[Samba] sysvolreset failing on glusterfs

Wed Mar 6 14:35:25 MST 2013

Do you have extended attributes enabled on your glusterfs filesystem?

Out of curiosity, what version of glusterfs are you seeing this problem?

On 03/06/2013 04:21 PM, Andreas Gaiser wrote:
> thanks for your answer.
>
> I don't think it's a permission issue, as the script is invoked as root
> and I don't think it's changing its uid.
>
> I've had a look into the code and what I see is, it's somewhat selective
> about the method to set ACLs depending on the filesystem AFAIR. The
> stack trace only shows the python part. The actual error results from C
> code. Setting ACLs using a windows client seems to work.
>
> Furthermore, if I'm mounting the glusterfs volume, in the mount list,
> the acl option is not shown.
>
> I think somewhere a decision about the availabilty of ACLs is going wrong.
>
> Very funny, at one occasion it did work, though complaining after
> minutes of activity, and ACLs were present after that (can't tell if
> they're correct). But this part is not well reproducable. In fact there
> is no reasonable way to do a sysvolreset at the moment, lengthening my
> list of issues.
>
> Andreas
>
> On 06.03.13 17:44, Mr J Potter wrote:
>> Hi,
>> I had similar problems with gluster. I set up a gluster sysvol first
>> then tried provisioning and it failed with the same error. So it maybe
>> to do with permissions on the sysvol folder itself?
>>
>> It worked if I set up dc and bdc each with local sysvols then moved them
>> onto gluster.
>>
>> Jim
>>
>> On Mar 3, 2013 5:32 PM, "Andreas Gaiser/L" <info at multifake.net
>> <mailto:info at multifake.net>> wrote:
>>> Hi,
>>>
>>>
>>> I'm trying to setup a domain with two DCs based on 4.0.3. Following some
>>> hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
>>> can set acls on both machines using setfacl and the other one lists them
>>> almost immediately with getfacl.
>>>
>>> But running "samba-tool ntacl sysvolreset is failing badly giving the
>>> following error.
>>>
>>> In a later attempt, without significant changes I remember, the script
>>> more or less seemed to work and created indeed ACEs, but still came up
>>> with this error after some minutes.
>>>
>>> root at dc1:~# samba-tool ntacl sysvolreset
>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
>>> ERROR(runtime): uncaught exception - (-1073741637,
>>> 'NT_STATUS_NOT_SUPPORTED')
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
>>> 175, in _run
>>>     return self.run(*args, **kwargs)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
>>> line 214, in run
>>>     lp, use_ntvfs=use_ntvfs)
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
>>> line 1563, in setsysvolacl
>>>     setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
>>> skip_invalid_chown=True, passdb=s4_passdb)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
>>> 154, in setntacl
>>>     smbd.set_nt_acl(file, security.SECINFO_OWNER |
>>> security.SECINFO_GROUP | security.SECINFO_DACL |
>> security.SECINFO_SACL, sd)
>>> Running mount is showing the target fs without ACLs, although they do
>>> work, as said before, and although I do have mounted the fs using -o
>>> acl,rw. The underlying ext3 fs is of cause running with acls enabled,
>>> too. This is what mount looks like for the involved fs's:
>>>
>>> fusectl on /sys/fs/fuse/connections type fusectl (rw)
>>> /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
>>> localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
>>> (rw,allow_other,max_read=131072)
>>>
>>>
>>> Andreas
>>> --
>>> Andreas Gaiser, Berlin, Germany
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>