Bug 231472

Summary: net/samba48: domain provision "SystemError" in self join
Product: Ports & Packages Reporter: Bernard Spil <brnrd>
Component: Individual Port(s)Assignee: Timur I. Bakeyev <timur>
Status: Closed FIXED    
Severity: Affects Only Me CC: Axel.Rau, brnrd, daniel.engberg.lists, darius, doconnor, woodsb02
Priority: --- Flags: bugzilla: maintainer-feedback? (timur)
Version: Latest   
Hardware: Any   
OS: Any   

Description Bernard Spil freebsd_committer 2018-09-19 10:48:03 UTC
On a fresh FreeBSD 11.2 Root-on-ZFS I get Python system-error on

> samba-tool domain provision --use-rfc2307 --interactive

during "self join"

> Setting up self join
> ERROR(<type 'exceptions.SystemError'>): uncaught exception - error return without exception set
>   File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 500, in run
>     plaintext_secrets=plaintext_secrets)
>   File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2275, in provision
>     skip_sysvolacl=skip_sysvolacl)
>   File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1891, in provision_fill
>     names.domaindn, lp, use_ntvfs)
>   File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1622, in setsysvolacl
>     set_simple_acl(file.name, 0755, gid)

Same result on 12-ALPHA6 and either 4.7 or 4.8
Comment 1 Bernard Spil freebsd_committer 2018-09-19 10:54:56 UTC
Looks like a temporary dir is not created prior to the setacl? Added a print(file.name), and found this

> Setting up self join
>  /var/db/samba4/sysvol/tmp8a1jmA
> ERROR(<type 'exceptions.SystemError'>): uncaught exception - error return without exception set
# ls -l /var/db/samba4/sysvol/tmp8a1jmA
ls: /var/db/samba4/sysvol/tmp8a1jmA: No such file or directory

Could've been cleaned up, dunno
Comment 2 Axel.Rau 2018-10-18 18:14:39 UTC
Can easily reproduce here.
No glue.
Comment 3 Axel.Rau 2018-10-23 18:19:07 UTC
(In reply to Bernard Spil from comment #1)

The tmpfile is deleted when the process dies.
It is still there before calling smbd.set_simple_nfsv4_acl:

(Pdb) b 1622
Breakpoint 1 at /usr/local/lib/python2.7/site-packages/samba/provision/__init__.py:1622
(Pdb) c
> /usr/local/lib/python2.7/site-packages/samba/provision/__init__.py(1622)setsysvolacl()
-> try:
(Pdb) p file.name

# ls -l /var/db/samba4/sysvol/tmpuTun7i
-rw-------  1 root  wheel  0 Oct 23 18:08 /var/db/samba4/sysvol/tmpuTun7i

Debugging the shared library with the acl code is very hard.
Comment 4 Ben Woods freebsd_committer 2018-10-28 07:01:49 UTC
I just came across this issue also, and have solved it by following the Samba4ZFS guide on the FreeBSD wiki:

"Enable NFSv4 ACLs in your ZFS volume"
   1 sudo zfs set aclmode=passthrough zroot
   2 sudo zfs set aclinherit=passthrough zroot

"Setup UFS system volume"

Samba's upgrade script is not smart enough (yet) to enable zfsacl automatically so it's simpler to have a POSIX ACL enabled UFS file system as sysvol.
Toggle line numbers

   1 sudo zfs create -V 2G zroot/samba4sysvol
   2 sudo newfs /dev/zvol/zroot/samba4sysvol
   4 # Add to /etc/fstab
   5 sudo sh -c 'cat >>/etc/fstab' <<EOF
   6 /dev/zvol/zroot/samba4sysvol /var/db/samba4/sysvol ufs       rw,acls 0       0
   7 EOF
   9 sudo mkdir -p /var/db/samba4/sysvol
  10 sudo mount /var/db/samba4/sysvol
Comment 5 Ben Woods freebsd_committer 2018-10-28 07:06:43 UTC
Daniel - as the author of the Samba4ZFS FreeBSD wiki page, can you please explain a little further about the ZFSACL issue?
Comment 6 darius 2018-10-28 07:23:22 UTC
As far as I understand it the Samba 4 code doesn't like the type of ACLs ZFS uses but does like the UFS ones. Since ACLs are a core part of the system you can paper over it by using a UFS partition to hold the (small) sysvol.

Although I have since discovered that fsck doesn't get run on these so if you get a power failure you have to manually fsck it :-/
(I haven't fully investigated that yet though)
Comment 7 Ben Woods freebsd_committer 2018-10-28 07:45:23 UTC
It appears that this patch in the FreeBSD port is supposed to make Samba work with the ZFS ACLs:

Obviously, it isn't quite working as expected.
Comment 8 Rene Ladan freebsd_committer 2019-12-15 17:24:15 UTC
net/samba48 expired today, is this relevant for net/samba410?
Comment 9 Bernard Spil freebsd_committer 2019-12-15 18:28:09 UTC
(In reply to Rene Ladan from comment #8)
I haven't tested... Unlikely that I'll get to it as I dropped the plan for using AD in stead of OpenLDAP
Comment 10 daniel.engberg.lists 2020-03-16 11:58:56 UTC
I guess we can close this and let someone file a new report if it's still broken on samba410 as samba48 is removed from ports?
Comment 11 Timur I. Bakeyev freebsd_committer 2020-09-21 21:35:42 UTC
I believe this was addressed somewhere in 4.10.