[Samba] FreeBSD/ZFS/S3FS usage and development questions

Joe Maloney jmaloney at pcbsd.org
Sun Mar 2 01:42:13 MST 2014


I've discovered that ntacl sysvolreset not working is not what is stopping
group policy from functioning on this setup I mentioned above.  When
creating a group policy I was getting the message "a device to attached to
the system was not function in windows".  Then I noticed the following in
log.smbd.  Does this message below mean anything to anyone?

[2014/03/02 02:28:51.186668,  0] ../lib/util/talloc_stack.c:104(talloc_pop)

  Freed frame ../source3/smbd/process.c:3623, expected
../source3/modules/nfs4_acls.c:936.

Joe Maloney


On Thu, Feb 27, 2014 at 5:02 PM, Jeremy Allison <jra at samba.org> wrote:

> On Tue, Feb 25, 2014 at 11:30:15PM -0600, Joe Maloney wrote:
> > I've noticed that the samba-tool ntacl sysvolreset --use-s3fs command
> does
> > not work on a ZFS filesystem on FreeBSD.  It does work if sysvol is moved
> > to a volume that is able to be mounted with the acls flag.
> >
> > I will reference a ticket I started with FreeNAS here:
> >
> > https://bugs.freenas.org/issues/4351
> >
> > As of version 9.2.1.1 s3fs is now the default using the workaround known
> > for FreeBSD.
> >
> >
> http://svnweb.freebsd.org/ports/head/net/samba41/files/README.FreeBSD.in?revision=340872&view=markup
> >
> > It seems to work well for the most part and things like smbstatus work.
> >  However I've noticed the inability to create any group policy objects.
>  So
> > I started thinking about the sysvolreset command.
> >
> > Am I correct in thinking that as suggested early without running
> samba-tool
> > ntacl sysvolreset the conversion from ntvfs to s3fs after an initial
> > provision with ntvfs would not be fully complete?
> >
> > I also suggested this as maybe a good starting point for fixing the
> sysvol
> > reset command with ZFS.  Is this the correct file?
> >
> >
> https://git.samba.org/?p=samba.git;a=blob;f=python/samba/ntacls.py;h=53438d84bffbc088e3aa0d177b728a2797407c05;hb=HEAD
>
> Yes, that looks right.
>
> > Is it possible to simply disable the hard requirements for POSIX acls or
> > bypass the check in some way?  Or are POSIX acls somehow essential to
> > setting the permissions to begin with using the python scripts?
>
> POSIX ACLs aren't required for this, it's just that
> they are the tested environment most of the Team
> is working within. ZFS ACLs should be an acceptable
> (and easier) replacement.
>
> Jeremy.
>


More information about the samba mailing list