[Samba] core dump from samba-tool when chnging user password

James B. Byrne byrnejb at harte-lyne.ca
Mon Aug 24 15:17:06 UTC 2020

On Mon, August 24, 2020 13:51 +0000, Rowland penny wrote:

> It isn't a PDC, that is something quite different ;-)

I know, but it is a lot shorter to write than the DC possessing the PDC FSMO role.

> It is your first DC.

Not really, I have been working with MS AD Domains since NT 3.51, or whatever it
was called back then.  This one just happens to be the one I am currently
testing on.  (I know, that is not what you meant, but you see how language
sometimes communicates ideas other than what was intended.)

> I am also beginning to think your problems are all self inflicted by
> running your Samba instances in Freebsd jails. The problems you are
> having around talloc are definitely not normal. Is there anyway you
> could set up Samba without using jails ?

Of course they are and of course I could.  However, that would be
administratively difficult.  Keeping these sorts of applications in FreeBSD
jails running on top of ZFS provides a secure segregation of responsibilities
in a data environment where the entire application setup is trivially
transported between hosts. It effectively provides what Docker and its kind are
supposed to do in Linux.

At the same time ZFS provides the benefit of frequent snapshots of the
underlying data sets combined with the capability to send these between hosts.
This makes for a fairly robust backup system without any additional software or
setup, beyond the minimal requirements of suitable crontab entries.

To obtain these sort of things from a Linux distro would require a considerable
effort just to establish the infrastructure. Not to mention separate hardware,
which needs to be twinned here and at our offsite location.  And only then
would I get to deal with Samba.

Bhyve was tried as a VM hypervisor on FreeBSD; and while it worked well in 10.4
and 11.x, and still does support our actual MS AD-DC, changes to Bhyve and to
ZFS resulted in a seriously unpleasant experience with vm lockups following the
upgrade of the host to 12.0. These were ultimately resolved by moving every vm
off Bhyve and into jails on other hosts.  Samba is the last vm based
application to be converted.

It has been a bit of a tough go to get to where we are today with Samba on
FreeBSD. Given that most of that difficulty can be traced back to profound
ignorance on my part I prefer to have just one OS and one FS to concern myself
with. At least then I have a halfway decent chance of staying somewhat current
on both.  What is left in the way of problems with Samba are, for me, corner
cases.  RSAT works fine and if I cannot use samba-tool to manage users then
that is no great loss.

On the other hand, the errors I report are likely solvable should someone with
the ability to do so take note of them, so I am reporting this one.  What I
want to know is whether this should be reported as a bug or whether this
problem has been solved in a more recent version of Samba.  I am not prepared
to move from 4.10.15 until after the complete transition from the existing
domain and DC is complete.  But, if it has been fixed then that would be useful
to know.

And, as always, I appreciate the help.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list