alexmcwhir...@triadic.us writes: > On 2017-01-31 06:51, Jeremie Courreges-Anglas wrote: >> AFAIK samba 4.4+ doesn't actually require the use of filesystem-level >> ACLs. With s3fs, ACLs and Extended Attributes can be emulated with >> the appropriate modules. These days I'm staying away from samba 'cause >> I can't properly test it, but iirc this: >> >> xattr_tdb:file = /var/samba/xattr.tdb >> >> in smb.conf/[global] was enough last time I checked. The appropriate >> modules should be autodetected (you can see them with testparm). > > Tried that, as well as a few other settings to ignore filesystem acl's. > The problem is that you always end up with a runtime error stating > "Samba was compiled without the posix ACL support that s3fs requires."
This looks like an error from ''samba-tool domain provision'', not an error from the samba daemon. Please state exactly: - which OpenBSD release you're using - which samba version you're using (hint, on -stable only the -stable samba port is supported). - any relevant information such as the commands you type. This of course includes how you ran samba-tool. As a selfish developer that only uses -current I would of course prefer you to use -current with snapshots and packages. :) > Can we compile with posix ACL support without actually having that > support? Perhaps samba needs those options in order to emulate ACL's / > xattr's with a tdb file? That's not possible. >> I am looking for more feedback from people that actually use samba on >> OpenBSD, especially as domain controller. If you perform tests and >> report back, that would be great. Preferably on -current which >> provides >> samba-4.5. > > 5.9 with S4.1 works well for my needs with ntvfs, this s3fs issue seems > to be preventing me from going much further. But i'm willing to spin up > a VM or two and see how current looks. > >> No, ntvfs/s3fs shouldn't be an actual problem. There are additional >> reasons, like sanity. :) > > Agreed, there seems to be code for s3fs to use tdbs instead, but > actually getting it to use it tdbs another problem of it's own. This is the problem we're trying to solve, indeed. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
