Web lists-archives.com

Re: [Samba] FreeBSD-11 and Samba-4.6 as a DC

On Wed, 12 Jul 2017 13:36:01 +1000
Dewayne Geraghty <dewayne.geraghty@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> Rowland, Are you saying that Samba46 won't provision on a file system
> that has NFSv4 ACL enabled, rather than POSIX.1e (or no additional
> ACL's, the usual default settings which allow only
> owner:group:other) ? I would've thought that Samba would more closely
> emulate Windows with the richer ACLs from NFSv4...

At present, a Samba AD DC must be provisioned on a filesystem that
supports the type of ACLs that ext4 supports, this unfortunately
doesn't include NFSv4 ACLs.

> James - I have FreeBSD11.1Prelease with AD provisioned. (no NFSv4).
> And contrary to Ref [1] below, Extended ACL's are enabled by default.

If Freebsd has modified Samba so that it will provision and run on
NFSv4 ACLs, then I would suggest they prepare patches and submit them
to the samba-technical mailing list. This is always provided they are
not just using the deprecated ntvfs server.

> Its seems that Samba *must* run a separate member server (or
> standalone) for both samba4 and nfsv4 to co-exist (and use nfsv4
> ACLs)?

Yes, running Samba as a Unix domain member will work, but it is
possible you will not be able to set ACLs from windows.

> Previously it has been very unclear (ref 3-Volker's comment) whether
> to use POSIX or nfsv4 ACL's.  Though the wiki is clearer now.  And
> for the reference, FreeBSD's getfacl and setfacl operate on POSIX and
> NFSv4 ACLs

At the moment, Samba, on a DC, has no concept of NFSv4 ACLs, so you
need to use a filesystem such as ext4. I have tried UFS and ZFS on
Freebsd and cannot get either to work with a Samba AD DC.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba