[Samba] Segmentation fault in samba_upgradedns - Samba 4.4.5

Fri Sep 2 11:41:47 UTC 2016

On 2 September 2016 at 12:21, Rowland Penny via samba <samba at lists.samba.org
> wrote:

> On Fri, 2 Sep 2016 11:51:02 +0100
> Cameron Murdoch <cam at macaroon.net> wrote:
>
> > On 2 September 2016 at 09:53, Rowland Penny via samba
> > <samba at lists.samba.org
> > > wrote:
> >
> > > On Thu, 1 Sep 2016 14:12:21 +0100
> > > Rowland Penny via samba <samba at lists.samba.org> wrote:
> > >
> > > >
> > >
> > > Trying to understand why you are getting the segfault, I set up
> > > freebsd 11.0rc2 in a VM and then installed samba44, I now know
> > > where Gentoo gets its ideas from :)
> > >
> > > After freebsd built everything in the chain of required packages, it
> > > finally built Samba, I did notice two things, one it built part (or
> > > perhaps the whole) of Bind 9.8.6 to get nsupdate and it also used
> > > Samba 4.3.11 for various libraries.
> > >
> > > I then tried to provision Samba, big failure, ZFS doesn't seem to
> > > like ACLs, so if somebody could tell me how to get past this, I
> > > would be very much obliged.
> > >
> > > Rowland
> > >
> > >
> > Hi Rowland,
> >
> > I also had issues provisioning (well classicupgrade actually)
> > Samba44. I got segfaults from samba-tool. I did a little bit of
> > debugging, but due to work time pressures I couldn't submit a bug
> > report at the time. From memory I think the python code in samba-tool
> > was crashing when accessing code from security.so, but that might be
> > wrong.
>
> I tried to provision first as I would normally i.e. non-interacively
> but this wouldn't even run, so I tried provisioning interactively and
> this ran up to the point where it checks if a simple ACL can be set, I
> then get this:
>
> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed -
> ProvisioningError: Your filesystem or build does not support posix ACLs,
> which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
>
>
> >
> > To provision/upgrade the domain I had to install samba43 which worked
> > first time, however I had to specify --use-ntvfs to classicupgrade. I
> > am unsure if this has caused any issues, but as domain controllers
> > they seem to work find, etc.
>
> Well, yes it will work, but ntvfs is deprecated and could be removed,
> it also doesn't get much work done on it, hence why I don't/won't use
> it.
>
>
I didn't want to use ntvfs but was desperate at the time :-)
What is the penalty of using ntvfs? Once provisioned with this flag are you
then stuck with it, or can you then use s3fs?

> >
> > ZFS only supports nfsv4 ACLs. It seems that Samba can use these just
> > fine, (see the zfs/acl stuff in my smb.conf from earlier), but
> > samba-tool doesn't like them. Once provisioned they work really well.
> > I can set them from FreeBSD using setfacl or from Windows just fine.
>
> I found this out, I also found you can use something called aclmode to
> pass the acls through to the underlying filesystem, just have to get
> around the provision error first.
>
>
Yes you need to set the zfs properties aclmode and aclinherit to
passthrough:
[root at odin ~]# zfs get all zroot/jails | grep acl
zroot/jails  aclmode               passthrough            local
zroot/jails  aclinherit            passthrough            local

However that on its own did not let me provision / upgrade as samba-tool
still doesn't seem to believe that acls are supported.
Thanks
C