FreeBSD as an Active Directory Domain Controller
Dean E. Weimer
dweimer at dweimer.net
Fri May 22 01:11:53 UTC 2020
On 2020-05-21 2:31 pm, James B. Byrne via freebsd-questions wrote:
> On Wed, May 20, 2020 13:16, Andrea Venturoli wrote:
>> On 2020-05-20 19:09, James B. Byrne via freebsd-questions wrote:
>>
>>> What I would like to find out is whether it is at all possible to
>>> have a
>>> samba-4.10 (or 4.11) based AD on FreeBSD using ZFS with multiple DCs
>>> and
>>> replication. Is someone has this working I would appreciate being
>>> told how it
>>> is done.
>>
>> Hi James.
>> Sounds like the same question you asked ten days ago, which I already
>> answered briefly (I use rsync).
>>
>> Perhaps you could tell what you tried, how you did it and how it is
>> going wrong?
>>
>
> I have a DC that was setup on FreeBSD-10.3 using samba-4.3 and UFS. At
> the
> time samba on FreeBSD could only be set up on ufs. Samba-4.4 and later
> removed
> support for nt style acls, that samba on FreeBSD required. Samba43
> disappeared
> with the update to 10.4 and Samba-4.4 did not work, so that system
> could not be
> updated.
>
> Fast forward to now. Samba410-4.10.15 on FreeBSD-12.1p5 and using ZFS
> now can
> be provisioned as a DC so acls obviously must be working on ZFS, I
> created a
> Samab410 instance, checked that it could provision, undid that work and
> reinstalled samba and used samba-tool to join the existing domain. I
> then
> attempted to replicate the sysvol using rsync. However, I get acl
> error
> messages when I do that and the resulting permissions do not resemble
> what I
> see on the DC.
>
> rsync -XAavz --delete-after --rsh='ssh'
> [192.168.8.65]:/var/db/samba4/sysvol
> /var/db/samba4
> receiving file list ... done
>
> rsync: set_acl: sys_acl_set_file(sysvol, ACL_TYPE_ACCESS): Invalid
> argument (22)
>
> rsync: set_acl: sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca,
> ACL_TYPE_ACCESS): Invalid argument (22)
>
> rsync: set_acl:
> sys_acl_set_file(sysvol/brockley-2016.harte-lyne.ca/Policies,
> ACL_TYPE_ACCESS): Invalid argument (22)
>
>
>
> I have gone down different routes to get around this block but I keep
> being
> stymied by one incompatibility or another, to the point where today I
> installed
> Debian on a BHyve vm to see id rsync behaves any differently on it than
> on
> FreeBSD.
>
> What I am looking for some guidance as to what is supposed to work and
> has been
> observed to work by someone running a multi DC environment of FreeBSD
> and zfs.
> I presume that if I can provision a new domain on samba41 then I can
> likewise
> set the acls using rsat. However, if one can only have one DC in that
> configuration because replication via rsync does not work on FreeBSD
> then that
> is no better than what I have now.
>
> --
> *** e-Mail is NOT a SECURE channel ***
> Do NOT transmit sensitive data via e-Mail
> Do NOT open attachments nor follow links sent by e-Mail
>
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
Did you make sure to set your zfs data set aclmode and and aclinherit
options to passthrough?
I am running Samba 4.11.8 on two FreeBSD 12.1p5 systems I did the
initial install on 12.1 not sure which patch at the time with Samba 4.10
and then switched to 4.11. Though this was setup as a test system and
only has a few accounts on it. Syncing at 5 minute intervals with
rsync -XAavq --delete-after -e "ssh" --progress
root at samba1.dweimer.me:/var/db/samba4/sysvol/ /var/db/samba4/sysvol
Its not returning any errors, but then again there is not a lot of
changes occurring.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list