[Samba] Join as DC requires libacl, not avail on Solaris

[Thomas Schulz]

> Andrew Bartlett wrote:
> The best way to extend Samba's OS support in the AD DC is to provide
> tested patches. 

Unfortunately this is way beyond my ability to work on. Quite awhile ago
I was a programmer, but my last major work was written in Fortran. I make
small changes in programs written in C, but nothing of the scope that
would be required here.

> On Monday, March 03, 2014 11:30 PM, Thomas Schulz wrote:
> > I am going to admit defeat here and use a Linux box as my additional
> > domain controller. It looks like Samba 4.1.5 does not understand the
> > Solaris ACL system. This may be related to Bug 10362. I have concluded
> > from this and the other problems that I have had that the Samba team
> > does not have access to a Solaris box for development and that Oricle
> > is not providing any support for Samba. Fortunately Samba does work
> > as a file server on Solaris.
> 
> Hi Thomas,
> 
> You've given up too early. I now have a samba 4.1.5 instance that is 
> joined to my domain and has replicated the AD and even accessed through 
> ADUC.
> 
> Attaching patches that will enable you to bypass the provision test of 
> your sysvol share.
> 
> Note: You must create a smb.conf with a sysvol share defined.
> 
> After provisioning, you will have to edit smb.conf and add zfsacls 
> module to the sysvol share and otherwise configure the share for zfs 
> before you start samba.
> 
> regards,
> 
> Christopher

I have saved these patches. However all of our file systems are currently
UFS file systems. I expect that the work on ZFS will not help me. It turns
out that using a different machine, one not used by most of our users, has
some advantages. If you are curious, see the first part of my mail with
the subject:
NO DNS zone information found in source domain, not replicating DNS

Tom Schulz
Applied Dynamics Intl.
schulz at adi.com