From owner-freebsd-questions@freebsd.org Sun Sep 17 21:18:34 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5DD93E05F0A for ; Sun, 17 Sep 2017 21:18:34 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 227D96E981 for ; Sun, 17 Sep 2017 21:18:34 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: by mail-it0-x22f.google.com with SMTP id g18so7445523itg.5 for ; Sun, 17 Sep 2017 14:18:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DjrwuMGyLhuZSp4OWNzahsWImSpkH3tMxvHHwVIdT0Y=; b=V6imGbaAGZf0/BC5ygW6Xz9i7x1iuV0SlB4doDRTm3pJatuQahwGlF/W2Jjae3ZkNn kdscjAqcxrx1FZ9c/QHyY+qydsQIMKHgY06E505DjjzjifGzN3ua9Bf4QyzNCwnr8BV8 WYMioS9SVYqILzhC69dAy37zIDVrF3LuWTylVlrOcMmjcoqqWKP5U5R4VDoEXH6ii9aN I+dG6Bdb9eX3QaIXk6Nmh33a1pBABT8bYjBjuLYrDIut0wqftzclV0wcmfTQXTCbGV7F sbzA9UepdFESn5x5qXqXrntA5Uen/LA3O2ZBNK3wgXtccRr6HPYhJmq2unpFGOsNfs+X gGEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DjrwuMGyLhuZSp4OWNzahsWImSpkH3tMxvHHwVIdT0Y=; b=MNvUvnLOoqYkFHn9jpt8U8crT4BiC9g8mcJl6ru/BXtbe17Q89oc/e1INIlfsNe9lV PbjOMIUOk1duq3HctkfV54q8KUHs/0C2MMAM0jhX4dQAP/yk6lN/AUD/iBdO7bIbl7vs bBFKsFOPOhrEZQCekrkMeevqH7LLiBz0gnddGsNBxSH6W5U3SjoQOL3mAK4cNepxnfKB XU+uXiz272IZ0GrVBh7EnkKY+vfY0/rDBDLa3Ndcm6xiT9W5PVnAXtFgHv8ohciJyLKO 44xndbO7sgBiwx9eGmKWIokG/lLqeVUiMEm5ZHQS6k8+T/LySaZWTG3Bom6M82ypWw7F MWSQ== X-Gm-Message-State: AHPjjUjfVyYBOsPxoujHC2mUlvftxnh1oRc3EGUUeuK2bd+ELR03P4Zi CBp+jJI1VVbfCTaz/nEdXZ8BLsA12xsFHRTL/Ps= X-Google-Smtp-Source: AOwi7QDzG7m/h13AZ0qiY9l+krr8JhiNfslMnUgDFFELPYocbYGfD77VEabM0hcuA7ftWVlspQbPAcqo3KU/YsWwLYU= X-Received: by 10.36.3.145 with SMTP id e139mr14579029ite.18.1505683113384; Sun, 17 Sep 2017 14:18:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.145.141 with HTTP; Sun, 17 Sep 2017 14:18:32 -0700 (PDT) In-Reply-To: <411eb82456c15c41763909673a63208b.squirrel@webmail.harte-lyne.ca> References: <411eb82456c15c41763909673a63208b.squirrel@webmail.harte-lyne.ca> From: Adam Vande More Date: Sun, 17 Sep 2017 16:18:32 -0500 Message-ID: Subject: Re: Future of SAMBA on FreeBSD To: "James B. Byrne" Cc: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 21:18:34 -0000 On Sun, Sep 17, 2017 at 2:55 PM, James B. Byrne wrote: > On Sat, September 16, 2017 23:02, Adam Vande More wrote: > > >> > > > > The bug you linked to has nothing to do with the issue of trying to > > provision a DC on a non-jailed FreeBSD installation. > > The issue the bug addresses may not, but the bug itself certainly does. > What? It doesn't seem like you have a good enough understanding to make a claim like that. It is quite clear that bug is relavant only to jailed instances of samba, and VFS related perms. Your current was already explained to you once, and you've been reminded of it. > I had exactly the same provisioning problem with 4.5 and 4.4. The > last version of Samba that provisioned successfully for me on > FreeBSD-11 was 4.3. > Works great here: root@samba:~ # pkg info | grep samba samba45-4.5.12 Free SMB/CIFS and AD/DC server and client for Unix root@samba:~ # samba-tool domain provision --use-rfc2307 --interactive Realm: foo.com Domain [foo]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: none Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=foo,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=foo,DC=com Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/db/samba4/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: samba NetBIOS Domain: FOO DNS Domain: foo.com DOMAIN SID: S-1-5-21-1080825900-187052096-556735549 -- Adam