Nice!
I had shadow_copy2 working but since my snapshots have a daily-, weekly-
and monthly- prefix I ended up not having it enabled as i could only
pick one of them.
There is/was a shadow_copy_zfs at some point but it never made it into
samba-master and does not compile again against 4.x.
Regards
Jorge
On 2015-07-07 08:30, David Finster wrote:
Hi All
I managed to get it all working with only one source code change and
some alterations to options.mk and PLIST (from Jorge's repo - will
submit a pull request). I've now got an installation of Samba 4.2.2
linked into my Windows based AD (as a member only) with user accounts
hooked up correctly (so wbinfo/getent both work and agree). Users are
being authenticated as expected and ZFS ACLs are being used to store
Windows permissions.
I did have to resurrect the crle modifications in order to get the
nss_winbind module working, since getent is a 32-bit application.
Details here:
https://github.com/joyent/smartos-live/issues/383#issuecomment-74183998
[1]
but I also had to copy over other supporting 32-bit libraries into the
same /usr/local/lib folder, which ended up being:
libintl.so.8
libwinbind-client-samba4.so
libiconv.so.2
libreplace-samba4.so
nss_winbind.so.1 (originally libnss_winbind.so)
My smb.conf looks like:
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
server string = Samba %v (%h)
interfaces = net*, lo
bind interfaces only = Yes
security = ADS
password server = <domain controller>
map untrusted to domain = yes
log file = /var/log/log.%m
load printers = no
domain master = no
winbind enum users = yes
winbind enum groups = yes
idmap config * : backend = tdb
idmap config * : range = 100000-200000
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-20000
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : default = yes
map acl inherit = yes
winbind nested groups = yes
inherit acls = yes
acl group control = yes
kerberos method = secrets and keytab
winbind refresh tickets = Yes
kernel oplocks = yes
oplocks = yes
[Stuff]
path=/var/Share/Stuff
read only = no
writable = yes
browseable = yes
directory mask = 0775
nt acl support = yes
inherit acls = no
map acl inherit = yes
store dos attributes = yes
map archive = no
map readonly = no
hide dot files = yes
hide files = /$*/~$*/
veto files =
/Thumbs.db/.DS_Store/.AppleDouble/.bin/.AppleDesktop/Network Trash
Folder/
hide special files = yes
hide unreadable = yes
hide unwriteable files = yes
vfs objects = zfsacl
posix locking = yes
strict locking = no
inherit owner = no
delete veto files = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
It's worth noting that we use UNIX extensions for AD so all of our
users have pre-defined UID/GIDs within the AD schema (known as
RFC2307). YMMV if your using other idmap techniques, but I wouldn't
expect any issues.
Unfortunately I don't have time to test the shadow copy/ZFS snapshots
functionality at this stage.
- Dave
On 7 Jul 2015, at 9:05 AM, David Finster
<[email protected]> wrote:
I was experimenting with this last night and using Jorge's repo as a
basis for enabling AD member.
Currently:
[1231/2787] Compiling lib/uid_wrapper/uid_wrapper.c
../lib/uid_wrapper/uid_wrapper.c:1213:10: error: conflicting types for
'syscall'
In file included from ../lib/uid_wrapper/uid_wrapper.c:31:0:
/usr/include/sys/syscall.h:514:13: note: previous declaration of
'syscall' was here
Waf: Leaving directory
`/content/pkgsrc/pkgsrc-blackdot/samba/work/samba-4.2.2/bin'
Build failed:
-> task failed (err #1):
{task: cc uid_wrapper.c -> uid_wrapper_1.o}
Missing node signature for
bld:///content/pkgsrc/pkgsrc-blackdot/samba/work/samba-4.2.2/lib/uid_wrapper/uid_wrapper_1.o
[2] (required by
{task: cc_link uid_wrapper_1.o -> libuid-wrapper.so})
On 7 Jul 2015, at 9:00 AM, Nicholas Lee <[email protected]> wrote:
How is the AD member functionality working at the moment? Samba4 file
server and kerberos/winbind? Shadow copy and zfs snaps?
I haven't had a chance to look into it recently.
Nicholas
On 7 July 2015 at 04:02, Jorge Schrauwen <[email protected]> wrote:
I didn't have much success with using samba4 as AD server on SmartOS.
Too be fair I did not look into it much as I was looking at using it as
a file server only.
Regards
Jorge
On 2015-07-06 11:43, Peter Kelm wrote:
Jorge, Chris,
Thanks a lot for your feedback. Also, sharing your setup instructions
is highly appreciated and very helpful.
I was trying to setup an AD CD in a SmartOS zone and followed these
instructions:
http://www.whitneytechnologies.com/?p=422 [3] [1]
Everything works as expected until:
„samba-tool domain provision"
When I try to „svcadm enable" the daemons after provisioning the domain
I only get an error message in the log that starting failed. I also
noticed that the „samba-tool" creates another smb.conf, but at
/opt/local/etc/. Even linking the newly created smb.conf to
/opt/local/etc/samba/ didn't help (so far). I tried to modify the
manifest but that hasn't changed anything yet.
I'll have to put things aside until I find time again to fiddle with my
setup.
Thanks again for your support!
Peter
Dipl.-Ing. Peter Kelm
KELM ENGINEERING
Karl-Bröger-Str. 46
91074 Herzogenaurach
Germany
Tel: +49 (9132) 745325 [4]
Fax: +49 (9132) 9060596 [5] eMail: [email protected]
Am 05.07.2015 um 23:10 schrieb Jorge Schrauwen <[email protected]>:
What problems are you having with pkgsrc samba?
I recently switched from OmniOS Kernel CIFS to Samba 4.2.2 inside a
SmartOS base64-lts zone and it turned out great. Performance is on-par
with kernel CIFS. It even works better with my OS X Clients.
On 2015-07-05 22:29, Chris Ridd wrote:
On 5 Jul 2015, at 20:44, Peter Kelm <[email protected]> wrote:
I am fighting with getting Samba4 (pkgsrc) running in a SmartOS zone -
so far with limited success :-((. I am running Samba 4.1.19 from pkgsrc
successfully. My config is very
simple though. What sort of problems are you having?
When digging for a solution I found reports from Nexenta (e.g. from the
2014 Illumos day) about integrating SMB 2.1 (and 3.0) into Illumos.
Does anyone know when such an enhancement could arrive in SmartOS? I
never had much luck with the CIFS implementation back in
OpenSolaris, though I am sure it has improved since then (eg lockups
inside the kernel - only fixable by a reboot). Can you run it in a non
global zone?
Chris
http://www.listbox.com [6] [2]
SMARTOS-DISCUSS | Archives [3] [4] | Modify [5] Your Subscription
[2]
Links:
------
[1] http://www.whitneytechnologies.com/?p=422 [3]
[2] http://www.listbox.com [6]
[3] https://www.listbox.com/member/archive/184463/=now [7]
[4] https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
[8]
[5] https://www.listbox.com/member/?& [9];
http://www.listbox.com [6]
SMARTOS-DISCUSS | Archives [7] [8] | Modify [10] Your
Subscription
[11]
Links:
------
[1]
https://github.com/joyent/smartos-live/issues/383#issuecomment-74183998
[2]
bld:///content/pkgsrc/pkgsrc-blackdot/samba/work/samba-4.2.2/lib/uid_wrapper/uid_wrapper_1.o
[3] http://www.whitneytechnologies.com/?p=422
[4] tel:%2B49%20%289132%29%20745325
[5] tel:%2B49%20%289132%29%209060596
[6] http://www.listbox.com/
[7] https://www.listbox.com/member/archive/184463/=now
[8] https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
[9] https://www.listbox.com/member/?&amp
[10]
https://www.listbox.com/member/?&
[11] http://www.listbox.com
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
