Unimatrix01
Cadet
- Joined
- Sep 26, 2015
- Messages
- 5
I'm trying to configure FreeNAS as a domain controller. It all seems to go well, I've joined a Windows box to the domain, I can authenticate and access the CIFS shares. However, I hit a snag when trying to create group policies. Every time I try to create a new group policy using Windows remote server admin tools, I get an error message "The parameter is incorrect." I can edit the existing GPOs just fine, I just can't create new ones.
FreeNAS is running in VirtualPC, as is a windows 7 install. I'm running FreeNAS-9.3-STABLE-201509220011 with the latest updates as of the time of this post.:
[root@PDC] ~# uname -a
FreeBSD PDC.MY.LOCALDOMAIN 9.3-RELEASE-p26 FreeBSD 9.3-RELEASE-p26 #1 r281084+59f7d05: Mon Sep 21 11:47:33 PDT 2015 root@build3.ixsystems.com:/tank/home/jkh/build/FN/objs/os-base/amd64/tank/home/jkh/build/FN/FreeBSD/src/sys/FREENAS.amd64 amd64
I'm thinking the error has something to do with the permissions on the SYSVOL folder. When I set samaba to level 3 logging, I see this in the smbd.log file:
[2015/09/27 09:42:23.500575, 3] ../source3/smbd/posix_acls.c:3722(set_nt_acl)
set_nt_acl: chown my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754}. uid = 3000011, gid = 3000011.
[2015/09/27 09:42:23.502230, 2] ../source3/smbd/posix_acls.c:3014(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754} (Invalid argument).
[2015/09/27 09:42:23.502261, 3] ../source3/smbd/posix_acls.c:3831(set_nt_acl)
set_nt_acl: failed to set file acl on file my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754} (Invalid argument).
(B258EC... is the ID of the new policy I'm trying to create)
I also tried using samba-tool to create a GPO. This gets a little further than doing it from Windows, but still fails:
[root@PDC] ~# samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn : CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn : CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
[root@PDC] ~# samba-tool gpo create Test -U administrator
Password for [MY\administrator]:
ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received')
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1000, in run
conn.set_acl(sharepath, fs_sd, sio)
[root@PDC] ~# samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn : CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn : CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {A920745B-0C79-400C-8961-F09CFE912156}
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 319, in run
self.outf.write("display name : %s\n" % m['displayName'][0])
If I open the group policy management console, it shows a new GPO, but it has no name, and whenever I try to edit / open it Windows complains that "The permissions for this GPO in the SYSVOL folder are inconsistent with those in ACtive Directory. It is recommended that these permissions be consistent. To change the SYSVOL permissions to those in Active Directory, click OK."
If I press "OK" I get the error "The parameter is incorrect."
If I use samba-tool to check the ACL permissions:
[root@PDC] ~# samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
[root@PDC] ~# samba-tool ntacl sysvolcheck
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
No builtin backend found, trying to load plugin
Module 'samba_dsdb' loaded
ldb_wrap open of idmap.ldb
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
if I use samba-tool to try and do a sysvolreset I get:
[root@PDC] ~# samba-tool ntacl sysvolreset
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
No builtin backend found, trying to load plugin
Module 'samba_dsdb' loaded
ldb_wrap open of idmap.ldb
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 218, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1551, in setsysvolacl
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
That last message seems to suggest that where the samba sysvol folder is doesn't support ACLs, but it does have the nfsv4acls property on it:
[root@PDC] ~# mount
freenas-boot/ROOT/FreeNAS-9.3-STABLE-201509220011 on / (zfs, local, noatime, nfsv4acls)
devfs on /dev (devfs, local, multilabel)
tmpfs on /etc (tmpfs, local)
tmpfs on /mnt (tmpfs, local)
tmpfs on /var (tmpfs, local)
freenas-boot/grub on /boot/grub (zfs, local, noatime, nfsv4acls)
DATA on /mnt/DATA (zfs, local, nfsv4acls)
DATA/.system on /var/db/system (zfs, local, nfsv4acls)
DATA/.system/cores on /var/db/system/cores (zfs, local, nfsv4acls)
DATA/.system/samba4 on /var/db/system/samba4 (zfs, local, nfsv4acls)
DATA/.system/syslog-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/syslog-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
DATA/.system/rrd-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/rrd-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
DATA/.system/configs-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/configs-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
Here is my Samba configuration:
[root@PDC] ~# cat /etc/local/smb4.conf
[global]
server max protocol = SMB2
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 117182
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = active directory domain controller
netbios name = PDC
workgroup = MY
realm = MY.LOCALDOMAIN
dns forwarder = 10.0.0.1
idmap_ldb:use rfc2307 = yes
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3
[sysvol]
path = /var/db/samba4/sysvol
read only = no
[netlogon]
path = /var/db/samba4/sysvol/my.localdomain/scripts
read only = no
So at this point I'm stumped. At this point I'm at the ends of what I know of FreeNAS, FreeBSD, and ACL. Can anyone please help me?
