Project

General

Profile

Bug #57834

Set correct parameters for domain controller role

Added by Bonnie Follweiler 8 months ago. Updated 6 months ago.

Status:
Closed
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Target version:
Seen in:
Severity:
Low Medium
Reason for Closing:
Not to be fixed
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

It looks like a side-effect of the following commit was that we stopped adding

vfs objects = zfsacl zfs_space
to the [sysvol] and [netlogon] shares. https://github.com/freenas/freenas/commit/fd84b41390e1b9dd93753da201c9325fe338f4fa#diff-142c75298569a3d6a5c1dcb5b7109845

We need to do this, and also add the following parameters on those shares in order to pass samba-tool ACL checks

zfsacl:map_dacl_protected=true
nfs4:mode=simple

generate_smb4_conf.py (48.6 KB) generate_smb4_conf.py hotpatched sysvol configuration Andrew Walker, 02/28/2018 03:19 AM

Related issues

Copied from FreeNAS - Bug #28932: Set correct parameters for domain controller roleDone

History

#1 Updated by Bonnie Follweiler 8 months ago

  • Copied from Bug #28932: Set correct parameters for domain controller role added

#2 Updated by Andrew Walker 8 months ago

In the absence of a "vfs objects" parameter, the share definition will inherit this parameter from the parent. This looks like it may be a bug in "samba-tool ntacl get" when the server is configured as a DC (or has vfs objects set globally). I didn't see this in 4.9 testing and so I think it's possibly already been fixed upstream.

#3 Updated by Dru Lavigne 8 months ago

  • Target version changed from 11.2-RELEASE to Backlog

#4 Updated by Andrew Walker 6 months ago

  • Status changed from Unscreened to Closed
  • Reason for Closing set to Not to be fixed
  • Needs QA changed from Yes to No

I was investigating some provision errors in 4.7, but those are now moot since we upgraded to 4.9. Closing ticket.

#5 Updated by Dru Lavigne 6 months ago

  • Target version changed from Backlog to N/A

Also available in: Atom PDF