Date: Thu, 21 May 2020 15:31:42 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: "Andrea Venturoli" <ml@netfence.it> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD as an Active Directory Domain Controller Message-ID: <1d6dd578eadaf13def02280d06f37ffe.squirrel@webmail.harte-lyne.ca> In-Reply-To: <mailman.411.1590057680.4501.freebsd-questions@freebsd.org> References: <mailman.411.1590057680.4501.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 20, 2020 13:16, Andrea Venturoli wrote: > On 2020-05-20 19:09, James B. Byrne via freebsd-questions wrote: > >> What I would like to find out is whether it is at all possible to have a >> samba-4.10 (or 4.11) based AD on FreeBSD using ZFS with multiple DCs and >> replication. Is someone has this working I would appreciate being told how it >> is done. > > Hi James. > Sounds like the same question you asked ten days ago, which I already > answered briefly (I use rsync). > > Perhaps you could tell what you tried, how you did it and how it is > going wrong? > I have a DC that was setup on FreeBSD-10.3 using samba-4.3 and UFS. At the time samba on FreeBSD could only be set up on ufs. Samba-4.4 and later removed support for nt style acls, that samba on FreeBSD required. Samba43 disappeared with the update to 10.4 and Samba-4.4 did not work, so that system could not be updated. Fast forward to now. Samba410-4.10.15 on FreeBSD-12.1p5 and using ZFS now can be provisioned as a DC so acls obviously must be working on ZFS, I created a Samab410 instance, checked that it could provision, undid that work and reinstalled samba and used samba-tool to join the existing domain. I then attempted to replicate the sysvol using rsync. However, I get acl error messages when I do that and the resulting permissions do not resemble what I see on the DC. rsync -XAavz --delete-after --rsh='ssh' [192.168.8.65]:/var/db/samba4/sysvol /var/db/samba4 receiving file list ... done rsync: set_acl: sys_acl_set_file(sysvol, ACL_TYPE_ACCESS): Invalid argument (22) rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca, ACL_TYPE_ACCESS): Invalid argument (22) rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca/Policies, ACL_TYPE_ACCESS): Invalid argument (22) I have gone down different routes to get around this block but I keep being stymied by one incompatibility or another, to the point where today I installed Debian on a BHyve vm to see id rsync behaves any differently on it than on FreeBSD. What I am looking for some guidance as to what is supposed to work and has been observed to work by someone running a multi DC environment of FreeBSD and zfs. I presume that if I can provision a new domain on samba41 then I can likewise set the acls using rsat. However, if one can only have one DC in that configuration because replication via rsync does not work on FreeBSD then that is no better than what I have now. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1d6dd578eadaf13def02280d06f37ffe.squirrel>