On 11/02/17 08:09, Alexander Zagrebin wrote:
В Wed, 1 Nov 2017 16:01:18 +0100
Andrea Venturoli <m...@netfence.it> пишет:
It seems it's offtopic here, but I'll try to answer.
Doh!
I was going to write to -port, but wrote -net in the end...
Sorry!
To setup a new samba46-based domain controller on ZFS in jail (I'm
using it with the VIMAGE) you can try following:
I'm not using VIMAGE (at least not yet).
1. Rebuild the net/samba46 port with the attached patches
(patch-librpc__idl__xattr.idl, patch-python__samba__provision____init__.py)
2. Initialize new domain with the following command (the last two
parameters makes magic):
samba-tool domain provision --use-rfc2307 \
--host-name=<YOUR_DC_NAME> \
--realm=<YOUR_REALM> \
--domain=<YOUR_DOMAIN_NAME> \
--adminpass=<password> \
--option="vfs objects = acl_xattr" \
--option="acl_xattr:ignore system acls = yes"
3. After successful provisioning, edit /usr/local/etc/smb4.conf:
- remove or comment out
vfs objects = acl_xattr
acl_xattr:ignore system acls = yes
- add the following:
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
4. Execute `samba-tool ntacl sysvolreset`
5. Start samba
Looks like it worked.
Hope I don't get any suprise in the deployment phase...
Thank you very much!!!
It is not ideal solution, but it seems to be working,
despite there are another resolvable issues (with BIND9_DLZ
and so on)...
I'm using internal DNS, anyway...
I've sent patches to the port maintainer, but have no answer.
Perhaps you could try and file a bug report?
At the very least users would be able to find your patches.
bye & Thanks
av.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
