[Samba] Warning messages when provisioning an ADDC
slow at samba.org
Fri Feb 5 15:47:47 UTC 2021
Am 2/5/21 um 4:30 PM schrieb Thomas Geppert:
> On 05/02/2021 14:07, Rowland penny via samba wrote:
>>> The provisioning and the nfs options given in the provisioning,
>>> thats the pain point.
>> They are the way the OP is trying to get something that shouldn't
>> work, to work.
> GUILTY ! I have to confess.
> However, I must say that I don't understand why it shouldn't work.
> I'm relatively new to Samba but my understanding is that both vfs
> modules, acl_xattr and nfs4acl, are perfectly capable of storing
> NTACLs lossless. Nevertheless, using the nfs4acl vfs module does not
> provide the same functionality as using the acl_xattr vfs module.
It does provide the same functionality. There may be subtle differences,
but both basically provide a grossly Windows ACL compatible backing store.
> I did some research but without the background of 30 years of
> development that went into the product I'm a little bit lost at some
> - Why are POSIX ACLs required at all during provisioning when NTACLs
> are available ?
> - Why does the nfs4acl module intentionally mask the POSIX ACL calls
> and doesn't pass them down the stack or implement them the same way
> as the acl_xattr module ?
By design. The POSIX ACL VFS functions only get called indirectly by the
Windows ACL VFS functions if any module implementing the latter calls
into the former. vfs_nfs4acl doesn't do this and acl_xattr only does it
to provide consistency wrt to storing the Windows ACL in an xattr and a
mapped POSIX ACL in the filesystem (though this can be disabled by
config). There are more subtleties but that is the basic logic.
Samba AD DC is a complex beast and bending it do will can require deep
knowledge of the full stack and possibly a lot of time. :)
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the samba