[Samba] Join as DC requires libacl, not avail on Solaris
Thomas Schulz
schulz at adi.com
Wed Mar 5 11:26:14 MST 2014
> On Tue, 2014-03-04 at 20:49 -0500, Thomas Schulz wrote:
>>> On Tue, 2014-03-04 at 11:05 -0500, Thomas Schulz wrote:
>>>>> Andrew Bartlett wrote:
>>>>> The best way to extend Samba's OS support in the AD DC is to provide
>>>>> tested patches.
>>>>
>>>> Unfortunately this is way beyond my ability to work on. Quite awhile ago
>>>> I was a programmer, but my last major work was written in Fortran. I make
>>>> small changes in programs written in C, but nothing of the scope that
>>>> would be required here.
>>>>
>>>>> On Monday, March 03, 2014 11:30 PM, Thomas Schulz wrote:
>>>>>> I am going to admit defeat here and use a Linux box as my additional
>>>>>> domain controller. It looks like Samba 4.1.5 does not understand the
>>>>>> Solaris ACL system. This may be related to Bug 10362. I have concluded
>>>>>> from this and the other problems that I have had that the Samba team
>>>>>> does not have access to a Solaris box for development and that Oricle
>>>>>> is not providing any support for Samba. Fortunately Samba does work
>>>>>> as a file server on Solaris.
>>>>>
>>>>> Hi Thomas,
>>>>>
>>>>> You've given up too early. I now have a samba 4.1.5 instance that is
>>>>> joined to my domain and has replicated the AD and even accessed through
>>>>> ADUC.
>>>>>
>>>>> Attaching patches that will enable you to bypass the provision test of
>>>>> your sysvol share.
>>>>>
>>>>> Note: You must create a smb.conf with a sysvol share defined.
>>>>>
>>>>> After provisioning, you will have to edit smb.conf and add zfsacls
>>>>> module to the sysvol share and otherwise configure the share for zfs
>>>>> before you start samba.
>>>>>
>>>>> regards,
>>>>>
>>>>> Christopher
>>>>
>>>> I have saved these patches. However all of our file systems are currently
>>>> UFS file systems.
>>>
>>> If you are using UFS, it is expected to work. Can you download current
>>> git master and confirm if configure runs without any special options?
>>> We now bail if we don't detect posix ACLs at that point.
>>>
>>> If that fails, then your bin/config.log might be of assistance in
>>> working out why we didn't find the posix ACL headers, plus information
>>> on where the ACL functions are to be found on your system.
>>>
>>> Andrew Bartlett
>>
>> I will download that as soon as I get into the office in the morning.
>> What I can get to right now are the output lines from configure that
>> mention ACLs.
>>
>> Checking for header acl/libacl.h : no
>> Checking for header sys/acl.h : yes
>> Checking for _acl : ok
>> Checking for __acl : not found
>> Checking for _facl : ok
>> Checking for __facl : not found
>> Checking for library acl : not found
>> Checking for acl_get_file : not found
>> Checking for POSIX ACL support : not found
>> Checking for header sys/acl.h : yes
>> Checking for _acl : ok
>> Checking for __acl : not found
>> Checking for _facl : ok
>> Checking for __facl : not found
>> Checking for library acl : not found
>> Checking for acl_get_file : not found
>> Checking for POSIX ACL support : not found
>>
>> That output matches what I find while looking around. I do not find any
>> library specifically for ACLs. And acl_get_file is not found in sys/acl.h.
>> Note that this is Solaris 10. I believe that there is a Solaris 11, but
>> I do not have that.
>
> The issue is that we don't seem to realise your system is solaris.
>
> Can you please run
>
> python -c "import sys; print sys.platform"
>
> Then try the attached patch and let me know if that fixes it.
>
> Thanks,
>
> Andrew Bartlett
Perhaps misunderstanding which version that I should patch, I tried patching
4.1.5. I now see that the patch is for the development version. So I tried
a different patch:
--- wscript.orig Thu Dec 5 04:16:48 2013
+++ wscript Wed Mar 5 11:37:59 2014
@@ -410,7 +410,7 @@
Logs.info('Using UnixWare ACLs')
conf.DEFINE('HAVE_UNIXWARE_ACLS',1)
default_static_modules.extend(TO_LIST('vfs_solarisacl'))
- elif (host_os.rfind('solaris') > -1) and conf.CHECK_FUNCS_IN('sec', 'facl'):
+ elif (host_os.rfind('sunos5') > -1) and conf.CHECK_FUNCS_IN('sec', 'facl'):
Logs.info('Using solaris ACLs')
conf.DEFINE('HAVE_SOLARIS_ACLS',1)
default_static_modules.extend(TO_LIST('vfs_solarisacl'))
The difference in the output from configure is:
--- samba-4.1.5.i386gcc.pt/conflog Mon Feb 24 15:07:04 2014
+++ samba-4.1.5.i386gcc.2pt//conflog Wed Mar 5 11:57:20 2014
@@ -1061,6 +1061,8 @@
Checking if can we convert from CP850 to UCS-2LE : ok
Checking if can we convert from UTF-8 to UCS-2LE : ok
building on sunos5
+Checking for library facl : not found
+Checking for sec : not found
Checking for library acl : not found
Checking for acl_get_file : not found
Checking for POSIX ACL support : not found
@@ -2216,6 +2218,8 @@
Checking if can we convert from CP850 to UCS-2LE : ok
Checking if can we convert from UTF-8 to UCS-2LE : ok
building on sunos5
+Checking for library facl : not found
+Checking for sec : not found
Checking for library acl : not found
Checking for acl_get_file : not found
Checking for POSIX ACL support : not found
So that did not have the desired result. I am still trying to figure out
how to use git.
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the samba
mailing list