On Thu 19/06/2025 17:31, otto.cooper wrote:
> I am afraid of asking.
>
> Suppose your /etc/samba/smb.conf includes the following line.
>
> > server role = active directory domain controller
>
> This is what happens.
>
> ```
> > doas testparm
>
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
>
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> Press enter to see a dump of your service definitions
>
> [This means that the configuration is sound.]
>
> > doas rcctl enable samba
> > doas rcctl start samba
>
> > cat /var/log/samba/smbd.log
>
> [2025/06/19 19:03:59.775188, 0] ../../source3/smbd/server.c:2029(main)
> main: server role = 'active directory domain controller' not compatible with
> running smbd standalone.
> You should start 'samba' instead, and it will control starting smbd if
> required
>
> > which samba
> which: samba: Command not found.
>
> > which samba-tool
> /usr/local/bin/samba-tool
>
> > doas samba-tool -h
> samba-tool: missing subcommand
>
> ERROR(<class 'ModuleNotFoundError'>): uncaught exception - No module named
> 'cryptography'
> File "/usr/local/lib/python3.12/site-packages/samba/netcmd/main.py", line 94,
> in samba_tool
> ret = cmd._run(*argv)
> ^^^^^^^^^^^^^^^
> File "/usr/local/lib/python3.12/site-packages/samba/netcmd/__init__.py", line
> 439, in _run
> cmd = self.subcommands[cmd_name]
> ~~~~~~~~~~~~~~~~^^^^^^^^^^
> File "/usr/local/lib/python3.12/site-packages/samba/netcmd/main.py", line 37,
> in __getitem__
> self[attr] = getattr(__import__('samba.netcmd.%s' % package,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/local/lib/python3.12/site-packages/samba/netcmd/delegation.py",
> line 23, in <module>
> from samba import provision
> File "/usr/local/lib/python3.12/site-packages/samba/provision/__init__.py",
> line 76, in <module>
> from samba.gkdi import (
> File "/usr/local/lib/python3.12/site-packages/samba/gkdi.py", line 25, in
> <module>
> from cryptography.hazmat.primitives import hashes
>
> > doas find /usr -name '*samba*' | grep bin
> /usr/local/bin/samba-log-parser
> /usr/local/bin/samba-tool
> /usr/local/lib/samba/libinterfaces-private-samba.so
> /usr/local/sbin/samba-gpupdate
>
> > cat /etc/rc.d/samba
>
> #!/bin/ksh
>
> # "meta" script running the following rc.d(8) scripts with the given argument;
> # note that "daemon_*" variables are not passed to the child scripts.
> _pkg_scripts="smbd nmbd"
>
> if [[ $1 == restart ]]; then
> $0 stop && $0 start
> exit
> fi
>
> if [[ $1 == stop ]]; then
> for _i in ${_pkg_scripts}; do _l="${_i} ${_l}"; done
> _pkg_scripts=${_l% }
> fi
>
> for _i in ${_pkg_scripts}; do
> if [[ -x /etc/rc.d/${_i} ]]; then
> /etc/rc.d/${_i} $@ || exit $?
> fi
> done
>
> > pkg_info samba
> Information for inst:samba-4.22.2v0
>
> Comment:
> SMB and CIFS client and server for UNIX
>
> Description:
> The Samba suite is a set of programs that implement a server for the
> Windows file- and printer-sharing protocols (SMB/CIFS) and Active
> Directory compatible Domain Controller.
>
> Maintainer: Ian McWilliam <kaosa...@gmail.com>, Bjorn Ketelaars
> <b...@openbsd.org>
>
> WWW: https://www.samba.org/
>
> ```
>
> Is the samba package broken?
No, the samba package is working. At least as long as you do not need AD
DC support. Support for the latter has been dropped some time ago
because of crashes [0].
[0] https://marc.info/?l=openbsd-ports&m=161922533124386&w=2
