Date: Wed, 19 Jul 2017 06:24:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 220844] net/samba46 builds successfully unable to provision an AD instance Message-ID: <bug-220844-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220844 Bug ID: 220844 Summary: net/samba46 builds successfully unable to provision an AD instance Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: dewayne@heuristicsystems.com.au Assignee: timur@FreeBSD.org Flags: maintainer-feedback?(timur@FreeBSD.org) Created attachment 184488 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D184488&action= =3Dedit UNSAFE patch replacing SYSTEM with USER namespace SAMBA 4.5.12 successfully builds and installs an AD instance on FreeBSD 11.1 Prerelease (amd64). SAMBA 4.6.6 builds and runs a standalone FS but NOT an AD instance on FreeB= SD 11.1 Prerelease. The fundamental reason is that sysvol is assigned "system" namespace extend= ed attributes. Within a jailed environment this is a show-stopper as use of a "system" namespace returns "Operation not permitted".=20 To provision an AD within a jailed environment, you will need to apply the enclosed patch, prior to building net/samba46. NOTE:=20 1) Andrew Bartlett - SAMBA developer, Authentication: advises that replacing SYSTEM with USER namespaces is an UNSAFE approach. 2) This will reveal the binary content of the extended attribute of interes= t: getextattr user NTACL /var/db/samba4/sysvol/hs|hd ---//--- Message received while provisioning an AD without the attached patch ... Setting up self join set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER. ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received') File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 471, in run nosync=3Dldap_backend_nosync, ldap_dryrun_mode=3Dldap_dryrun_mode) File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision skip_sysvolacl=3Dskip_sysvolacl) File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill names.domaindn, lp, use_ntvfs) File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl service=3DSYSVOL_SERVICE) File "/usr/local/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=3Dservice) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220844-13>