# Samba as DC in ZFS Jail



## abishai (Sep 15, 2015)

Probably no luck since it's far beyond the common experience, but maybe someone tried this before.

So, I try to setup a samba42 domain controller in jail with ZFS on root system. I was managed to start it pretty easily, the only gotcha is to remove NBT service as it's not compatible with jails. NBT was needed for SMB in pre Windows'2000 era, so it's pretty obsolete.

The Domain is actually working, but I have rights issue on sysvol and maybe something else. Without that, I can't issue or alter policies, but at least can add users and join stations to domain.

The first problem is the folders inside share are doubled http://i.imgur.com/q2Q1rPU.png , the second one is they are readonly. This occurs only in the client (Windows 8.1), of cause.

I started samba with debugging, but found no visible or obvious errors. After some search the following attributes was added to zfs dataset:

```
zroot/jails/samba  aclmode  passthrough  local
zroot/jails/samba  aclinherit  passthrough  local
```
Domain was re-created with
`samba-tool domain provision --option="interfaces=em0" --option="bind interfaces only=yes" --use-ntvfs --use-rfc2307 --interactive` without any success to fix rights problem

I lack knowledge about how samba maps virtual users to set right permissions, but `getfacl /var/db/samba4/sysvol/ivs.home/` reveals nothing special. (Is it possible to get acls on ZFS with `getfacl` at all?)

```
# file: /var/db/samba4/sysvol/ivs.home/
# owner: root
# group: wheel
  owner@:rwxp--aARWcCos:------:allow
  group@:r-x---a-R-c--s:------:allow
  everyone@:r-x---a-R-c--s:------:allow
```
I created another FreeBSD installation on ufs and the extended attributes are all here and folders are not doubled.

```
# file: /var/db/samba4/sysvol/ivs.home/
# owner: root
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
group::rwx
group:3000000:rwx
group:3000001:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
```
Any ideas or suggestions? The optimistic scenario is that provision tool failed to create acls and they just need to be create by hand, but I don't know how to do it with zfs for the users and groups are not existed in /etc/groups or /etc/passwd


----------

