From owner-freebsd-net@freebsd.org Wed Nov 1 15:01:31 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 04760E5DC84 for ; Wed, 1 Nov 2017 15:01:31 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp209.alice.it (smtp209.alice.it [82.57.200.105]) by mx1.freebsd.org (Postfix) with ESMTP id 92F3A718B4 for ; Wed, 1 Nov 2017 15:01:29 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (212.171.20.179) by smtp209.alice.it (8.6.060.28) id 59A3DB800931D132 for freebsd-net@freebsd.org; Wed, 1 Nov 2017 16:01:24 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id vA1F1NQG053803 for ; Wed, 1 Nov 2017 16:01:23 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: Help provisioning a Samba AD in a jail on ZFS To: freebsd-net@freebsd.org Message-ID: <57dc8e1e-6e38-456d-f70d-291d6bf68bb8@netfence.it> Date: Wed, 1 Nov 2017 16:01:18 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2017 15:01:31 -0000 Hello. As per subject, I'm building a new box which must host a jail running a Samba AD, but I have trouble provisioning it. Currently I'm trying samba44. I read a lot of material and I think I understand the problem: it seems the "samba-tool provision" script is incompatible with NFSv4ACL used by ZFS. AFAICT this issue has been raised, the Samba team has acknowledged a patch should be made, but so far nothing happened. So I'm looking into workarounds: a) someone suggest installing samba43, provision, then upgrade to samba44. In fact this is some path I went through a couple of times in the past (on UFS, however). Alas samba43 is no longer there. b) I think I might get around this by provisioning with the deprecated NTVFS, then switch to S3FS. Unfortunately samba44 does not build NTVFS anymore, unless the DEVELOPER option is used; but if the DEVELOPER option is used compilation (on Poudriere) fails with: > ../source4/lib/socket/socket_ip.c:864:12: error: comparison of array 'addr.__u6_addr.__u6_addr8' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare] > if (addr.s6_addr == 0) { > ~~~~~^~~~~~~ ~ > /usr/include/netinet6/in6.h:103:29: note: expanded from macro 's6_addr' > #define s6_addr __u6_addr.__u6_addr8 > ^ > 1 error generated. c) I tried creating a ZVOL, formatting it with UFS, mounting it with ACLs inside the jail, but still provisioning says I have no ACL support. d) I know samba46 is incompatible with jails (at least as AD DC), but didn't try samba45. AFAICT, however, nothing should have improved WRT to my problem. So, after spending a couple of days on this and before spending another week trying every path, I tought I'd ask... Should I temporarily revive samba43? Can samba44 with NTVFS compilation error be fixed? Should I try samba45 or is it just a waste of time? Would creating a jail on another (UFS) box and then moving /var/db/samba4 and smb4.conf here work? I'm open to any other suggestion as long as the objective (AD in a jail on ZFS) is met in the end. bye & Thanks av.