AD DC option to use acl_tdb rather than acl_xattr?
John Mulligan
phlogistonjohn at asynchrono.us
Tue Jun 7 14:23:35 UTC 2022
On Tuesday, June 7, 2022 6:02:42 AM EDT Andrew Bartlett via samba-technical
wrote:
> On Fri, 2022-06-03 at 13:56 -0400, John Mulligan via samba-technical
>
> wrote:
> > Hi Andrew,
> > During the sambaXP conference you mentioned that there may be an
> > option to
> > swap the vfs/xattr backend even on an AD DC. I'm interested in using
> > this as
> > it ought to avoid the need for always running our AD DC container
> > images in a
> > privileged mode. You mentioned it should be OK for our use-case
> > where the
> > sysvol is not heavily used. Unfortunately, I haven't found any
> > documentation
> > for it. I looked over the interactive help from 'samba-tool' as well
> > as the
> > wiki and didn't see anything that jumped out at me.
> >
> > I was hoping you could point me in the right direction. Even if it's
> > an
> > unreleased feature, or needs a "cheat code". Thank you very much!
>
> Thanks for asking, and I'm glad I burned the midnight oil to listen to
> your talk, these things are worth attending in real time.
>
:-D
> So the trick here is that samba-tool domain provision will honour the
> smb.conf it was loaded with.
>
> so you can set (eg):
> vfs objects = dfs_samba4 acl_xattr xattr_tdb
> xattr_tdb:file = $prefix_abs/statedir/xattr.tdb
>
> (where $prefix_abs is of course a real path)
>
> And Samba will use those during the provision.
>
Very useful, thanks! I think this will help with another issue reported on
the DC container that I'm looking at too.
> This is how selftest works, see selftest/target/Samba4.pm
>
> Andrew Bartlett
Thanks again!
More information about the samba-technical
mailing list