Done, thanks! christos > On Jul 27, 2020, at 8:49 PM, Matthias Petermann <mp%petermann-it.de@localhost> wrote: > > Hello everyone, > > with the introduction of FFS ACLs Samba can be used as windows domain controller (DC). The DC needs a directory to persist its policies and scripts - the so called Sysvol. > > The creation of the Sysvol typically takes place during the domain provisioning with samba-tool. At the moment, the default Samba4 from pkgsrc is configured to put Sysvol below /var/run/sysvol. Unfortunately, there is a critical issue with this location: Everything inside /var/run gets purged as part of the systems startup sequence. So this means losing all your policies, ultimately a corruption of the domain controller state at the next reboot. > > Therefore, Sysvol needs to be relocated to a persistent place. > > I checked how this is implemented elsewhere: > > * On Linux systems Sysvol is typically located at /var/lib/samba/sysvol > * On FreeBSD the location is /var/db/samba4/sysvol > > As /var/lib is not mentioned in HIER(7) at all, I guess this is Linux specific. Therefore I would propose the FreeBSD-way and put it below /var/db/samba4/sysvol. In addition to that I think it would be a good idea to relocate the variable Samba data (databases, caches) currently located at /usr/pkg/etc/samba/private) as well. My proposal for the target is /var/db/samba4/private. > > Attached is a patch which applies to pkgsrc-current. I did perform the usual tests (removing all previous configuration and databases, provisioning a new domain, joining a Windows client to the domain) - no issues so far. > > What do you think? > > Kind regards > Matthias > <pkgsrc_net_samba4.patch.txt>
Attachment:
signature.asc
Description: Message signed with OpenPGP