[Samba] Problems building FreeBSD file server

Daniel O'Connor darius at dons.net.au
Tue Feb 25 16:01:58 MST 2014 

On 26 Feb 2014, at 7:18, Doug Meredith <doug.meredith at skyridge.com> wrote:
> I have spent a great deal of time trying to set this up using the samba41
> package, and I've had numerous problems, which don't even seem to be
> consistent.  When you install the package it informs you that it is still
> considered experimental, so perhaps I have nobody to blame but myself.
> 
> I decided to try the samba36 package, but when I installed it, it said that
> it was compiled without ADS support and that I would need to build from
> source if I wanted that functionality.  Building from source isn't out of
> the question, but I'd prefer not to if I don't have to.

I think you are under a bit of a misapprehension about FreeBSD :)

If you build it using the ports tree you can configure it quite heavily. This is not really the same as what most people consider 'building from source' even though it is building from source..

If you use the ports tree it IS supported and it IS the normal way on FreeBSD.

> So, the big question:  Is what I want realistic?  Is this doable and stable?
> 
> What version of Samba should I use?  Where should I get it from?
> 
> I should stress that I am building a new server that will be used for file
> serving and nothing else.  I'm not hung up on the Samba version, so long as
> I get what I need.  I'm not hung up on version 10 of FreeBSD if 9 is a
> better choice.  I'm not even hung up on using FreeBSD if there is a better
> choice.  I briefly considered Solaris, but it doesn't seem to be supported
> as a Hyper-V VM.

I used to run Samba 3.6 (from ports) and had it act as an NT4 PDC, I have recently switched to Samba 4 (also from ports) and have it acting as an ADS.

I suggest you do this
cd /usr/ports/net/samba4
sudo make config
[set EXP_MODULES]
sudo make install

Then provision your system
sudo samba-tool domain provision --realm=MY.REALM.HERE --domain=MY --dns-backend=BIND9_FLATFILE --use-xattrs=no --use-ntvfs --use-rfc2307

I used the Bind9 flat file stuff since I wanted to merge it with my existing domain records, but if you want samba to manage it all then you can use BIND9_DLZ instead. You will also need to modify your bind configuration. 

Then modify your /usr/local/etc/smb4.conf so it looks like..
# Global parameters
[global]
        #log level = 3
        # Need these 2 otherwise it complains something is already bound to :137
        bind interfaces only = yes
        interfaces = 10.0.2.1
        nsupdate command = samba-nsupdate -g

        workgroup = MY
        realm = MY.REALM.HERE
        netbios name = MYSERVER
        server role = active directory domain controller
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
        idmap_ldb:use rfc2307 = yes
        posix:eadb = /var/db/samba4/private/eadb.tdb

[netlogon]
        vfs objects = zfsacl
        nfs4:mode = simple
        nfs4:acedup = merge
        nfs4:chown = yes
        path = /var/db/samba4/sysvol/my.realm.here/scripts
        read only = No


[sysvol]
        vfs objects = zfsacl
        nfs4:mode = simple
        nfs4:acedup = merge
        nfs4:chown = yes
        path = /var/db/samba4/sysvol
        read only = No

[profiles]
        vfs objects = zfsacl shadow_copy2
        nfs4:mode = simple
        nfs4:acedup = merge
        nfs4:chown = yes
        path = /tank/profiles
        read only = no

# homes appears broken - https://lists.samba.org/archive/samba/2014-January/178029.html
[home]
        vfs objects = zfsacl shadow_copy2
        nfs4:mode = simple
        nfs4:acedup = merge
        nfs4:chown = yes
        comment = Home Directories
        read only = No
        path = /home

[storage]
        vfs objects = zfsacl shadow_copy2
        nfs4:mode = simple
        nfs4:acedup = merge
        nfs4:chown = yes
        comment = Archives
        path = /storage
        read only = No
        guest ok = Yes

Note that all my Samba facing ZFS file systems have aclmode=passthrough and aclinherit=passthrough set.

eg I ran something like..
sudo zfs create -o aclmode=passthrough -o aclinherit=passthrough -o mountpoint=/var/db/samba4 tank/samba4db
to create them.
(or you can set them after the fact)

Or alternatively you can use FreeNAS which has done most of the work for you :)

--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C







-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20140226/a8f042fc/attachment.pgp>

More information about the samba mailing list