|Summary:||net/samba48: domain provision "SystemError" in self join|
|Product:||Ports & Packages||Reporter:||Bernard Spil <brnrd>|
|Component:||Individual Port(s)||Assignee:||Timur I. Bakeyev <timur>|
|Severity:||Affects Only Me||CC:||Axel.Rau, brnrd, daniel.engberg.lists, darius, doconnor, woodsb02|
Description Bernard Spil 2018-09-19 10:48:03 UTC
On a fresh FreeBSD 11.2 Root-on-ZFS I get Python system-error on > samba-tool domain provision --use-rfc2307 --interactive during "self join" Detail > Setting up self join > ERROR(<type 'exceptions.SystemError'>): uncaught exception - error return without exception set > File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run > return self.run(*args, **kwargs) > File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 500, in run > plaintext_secrets=plaintext_secrets) > File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2275, in provision > skip_sysvolacl=skip_sysvolacl) > File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1891, in provision_fill > names.domaindn, lp, use_ntvfs) > File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1622, in setsysvolacl > set_simple_acl(file.name, 0755, gid) Same result on 12-ALPHA6 and either 4.7 or 4.8
Comment 1 Bernard Spil 2018-09-19 10:54:56 UTC
Looks like a temporary dir is not created prior to the setacl? Added a print(file.name), and found this > Setting up self join > /var/db/samba4/sysvol/tmp8a1jmA > ERROR(<type 'exceptions.SystemError'>): uncaught exception - error return without exception set # ls -l /var/db/samba4/sysvol/tmp8a1jmA ls: /var/db/samba4/sysvol/tmp8a1jmA: No such file or directory Could've been cleaned up, dunno
Comment 2 Axel.Rau 2018-10-18 18:14:39 UTC
Can easily reproduce here. No glue.
Comment 3 Axel.Rau 2018-10-23 18:19:07 UTC
(In reply to Bernard Spil from comment #1) The tmpfile is deleted when the process dies. It is still there before calling smbd.set_simple_nfsv4_acl: (Pdb) b 1622 Breakpoint 1 at /usr/local/lib/python2.7/site-packages/samba/provision/__init__.py:1622 (Pdb) c > /usr/local/lib/python2.7/site-packages/samba/provision/__init__.py(1622)setsysvolacl() -> try: (Pdb) p file.name '/var/db/samba4/sysvol/tmpuTun7i' # ls -l /var/db/samba4/sysvol/tmpuTun7i -rw------- 1 root wheel 0 Oct 23 18:08 /var/db/samba4/sysvol/tmpuTun7i Debugging the shared library with the acl code is very hard.
Comment 4 Ben Woods 2018-10-28 07:01:49 UTC
I just came across this issue also, and have solved it by following the Samba4ZFS guide on the FreeBSD wiki: https://wiki.freebsd.org/Samba4ZFS "Enable NFSv4 ACLs in your ZFS volume" 1 sudo zfs set aclmode=passthrough zroot 2 sudo zfs set aclinherit=passthrough zroot "Setup UFS system volume" Samba's upgrade script is not smart enough (yet) to enable zfsacl automatically so it's simpler to have a POSIX ACL enabled UFS file system as sysvol. Toggle line numbers 1 sudo zfs create -V 2G zroot/samba4sysvol 2 sudo newfs /dev/zvol/zroot/samba4sysvol 3 4 # Add to /etc/fstab 5 sudo sh -c 'cat >>/etc/fstab' <<EOF 6 /dev/zvol/zroot/samba4sysvol /var/db/samba4/sysvol ufs rw,acls 0 0 7 EOF 8 9 sudo mkdir -p /var/db/samba4/sysvol 10 sudo mount /var/db/samba4/sysvol
Comment 5 Ben Woods 2018-10-28 07:06:43 UTC
Daniel - as the author of the Samba4ZFS FreeBSD wiki page, can you please explain a little further about the ZFSACL issue?
Comment 6 darius 2018-10-28 07:23:22 UTC
As far as I understand it the Samba 4 code doesn't like the type of ACLs ZFS uses but does like the UFS ones. Since ACLs are a core part of the system you can paper over it by using a UFS partition to hold the (small) sysvol. Although I have since discovered that fsck doesn't get run on these so if you get a power failure you have to manually fsck it :-/ (I haven't fully investigated that yet though)
Comment 7 Ben Woods 2018-10-28 07:45:23 UTC
It appears that this patch in the FreeBSD port is supposed to make Samba work with the ZFS ACLs: https://svnweb.freebsd.org/ports/head/net/samba48/files/0001-Zfs-provision-1.patch?view=markup Obviously, it isn't quite working as expected.
Comment 8 Rene Ladan 2019-12-15 17:24:15 UTC
net/samba48 expired today, is this relevant for net/samba410?
Comment 9 Bernard Spil 2019-12-15 18:28:09 UTC
(In reply to Rene Ladan from comment #8) I haven't tested... Unlikely that I'll get to it as I dropped the plan for using AD in stead of OpenLDAP
Comment 10 daniel.engberg.lists 2020-03-16 11:58:56 UTC
I guess we can close this and let someone file a new report if it's still broken on samba410 as samba48 is removed from ports?
Comment 11 Timur I. Bakeyev 2020-09-21 21:35:42 UTC
I believe this was addressed somewhere in 4.10.