[Samba] Samba 4.20 ACL issue with FreeBSD (UFS)

Daniel O'Connor darius at dons.net.au
Tue Apr 15 11:37:36 UTC 2025 

Hi,
I’m trying to join a new FreeBSD 14.2 system (UFS FS) running Samba 4.20 to an existing (Samba) AD (basically following https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory).

It has worked up until me trying to reset the sysvol ACLs after syncing it over from the other DC:
root at addc:~ # samba-tool ntacl sysvolreset
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
File "/usr/local/lib/python3.11/site-packages/samba/netcmd/__init__.py", line 285, in _run
  return self.run(*args, **kwargs)
         ^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/samba/netcmd/ntacl.py", line 449, in run
  provision.setsysvolacl(samdb, sysvol,
File "/usr/local/lib/python3.11/site-packages/samba/provision/__init__.py", line 1690, in setsysvolacl
  raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires.  “

Initially I thought this was due to not having ACLs on the file system but I have fixed that, and now they work eg:
root at addc:/var/db/samba4/sysvol # setfacl -m u::rwx,g:mail:rw test
root at addc:/var/db/samba4/sysvol # getfacl test
# file: test
# owner: root
# group: wheel
user::rwx
group::r--
group:mail:rw-
mask::rw-
other::r--

I ktrace'd it and it does look a bit strange:
1121 python3.11 CALL  __acl_set_file(0x820843620,ACL_TYPE_ACCESS,0x22de9fdc0000)
1121 python3.11 NAMI  ""/compat/linux/dev/fd/"14"
1121 python3.11 RET   __acl_set_file -1 errno 2 No such file or directory
1121 python3.11 CALL  close(0xe)
1121 python3.11 RET   close 0

I don’t understand why it is referencing /compat since I don’t have any of that setup and, also why it is double quoted..
I tried mounting a devfs and fdescfs on /compat/linux/dev but it didn’t change anything.

I am now wondering if there is some change to the port which assumes ZFS or similar. In the past it was required to put the sysvol on UFS otherwise it wouldn’t work but times change :)

Any ideas gratefully received, I guess I can try switching to ZFS but that would be a bit of a PITA I would like to avoid unless necessary.

I’ve emailed the FreeBSD porters but haven’t had anything back which changes things.

Thanks

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum

More information about the samba mailing list