From owner-freebsd-questions@freebsd.org Fri May 22 13:12:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6E482C891D for ; Fri, 22 May 2020 13:12:15 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (mx32.harte-lyne.ca [216.185.71.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx32.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49T6Mz0cLNz4HxB for ; Fri, 22 May 2020 13:12:14 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (localhost [127.0.32.1]) by mx32.harte-lyne.ca (Postfix) with ESMTP id F086029DB2; Fri, 22 May 2020 09:12:13 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from mx32.harte-lyne.ca ([127.0.32.1]) by mx32.harte-lyne.ca (mx32.harte-lyne.ca [127.0.32.1]) (amavisd-new, port 10024) with ESMTP id QmRHR3cYhzmo; Fri, 22 May 2020 09:12:12 -0400 (EDT) Received: from webmail.harte-lyne.ca (webmail.hamilton.harte-lyne.ca [216.185.71.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx32.harte-lyne.ca (Postfix) with ESMTPSA id C201029DA9; Fri, 22 May 2020 09:12:11 -0400 (EDT) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 22 May 2020 09:12:12 -0400 Message-ID: <085bece010a4c2855557dd2574796401.squirrel@webmail.harte-lyne.ca> In-Reply-To: <67e6f02205a0f4e87de826c61ef75f6d@dweimer.net> References: <1d6dd578eadaf13def02280d06f37ffe.squirrel@webmail.harte-lyne.ca> <67e6f02205a0f4e87de826c61ef75f6d@dweimer.net> Date: Fri, 22 May 2020 09:12:12 -0400 Subject: Re: FreeBSD as an Active Directory Domain Controller From: "James B. Byrne" To: dweimer@dweimer.net Cc: "Andrea Venturoli" , freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.23 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Rspamd-Queue-Id: 49T6Mz0cLNz4HxB X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.95 / 15.00]; HAS_REPLYTO(0.00)[byrnejb@harte-lyne.ca]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[harte-lyne.ca:s=dkim_hll]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:216.185.71.0/26:c]; NEURAL_HAM_LONG(-0.99)[-0.989]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_ADDR_EQ_FROM(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; DWL_DNSWL_LOW(-1.00)[harte-lyne.ca:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[216.185.71.32:from]; DKIM_TRACE(0.00)[harte-lyne.ca:+]; HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-1.24)[-1.238]; DMARC_POLICY_ALLOW(-0.50)[harte-lyne.ca,quarantine]; NEURAL_HAM_MEDIUM(-1.02)[-1.020]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12021, ipnet:216.185.64.0/20, country:CA] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2020 13:12:16 -0000 On Thu, May 21, 2020 21:11, Dean E. Weimer wrote: > > Did you make sure to set your zfs data set aclmode and and aclinherit > options to passthrough? Yes, the samba410 instances are installed on iocage jails and the properties are set to: zfs get all zroot/iocage/jails/samba-0{2..3} | grep acl zroot/iocage/jails/samba-02 aclmode passthrough inherited from zroot/iocage/jails zroot/iocage/jails/samba-02 aclinherit passthrough inherited from zroot/iocage/jails zroot/iocage/jails/samba-03 aclmode passthrough inherited from zroot/iocage/jails zroot/iocage/jails/samba-03 aclinherit passthrough inherited from zroot/iocage/jails > I am running Samba 4.11.8 on two FreeBSD 12.1p5 systems I did the > initial install on 12.1 not sure which patch at the time with Samba 4.10 > and then switched to 4.11. Though this was setup as a test system and > only has a few accounts on it. Syncing at 5 minute intervals with > rsync -XAavq --delete-after -e "ssh" --progress > root@samba1.dweimer.me:/var/db/samba4/sysvol/ /var/db/samba4/sysvol > Its not returning any errors, but then again there is not a lot of > changes occurring. > My problem is that I cannot tell if the issue is with rsync or not, whether the switch between samba43 ntacls on ufs and samba410 acls on zfs is the cause, or if something is inherently wrong with samba running on top of zfs. If it one of the former two then, although painful, it is possible to set up a new domain entirely on FreeBSD and copy the the users and their profiles over. This is how we moved from Windows server to FreeBSD. But I cannot do this if the issue is that I cannot get replication working. I have set up a Debian vm using byhve and I am going to see if rsyncing to it from the DC gives the same errors. If rsync continues to throw errors then the issue lies with the acl implementation on 10.3 and there will be nothing I can do to salvage the domain. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3