From owner-freebsd-questions@freebsd.org Sun Sep 17 01:19:23 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D96DAE16330 for ; Sun, 17 Sep 2017 01:19:23 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A9FDC6ADA1 for ; Sun, 17 Sep 2017 01:19:22 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 33961622B0; Sat, 16 Sep 2017 21:19:15 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYt8aiw0JX_0; Sat, 16 Sep 2017 21:19:13 -0400 (EDT) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id C69F9621A7; Sat, 16 Sep 2017 21:19:12 -0400 (EDT) Received: from 216.185.71.22 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Sat, 16 Sep 2017 21:19:13 -0400 Message-ID: In-Reply-To: References: Date: Sat, 16 Sep 2017 21:19:13 -0400 Subject: Re: Future of SAMBA on FreeBSD From: "James B. Byrne" To: "Adam Vande More" Cc: "FreeBSD Questions" Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 01:19:24 -0000 On Sat, September 16, 2017 19:49, Adam Vande More wrote: > On Fri, Sep 15, 2017 at 11:02 AM, James B. Byrne via freebsd-questions > < freebsd-questions@freebsd.org> wrote: > > > Are you trying this in a jail? Did you read the relevant UPDATING > entry? > 1. No, this is not being attempted in a jail. 2. Yes, but this is not an update of an existing samba DC but a new installation. The pkg built on FreeBSD-11 but it will not provision as a DC. The issue is tied to the implementation of extended attributes which somehow differs under FreeBSD from Linux. My question was directed at the FreeBSD maintainers since the package maintainer is constrained by the limits enforced by the operating system.A work around that is reported to work is to patch Damba 4.6 to use the default namespace which approach the Samba team deprecate as being insecure. Since this is all well beyond my scope of competence I may have expressed the details poorly but that is my understanding of the situation. What I would appreciate is if someone could explain what the patch does and what its implications for security really are. I would also appreciate information from anyone that has actually applied the patch on FreeBSD. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3