pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] net/samba4: relocate Sysvol to persist between reboots & move variable data out of /usr/pkg/etc/...



Done, thanks!

christos

> On Jul 27, 2020, at 8:49 PM, Matthias Petermann <mp%petermann-it.de@localhost> wrote:
> 
> Hello everyone,
> 
> with the introduction of FFS ACLs Samba can be used as windows domain controller (DC). The DC needs a directory to persist its policies and scripts - the so called Sysvol.
> 
> The creation of the Sysvol typically takes place during the domain provisioning with samba-tool. At the moment, the default Samba4 from pkgsrc is configured to put Sysvol below /var/run/sysvol. Unfortunately, there is a critical issue with this location: Everything inside /var/run gets purged as part of the systems startup sequence. So this means losing all your policies, ultimately a corruption of the domain controller state at the next reboot.
> 
> Therefore, Sysvol needs to be relocated to a persistent place.
> 
> I checked how this is implemented elsewhere:
> 
> * On Linux systems Sysvol is typically located at /var/lib/samba/sysvol
> * On FreeBSD the location is /var/db/samba4/sysvol
> 
> As /var/lib is not mentioned in HIER(7) at all, I guess this is Linux specific. Therefore I would propose the FreeBSD-way and put it below /var/db/samba4/sysvol. In addition to that I think it would be a good idea to relocate the variable Samba data (databases, caches) currently located at /usr/pkg/etc/samba/private) as well. My proposal for the target is /var/db/samba4/private.
> 
> Attached is a patch which applies to pkgsrc-current. I did perform the usual tests (removing all previous configuration and databases, provisioning a new domain, joining a Windows client to the domain) - no issues so far.
> 
> What do you think?
> 
> Kind regards
> Matthias
> <pkgsrc_net_samba4.patch.txt>

Attachment: signature.asc
Description: Message signed with OpenPGP



Home | Main Index | Thread Index | Old Index