1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] samba on ZFS

    From Andrew Walker via samba@21:1/5 to [email protected] on Sat Mar 11 00:10:02 2017
    I don't believe that ZFS on FreeBSD supports acltype=posixacl and sa-based xattrs.

    For the record, the latest version of samba that I've been successfully
    able to compile on FreeBSD 10.3 is Samba 4.5.5.

    On Mon, Mar 6, 2017 at 11:09 AM, Rowland Penny via samba < [email protected]> wrote:

    On Mon, 6 Mar 2017 17:17:07 +0100
    Klaus Hartnegg via samba <[email protected]> wrote:

    Does it fail only when ZFS is used as root filesystem, or for SYSVOL,
    or does it not even support ZFS just for shared files?
    Not even with "zfs set acltype=posixacl pool/share"?
    The root filesystem is ext4.

    I tried everything I could find on the internet (so I could have missed something), but I couldn't get Samba to provision as an AD DC, YMMV.

    I was using ZFS on Freebsd and could only use UFS, but this also has problems, mainly in trying to get later versions of Samba to compile.

    Rowland



    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Niels Dettenbach (Syndicat IT & Int@21:1/5 to All on Sat Mar 11 08:50:02 2017
    Am 11. März 2017 00:04:13 MEZ schrieb Andrew Walker via samba <[email protected]>:
    I don't believe that ZFS on FreeBSD supports acltype=posixacl and
    sa-based

    If you want to see a working samba / zfs / FreeBSD AD / PDC "ecosystem" i recommend just trying and exploring the open FreeBSD based "FreeNAS" which offers / allows exactly this.

    We run several Samba 4 with ACL / AD (managed by MS RSAT) on FreeNAS, which anything held on ZFS (except a read only boot partition on USB / flash usually. FreeNAS uses some kind of ntfsv4 acls on ZFS which have "similiar" features, but a bit other
    semantics, to "emulate" acls for samba - works well.

    The current FreeNAS does not providing setting up a AD/PDC by the web GUI (but is planned) afaik, but there are some howtos which decsribe the steps by hand.

    Possibly this helps in understanding the concept regarding usage in your own FreeBSD installation.

    hth a bit,

    Niels.
    --
    Niels Dettenbach
    Syndicat IT & Internet
    http://www.Syndicat.com

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rowland Penny via samba@21:1/5 to [email protected] on Sat Mar 11 10:00:01 2017
    On Sat, 11 Mar 2017 08:18:26 +0100
    "Niels Dettenbach \(Syndicat IT & Internet\) via samba"
    <[email protected]> wrote:

    Am 11. März 2017 00:04:13 MEZ schrieb Andrew Walker via samba <[email protected]>:
    I don't believe that ZFS on FreeBSD supports acltype=posixacl and
    sa-based

    If you want to see a working samba / zfs / FreeBSD AD / PDC
    "ecosystem" i recommend just trying and exploring the open FreeBSD
    based "FreeNAS" which offers / allows exactly this.

    We run several Samba 4 with ACL / AD (managed by MS RSAT) on FreeNAS,
    which anything held on ZFS (except a read only boot partition on
    USB / flash usually. FreeNAS uses some kind of ntfsv4 acls on ZFS
    which have "similiar" features, but a bit other semantics, to
    "emulate" acls for samba - works well.


    From what I can see, Freenas is using Samba 4.3.6 and if it is using
    ZFS, it is probably also using the ntvfs filesystem instead of 3fs.
    This could be a problem with Freenas 10, it uses a later version of
    Samba, where by default, ntvfs is turned off.

    Samba does not understand ntvfsv4 ACLs, this is where the problem lies,
    you cannot provision Samba as an AD DC on ZFS.

    Also, there is no such thing as an AD/PDC, a PDC is an NT4-style domain controller. All AD domain controllers are equal, so there is no such
    concept as an AD primary DC. I suppose you could refer to the initial
    DC as 'The First Domain Controller I Set UP', but do you really want to
    call it a 'TFDCISU' ?? ;-)

    Rowland

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Walker via samba@21:1/5 to [email protected] on Mon Mar 13 16:50:02 2017
    FreeNAS 9.10.2-STABLE has Samba 4.5.5. By default "zfsacl" is enabled on
    all samba shares. Additionally the zfs "aclmode" property is set to "restricted" on all samba shares (except I believe the sysvol share). I
    believe on the sysvol dataset / share, the aclmode is set to "passthrough"
    and "zfsacl" is not enabled. I do not use freenas as and ADDC and so can't comment about specific configuration changes that are made in that regard,
    but I am happy to speculate that they probably handle ACLs on the sysvol
    share via acl_xattr while the underlying filesystem happily pretends it's a normal Unix FS. Jordan Hubbard recently wrote a decent summary of the
    choices FreeNAS made with respect to handling ACLs here: https://forums.freenas.org/index.php?threads/update-on-smb-permissions-docker-containers-zfs-a-brief-history-of-posix-perms-etc.51272/

    The source for the FreeNAS 9.10l.2 script that generates its smb.conf file
    is here: https://github.com/freenas/freenas/blob/9.10.2-STABLE/src/freenas/usr/local/libexec/nas/generate_smb4_conf.py

    I do vaguely recall some problems people had when they tried to place the sysvol share on a dataset with the aclmode set to "restricted"... well, not
    the exact problems, but rather a general wailing and gnashing of teeth.

    On Sat, Mar 11, 2017 at 2:50 AM, Rowland Penny via samba < [email protected]> wrote:

    On Sat, 11 Mar 2017 08:18:26 +0100
    "Niels Dettenbach \(Syndicat IT & Internet\) via samba" <[email protected]> wrote:

    Am 11. März 2017 00:04:13 MEZ schrieb Andrew Walker via samba <[email protected]>:
    I don't believe that ZFS on FreeBSD supports acltype=posixacl and >sa-based

    If you want to see a working samba / zfs / FreeBSD AD / PDC
    "ecosystem" i recommend just trying and exploring the open FreeBSD
    based "FreeNAS" which offers / allows exactly this.

    We run several Samba 4 with ACL / AD (managed by MS RSAT) on FreeNAS,
    which anything held on ZFS (except a read only boot partition on
    USB / flash usually. FreeNAS uses some kind of ntfsv4 acls on ZFS
    which have "similiar" features, but a bit other semantics, to
    "emulate" acls for samba - works well.


    From what I can see, Freenas is using Samba 4.3.6 and if it is using
    ZFS, it is probably also using the ntvfs filesystem instead of 3fs.
    This could be a problem with Freenas 10, it uses a later version of
    Samba, where by default, ntvfs is turned off.

    Samba does not understand ntvfsv4 ACLs, this is where the problem lies,
    you cannot provision Samba as an AD DC on ZFS.

    Also, there is no such thing as an AD/PDC, a PDC is an NT4-style domain controller. All AD domain controllers are equal, so there is no such
    concept as an AD primary DC. I suppose you could refer to the initial
    DC as 'The First Domain Controller I Set UP', but do you really want to
    call it a 'TFDCISU' ?? ;-)

    Rowland

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)