I am installing Samba43 on a BHyve VM using zfs - both host and guest.
 I am using vm-bhyve on the host.  When I go to provision a new AD-DC
I see this:

# samba-tool domain provision --use-ntvfs --realm=ADOMAIN.EXAMPLE.COM
--domain=ADOMAIN --server-role=dc --dns-backend=SAMBA_INTERNAL
Administrator password will be set randomly!
Looking up IPv4 addresses
. . .
setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
ERROR(runtime): uncaught exception - pytalloc_reference_ex() called
for object type not based on talloc
line 175, in _run
    return*args, **kwargs)
line 442, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
line 2172, in provision
line 1864, in provision_fill
  File "/usr/local/lib/python2.7/site-packages/samba/",
line 138, in check_database
    error_count += self.check_object(object.dn, attrs=attrs)
  File "/usr/local/lib/python2.7/site-packages/samba/",
line 1358, in check_object
    normalised =
self.samdb.dsdb_normalise_attributes(self.samdb_schema, attrname,
  File "/usr/local/lib/python2.7/site-packages/samba/", line
672, in dsdb_normalise_attributes
    return dsdb._dsdb_normalise_attributes(ldb, ldap_display_name,

Referring to this message:

I read this :

> As far as I'm aware, the only use case for this is that call
> in dbcheck (here called by provision).  While undesirable, the
> failure message is clear (to us, and will quickly find this
> thread in google), and is not an abort(), which is what was
> happening in the same area for some versions previously.

I further read this:

>> Could you apply the attached patches to your samba-4.3.6
>> and see if they fix the domain provision?
> Provision of domain is OK with talloc-2.16 and samba-4.3.6 with
> these patches. Thanks.

This refers to Samba43-4.3.6.  It implies that the domain is not
properly provisioned without those patches.  The package from ports I
am using is Samba43-4.3.8 and evidently those patches did not make it
into the source tree.

So questions remain.  Do I have a working samba installation or not? 
How can I tell? I do not want to get deeply into setting this stuff up
only to find that a critical piece of infrastructure either is missing
or does not work properly, if at all.

Any help with or insight into this matter gratefully accepted.


