[Samba] sysvolreset failing on glusterfs

Andreas Gaiser info at multifake.net
Wed Mar 6 14:21:30 MST 2013

thanks for your answer.

I don't think it's a permission issue, as the script is invoked as root
and I don't think it's changing its uid.

I've had a look into the code and what I see is, it's somewhat selective
about the method to set ACLs depending on the filesystem AFAIR. The
stack trace only shows the python part. The actual error results from C
code. Setting ACLs using a windows client seems to work.

Furthermore, if I'm mounting the glusterfs volume, in the mount list,
the acl option is not shown.

I think somewhere a decision about the availabilty of ACLs is going wrong.

Very funny, at one occasion it did work, though complaining after
minutes of activity, and ACLs were present after that (can't tell if
they're correct). But this part is not well reproducable. In fact there
is no reasonable way to do a sysvolreset at the moment, lengthening my
list of issues.


On 06.03.13 17:44, Mr J Potter wrote:
> Hi,
> I had similar problems with gluster. I set up a gluster sysvol first
> then tried provisioning and it failed with the same error. So it maybe
> to do with permissions on the sysvol folder itself?
> It worked if I set up dc and bdc each with local sysvols then moved them
> onto gluster.
> Jim
> On Mar 3, 2013 5:32 PM, "Andreas Gaiser/L" <info at multifake.net
> <mailto:info at multifake.net>> wrote:
>> Hi,
>> I'm trying to setup a domain with two DCs based on 4.0.3. Following some
>> hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
>> can set acls on both machines using setfacl and the other one lists them
>> almost immediately with getfacl.
>> But running "samba-tool ntacl sysvolreset is failing badly giving the
>> following error.
>> In a later attempt, without significant changes I remember, the script
>> more or less seemed to work and created indeed ACEs, but still came up
>> with this error after some minutes.
>> root at dc1:~# samba-tool ntacl sysvolreset
>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
>> ERROR(runtime): uncaught exception - (-1073741637,
>>   File
>> "/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>>     return self.run(*args, **kwargs)
>>   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
>> line 214, in run
>>     lp, use_ntvfs=use_ntvfs)
>>   File
>> "/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
>> line 1563, in setsysvolacl
>>     setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
>> skip_invalid_chown=True, passdb=s4_passdb)
>>   File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
>> 154, in setntacl
>>     smbd.set_nt_acl(file, security.SECINFO_OWNER |
>> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL, sd)
>> Running mount is showing the target fs without ACLs, although they do
>> work, as said before, and although I do have mounted the fs using -o
>> acl,rw. The underlying ext3 fs is of cause running with acls enabled,
>> too. This is what mount looks like for the involved fs's:
>> fusectl on /sys/fs/fuse/connections type fusectl (rw)
>> /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
>> localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
>> (rw,allow_other,max_read=131072)
>> Andreas
>> --
>> Andreas Gaiser, Berlin, Germany
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list