[Samba] FreeBSD-11 and Samba-4.6 as a DC

[Rowland Penny]

On Wed, 12 Jul 2017 15:48:57 -0500
Andrew Walker via samba <samba at lists.samba.org> wrote:

> On Wed, Jul 12, 2017 at 1:45 AM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > If Freebsd has modified Samba so that it will provision and run on
> > NFSv4 ACLs, then I would suggest they prepare patches and submit
> > them to the samba-technical mailing list. This is always provided
> > they are not just using the deprecated ntvfs server.
> >
> 
> I believe can see the current patches applied to the FreeBSD samba
> port by running the following commands on a FreeBSD system
> portsnap fetch
> portsnap extract
> 
> The current FreeBSD 4.6 patches will be listed under
> /usr/ports/net/samba46/files.

I repeat, if Freebsd has patches, then they should submit them to Samba.

> > Yes, running Samba as a Unix domain member will work, but it is
> > possible you will not be able to set ACLs from windows.
> >
> 
> When FreeBSD is joined to an AD domain as a member server, you will
> be able to change permissions from a Windows client if you have
> 'zfsacl' enabled (and the rest of samba is properly configured).
> Everything works as expected. I've been running such a setup in
> production for a number of years.

I did say 'possible' ;-)

> > At the moment, Samba, on a DC, has no concept of NFSv4 ACLs, so you
> > need to use a filesystem such as ext4. I have tried UFS and ZFS on
> > Freebsd and cannot get either to work with a Samba AD DC.
> >
> 
> Out of curiosity, have you tried it on a FreeNAS VM through the
> webui? I believe that it works there, but I haven't found time to
> play around with it.
> 

No I haven't, to be honest I have no interest in a NAS, never seen the
point in them, by using one you are usually locked into whatever
platform they are designed for. I think you can probably get something
better if you build your own fileserver, you just will not have a GUI.

Rowland