В Mon, 6 Nov 2017 08:26:05 +0100 Andrea Venturoli <m...@netfence.it> wrote:
> > To setup a new samba46-based domain controller on ZFS in jail (I'm > > using it with the VIMAGE) you can try following: > > I'm not using VIMAGE (at least not yet). > > > 1. Rebuild the net/samba46 port with the attached patches > > (patch-librpc__idl__xattr.idl, > > patch-python__samba__provision____init__.py) > > > > 2. Initialize new domain with the following command (the last two > > parameters makes magic): > > samba-tool domain provision --use-rfc2307 \ > > --host-name=<YOUR_DC_NAME> \ > > --realm=<YOUR_REALM> \ > > --domain=<YOUR_DOMAIN_NAME> \ > > --adminpass=<password> \ > > --option="vfs objects = acl_xattr" \ > > --option="acl_xattr:ignore system acls = yes" > > > > 3. After successful provisioning, edit /usr/local/etc/smb4.conf: > > - remove or comment out > > vfs objects = acl_xattr > > acl_xattr:ignore system acls = yes > > - add the following: > > vfs objects = zfsacl > > nfs4:mode = special > > nfs4:acedup = merge > > nfs4:chown = yes > > > > 4. Execute `samba-tool ntacl sysvolreset` > > > > 5. Start samba > > Looks like it worked. > Hope I don't get any suprise in the deployment phase... There is an issue, when GPOs are situated on the ZFS: sometimes (when a new file appended?) the GPO's files gets a wrong permissions. So if you will have problems with a group policy, run `samba-tool ntacl sysvolreset` at first... -- Alexander Zagrebin _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
