Date: Fri, 22 May 2020 09:12:12 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: dweimer@dweimer.net Cc: "Andrea Venturoli" <ml@netfence.it>, freebsd-questions@freebsd.org Subject: Re: FreeBSD as an Active Directory Domain Controller Message-ID: <085bece010a4c2855557dd2574796401.squirrel@webmail.harte-lyne.ca> In-Reply-To: <67e6f02205a0f4e87de826c61ef75f6d@dweimer.net> References: <mailman.411.1590057680.4501.freebsd-questions@freebsd.org> <1d6dd578eadaf13def02280d06f37ffe.squirrel@webmail.harte-lyne.ca> <67e6f02205a0f4e87de826c61ef75f6d@dweimer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 21, 2020 21:11, Dean E. Weimer wrote:
>
> Did you make sure to set your zfs data set aclmode and and aclinherit
> options to passthrough?
Yes, the samba410 instances are installed on iocage jails and the properties
are set to:
zfs get all zroot/iocage/jails/samba-0{2..3} | grep acl
zroot/iocage/jails/samba-02 aclmode passthrough
inherited from zroot/iocage/jails
zroot/iocage/jails/samba-02 aclinherit passthrough
inherited from zroot/iocage/jails
zroot/iocage/jails/samba-03 aclmode passthrough
inherited from zroot/iocage/jails
zroot/iocage/jails/samba-03 aclinherit passthrough
inherited from zroot/iocage/jails
> I am running Samba 4.11.8 on two FreeBSD 12.1p5 systems I did the
> initial install on 12.1 not sure which patch at the time with Samba 4.10
> and then switched to 4.11. Though this was setup as a test system and
> only has a few accounts on it. Syncing at 5 minute intervals with
> rsync -XAavq --delete-after -e "ssh" --progress
> root@samba1.dweimer.me:/var/db/samba4/sysvol/ /var/db/samba4/sysvol
> Its not returning any errors, but then again there is not a lot of
> changes occurring.
>
My problem is that I cannot tell if the issue is with rsync or not, whether the
switch between samba43 ntacls on ufs and samba410 acls on zfs is the cause, or
if something is inherently wrong with samba running on top of zfs. If it one
of the former two then, although painful, it is possible to set up a new domain
entirely on FreeBSD and copy the the users and their profiles over. This is
how we moved from Windows server to FreeBSD.
But I cannot do this if the issue is that I cannot get replication working.
I have set up a Debian vm using byhve and I am going to see if rsyncing to it
from the DC gives the same errors. If rsync continues to throw errors then the
issue lies with the acl implementation on 10.3 and there will be nothing I can
do to salvage the domain.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?085bece010a4c2855557dd2574796401.squirrel>