[Samba] FreeBSD-11 and Samba-4.6 as a DC

[Andrew Walker]

On Wed, Jul 12, 2017 at 1:45 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> If Freebsd has modified Samba so that it will provision and run on
> NFSv4 ACLs, then I would suggest they prepare patches and submit them
> to the samba-technical mailing list. This is always provided they are
> not just using the deprecated ntvfs server.
>

I believe can see the current patches applied to the FreeBSD samba port by
running the following commands on a FreeBSD system
portsnap fetch
portsnap extract

The current FreeBSD 4.6 patches will be listed under
/usr/ports/net/samba46/files.


> > Its seems that Samba *must* run a separate member server (or
> > standalone) for both samba4 and nfsv4 to co-exist (and use nfsv4
> > ACLs)?
>
> Yes, running Samba as a Unix domain member will work, but it is
> possible you will not be able to set ACLs from windows.
>

When FreeBSD is joined to an AD domain as a member server, you will be able
to change permissions from a Windows client if you have 'zfsacl' enabled
(and the rest of samba is properly configured). Everything works as
expected. I've been running such a setup in production for a number of
years.

> Previously it has been very unclear (ref 3-Volker's comment) whether
> > to use POSIX or nfsv4 ACL's.  Though the wiki is clearer now.  And
> > for the reference, FreeBSD's getfacl and setfacl operate on POSIX and
> > NFSv4 ACLs
> >
>
> At the moment, Samba, on a DC, has no concept of NFSv4 ACLs, so you
> need to use a filesystem such as ext4. I have tried UFS and ZFS on
> Freebsd and cannot get either to work with a Samba AD DC.
>

Out of curiosity, have you tried it on a FreeNAS VM through the webui? I
believe that it works there, but I haven't found time to play around with
it.


> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>