[Samba] Join as DC requires libacl, not avail on Solaris

Andrew Bartlett abartlet at samba.org
Tue Mar 4 14:44:50 MST 2014

On Tue, 2014-03-04 at 11:05 -0500, Thomas Schulz wrote:
> > Andrew Bartlett wrote:
> > The best way to extend Samba's OS support in the AD DC is to provide
> > tested patches. 
> Unfortunately this is way beyond my ability to work on. Quite awhile ago
> I was a programmer, but my last major work was written in Fortran. I make
> small changes in programs written in C, but nothing of the scope that
> would be required here.
> > On Monday, March 03, 2014 11:30 PM, Thomas Schulz wrote:
> > > I am going to admit defeat here and use a Linux box as my additional
> > > domain controller. It looks like Samba 4.1.5 does not understand the
> > > Solaris ACL system. This may be related to Bug 10362. I have concluded
> > > from this and the other problems that I have had that the Samba team
> > > does not have access to a Solaris box for development and that Oricle
> > > is not providing any support for Samba. Fortunately Samba does work
> > > as a file server on Solaris.
> > 
> > Hi Thomas,
> > 
> > You've given up too early. I now have a samba 4.1.5 instance that is 
> > joined to my domain and has replicated the AD and even accessed through 
> > ADUC.
> > 
> > Attaching patches that will enable you to bypass the provision test of 
> > your sysvol share.
> > 
> > Note: You must create a smb.conf with a sysvol share defined.
> > 
> > After provisioning, you will have to edit smb.conf and add zfsacls 
> > module to the sysvol share and otherwise configure the share for zfs 
> > before you start samba.
> > 
> > regards,
> > 
> > Christopher
> I have saved these patches. However all of our file systems are currently
> UFS file systems. 

If you are using UFS, it is expected to work.  Can you download current
git master and confirm if configure runs without any special options?
We now bail if we don't detect posix ACLs at that point.  

If that fails, then your bin/config.log might be of assistance in
working out why we didn't find the posix ACL headers, plus information
on where the ACL functions are to be found on your system.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list