl'.
> 
> Rowland is right in that no one will understand or want to type that,
> and metze is right in that making it more generic is flexible.
> 
> But let's be honest, zfs is a widely used mapping and making it easy
> to use would be good for Samba4-AD adoption.

I am working on this (just using 'use-vfs=zfsacl'), we can argue the
schematics later.

I have got past the first acl test and added the required lines to
smb.conf, but then I hit an error:

root at freebsd:~ # samba-tool domain provision --use-rfc2307 --use-vfs=vfsacl --interactive
Realm [TESTDOM.TLD]: 
 Domain [TESTDOM]: 
 Server Role (dc, member, standalone) [dc]: 
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: 
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.0.1]: 
Administrator password: 
Retype password: 
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=testdom,DC=tld
Adding configuration container
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID'
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 466, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2183, in provision
    skip_sysvolacl=skip_sysvolacl)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1787, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1316, in fill_samdb
    ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID

I take it that the missing 'attribute' is suppose to come from
'dsdb.so' ?? and is defined in samdb.h

So why isn't the script finding it ?

I tried to recompile samba44 in case I missed something the first time
round, but this failed, so I going to start with a fresh Freebsd VM.

Rowland

More information about the samba-technical mailing list