AD DC option to use acl_tdb rather than acl_xattr?
Andrew Bartlett
abartlet at samba.org
Tue Jun 7 10:02:42 UTC 2022
On Fri, 2022-06-03 at 13:56 -0400, John Mulligan via samba-technical
wrote:
> Hi Andrew,
> During the sambaXP conference you mentioned that there may be an
> option to
> swap the vfs/xattr backend even on an AD DC. I'm interested in using
> this as
> it ought to avoid the need for always running our AD DC container
> images in a
> privileged mode. You mentioned it should be OK for our use-case
> where the
> sysvol is not heavily used. Unfortunately, I haven't found any
> documentation
> for it. I looked over the interactive help from 'samba-tool' as well
> as the
> wiki and didn't see anything that jumped out at me.
>
> I was hoping you could point me in the right direction. Even if it's
> an
> unreleased feature, or needs a "cheat code". Thank you very much!
Thanks for asking, and I'm glad I burned the midnight oil to listen to
your talk, these things are worth attending in real time.
So the trick here is that samba-tool domain provision will honour the
smb.conf it was loaded with.
so you can set (eg):
vfs objects = dfs_samba4 acl_xattr xattr_tdb
xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
(where $prefix_abs is of course a real path)
And Samba will use those during the provision.
This is how selftest works, see selftest/target/Samba4.pm
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba-technical
mailing list