[Samba] DC replications of FreeBSD samba-4.10.15
Andrew Walker
walker.aj325 at gmail.com
Mon Jul 13 15:50:06 UTC 2020
On Mon, Jul 13, 2020 at 11:11 AM James B. Byrne via samba <
samba at lists.samba.org> wrote:
>
>
> On Mon, July 13, 2020 10:23, Andrea Venturoli wrote:
> > On 2020-07-13 15:06, James B. Byrne wrote:
> >
> >>> Just out of curiosity, are you also using vfs_zfsacl?
> >>
> >> Yes.
> >
> > But only on DC1, AFAICT!
> > I see no mention of it on DC2's smb.conf.
> > That could be the reason why you have two different behaviour.
> >
> > bye
> > av.
> >
>
> That appears to make no difference:
>
> [root at smb4-1 ~ (master)]# grep acl /usr/local/etc/smb4.conf
> vfs objects = dfs_samba4 zfsacl
>
> [root at smb4-1 ~ (master)]# service samba_server onestart
> Performing sanity check on Samba configuration: OK
> Starting samba.
>
> [root at smb4-1 ~ (master)]# getfacl /var/db/samba4/sysvol
> # file: /var/db/samba4/sysvol
> # owner: root
> # group: 3000000
> group:3000000:rwxpDdaARWcCo-:fd-----:allow
> group:3000001:r-x---a-R-c---:fd-----:allow
> group:3000002:rwxpDdaARWcCo-:fd-----:allow
> group:3000003:r-x---a-R-c---:fd-----:allow
>
>
>
> [root at smb4-2 ~ (master)]# grep acl /usr/local/etc/smb4.conf
> vfs objects = dfs_samba4 zfsacl
>
> [root at smb4-2 ~ (master)]# service samba_server onestart
> Performing sanity check on Samba configuration: OK
> Starting samba.
>
> [root at smb4-2 ~ (master)]# getfacl /var/db/samba4/sysvol
> # file: /var/db/samba4/sysvol
> # owner: root
> # group: 3000000
> owner@:rwxp----------:-------:deny
> owner@:------aARWcCos:-------:allow
> group@:rwxp--a-R-c--s:-------:allow
> everyone@:------a-R-c--s:-------:allow
>
I'd say the sysvol ACL on smb4-2 is quite thoroughly broken. Now that the
VFS module is set you'll probably need to fix it. If sysvol is on a
separate dataset, perhaps snapshot before making changes.
More information about the samba
mailing list