Thanks!
FreeNAS is running in VirtualPC, as is a windows 7 install. I'm running FreeNAS-9.3-STABLE-201509220011 with the latest updates as of the time of this post.:
[root@PDC] ~# uname -a
FreeBSD PDC.MY.LOCALDOMAIN 9.3-RELEASE-p26 FreeBSD 9.3-RELEASE-p26 #1 r281084+59f7d05: Mon Sep 21 11:47:33 PDT 2015 root@build3.ixsystems.com:/tank/home/jkh/build/FN/objs/os-base/amd64/tank/home/jkh/build/FN/FreeBSD/src/sys/FREENAS.amd64 amd64
I'm thinking the error has something to do with the permissions on the SYSVOL folder. When I set samaba to level 3 logging, I see this in the smbd.log file:
[2015/09/27 09:42:23.500575, 3] ../source3/smbd/posix_acls.c:3722(set_nt_acl)
set_nt_acl: chown my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754}. uid = 3000011, gid = 3000011.
[2015/09/27 09:42:23.502230, 2] ../source3/smbd/posix_acls.c:3014(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754} (Invalid argument).
[2015/09/27 09:42:23.502261, 3] ../source3/smbd/posix_acls.c:3831(set_nt_acl)
set_nt_acl: failed to set file acl on file my.localdomain/Policies/{B258EC33-B594-49BF-B2DA-293BEB006754} (Invalid argument).
(B258EC... is the ID of the new policy I'm trying to create)
I also tried using samba-tool to create a GPO. This gets a little further than doing it from Windows, but still fails:
[root@PDC] ~# samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn : CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn : CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
[root@PDC] ~# samba-tool gpo create Test -U administrator
Password for [MY\administrator]:
ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received')
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1000, in run
conn.set_acl(sharepath, fs_sd, sio)
[root@PDC] ~# samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn : CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\my.localdomain\sysvol\my.localdomain\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn : CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=my,DC=localdomain
version : 0
flags : NONE
GPO : {A920745B-0C79-400C-8961-F09CFE912156}
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 319, in run
self.outf.write("display name : %s\n" % m['displayName'][0])
If I open the group policy management console, it shows a new GPO, but it has no name, and whenever I try to edit / open it Windows complains that "The permissions for this GPO in the SYSVOL folder are inconsistent with those in ACtive Directory. It is recommended that these permissions be consistent. To change the SYSVOL permissions to those in Active Directory, click OK."
If I press "OK" I get the error "The parameter is incorrect."
If I use samba-tool to check the ACL permissions:
[root@PDC] ~# samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
[root@PDC] ~# samba-tool ntacl sysvolcheck
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
No builtin backend found, trying to load plugin
Module 'samba_dsdb' loaded
ldb_wrap open of idmap.ldb
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
if I use samba-tool to try and do a sysvolreset I get:
[root@PDC] ~# samba-tool ntacl sysvolreset
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
No builtin backend found, trying to load plugin
Module 'samba_dsdb' loaded
ldb_wrap open of idmap.ldb
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 218, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1551, in setsysvolacl
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
That last message seems to suggest that where the samba sysvol folder is doesn't support ACLs, but it does have the nfsv4acls property on it:
[root@PDC] ~# mount
freenas-boot/ROOT/FreeNAS-9.3-STABLE-201509220011 on / (zfs, local, noatime, nfsv4acls)
devfs on /dev (devfs, local, multilabel)
tmpfs on /etc (tmpfs, local)
tmpfs on /mnt (tmpfs, local)
tmpfs on /var (tmpfs, local)
freenas-boot/grub on /boot/grub (zfs, local, noatime, nfsv4acls)
DATA on /mnt/DATA (zfs, local, nfsv4acls)
DATA/.system on /var/db/system (zfs, local, nfsv4acls)
DATA/.system/cores on /var/db/system/cores (zfs, local, nfsv4acls)
DATA/.system/samba4 on /var/db/system/samba4 (zfs, local, nfsv4acls)
DATA/.system/syslog-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/syslog-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
DATA/.system/rrd-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/rrd-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
DATA/.system/configs-5ece5c906a8f4df886779fae5cade8a5 on /var/db/system/configs-5ece5c906a8f4df886779fae5cade8a5 (zfs, local, nfsv4acls)
Here is my Samba configuration:
[root@PDC] ~# cat /etc/local/smb4.conf
[global]
server max protocol = SMB2
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 117182
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = active directory domain controller
netbios name = PDC
workgroup = MY
realm = MY.LOCALDOMAIN
dns forwarder = 10.0.0.1
idmap_ldb:use rfc2307 = yes
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3
[sysvol]
path = /var/db/samba4/sysvol
read only = no
[netlogon]
path = /var/db/samba4/sysvol/my.localdomain/scripts
read only = no
So at this point I'm stumped. At this point I'm at the ends of what I know of FreeNAS, FreeBSD, and ACL. Can anyone please help me?
Thanks!
