Project

General

Profile

Bug #71849

Incorrect parameters passed for AD domain provision

Added by Andrew Walker 27 days ago. Updated 8 days ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Domain provisioning fails on the first attempt:

set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER.
ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was passed to a service or function.')
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 538, in run
    backend_store=backend_store)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2315, in provision
    backend_store=backend_store)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1917, in provision_fill
    names.domaindn, lp, use_ntvfs)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1703, in setsysvolacl
    _setntacl(sysvol)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1700, in _setntacl
    service=SYSVOL_SERVICE, session_info=session_info)
  File "/usr/local/lib/python2.7/site-packages/samba/ntacls.py", line 225, in setntacl
    service=service, session_info=session_info)

We get the backtrace because we haven't generated the smb4.conf at this point, which means that zfsacl is not loaded.
This results in a semi-broken AD configuration (including potentially DNS).


Related issues

Copied to FreeNAS - Bug #72011: Incorrect parameters passed for AD domain provisionIn Progress

History

#1 Updated by Andrew Walker 26 days ago

Steps to test fix:
1) "rm /usr/local/etc/smb4.conf"
2) Run "samba-tool domain provision --interactive" and follow prompts. This should complete without error.
3) Run "testparm -s"
Output should be similar to following:

Server role: ROLE_ACTIVE_DIRECTORY_DC

# Global parameters
[global]
    dns forwarder = 192.168.122.1
    passdb backend = samba_dsdb
    realm = FFOOBAR.FUN
    server role = active directory domain controller
    workgroup = FFOOBAR
    rpc_server:tcpip = no
    rpc_daemon:spoolssd = embedded
    rpc_server:spoolss = embedded
    rpc_server:winreg = embedded
    rpc_server:ntsvcs = embedded
    rpc_server:eventlog = embedded
    rpc_server:srvsvc = embedded
    rpc_server:svcctl = embedded
    rpc_server:default = external
    winbindd:use external pipes = true
    idmap config * : backend = tdb
    map archive = No
    vfs objects = dfs_samba4 zfsacl

[netlogon]
    path = /var/db/samba4/sysvol/ffoobar.fun/scripts
    read only = No

[sysvol]
    path = /var/db/samba4/sysvol
    read only = No

Note lack of "vfs objects" line under [global]
4) Run 'testparm -s --parameter-name "vfs objects"'
Output should be:
root@FOOTEST:/usr/home/awalker # testparm -s --parameter-name "vfs objects" 
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[netlogon]" 
Processing section "[sysvol]" 
Loaded services file OK.
dfs_samba4 zfsacl

Note the last line "dfs_samba4 zfsacl". If the issue is not fixed, then you would see "dfs_samba4 acl_xattr"

#2 Updated by Andrew Walker 26 days ago

#3 Updated by Bug Clerk 26 days ago

  • Status changed from In Progress to Ready for Testing

#4 Updated by Bug Clerk 26 days ago

  • Target version changed from 11.2-U3 to 11.3

#5 Updated by Bug Clerk 26 days ago

  • Copied to Bug #72011: Incorrect parameters passed for AD domain provision added

#6 Updated by Dru Lavigne 26 days ago

  • Target version changed from 11.3 to 11.3-BETA1

#7 Updated by Dru Lavigne 8 days ago

  • Status changed from Ready for Testing to Done
  • Target version changed from 11.3-BETA1 to Master - FreeNAS Nightlies
  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

Also available in: Atom PDF