The Samba-Bugzilla – Bug 11667
Bad SMB2 signature for message when editing GPO (sysvol share)
Last modified: 2017-05-05 16:58:11 UTC
Created attachment 11765 [details]
When I want to create a new GPO with Windows 2008R2 windows reports:
The programm issued a command but the command lengh is incorrect.
Checking samba log this translates to:
Bad SMB2 signature for message of size XXX
Other operrations are fine. So might be a problem with special smb2 package sizes or whatever.
Created attachment 11766 [details]
Created attachment 11767 [details]
anybody had the chance to look at it yet.
I would like to get rid of my Windows 2003 just to edit GPO.
Still present in 4.4.2 would be nice if anyone could take a look at it.
still present in 4.4.4
(In reply to Jan Holzhüter from comment #3)
Why are you explicitly using the following options?
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
As you're using "smb" instead of "s3fs", you're getting experimental
discontinued "ntvfs" based smb server, which was a prototype of the
early Samba 4 development.
Typically you should just comment these lines out (or remove them).
(In reply to Stefan Metzmacher from comment #6)
the config options does come from calling:
samba-tool domain provision --use-rfc2307 --interactive --use-ntvfs
This is a Solaris 11 Server with zfs
samba-tool without use-ntvfs fails:
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Samba was compiled without the posix ACL support that s3fs requires. Try installing libacl1-dev or libacl-devel, then re-run configure and make.
Not sure if I could build libacl on solaris. (could try) but actually that will not help as zfs does not use posix acl. It should probably just pull nfsv4_acl vfs hook (which is what zfs uses for acl) I guess.
How to archive this with s3fs?
Or is this not possible yet?
ok after hacking more today.
I got it to work with s3fs.
Found this old mail thread:
with patches to hack around the samba-tool posix acl checks.
This is of cause not a fix and you still need to add.
vfs objects = zfsacl
to your sysvol share.
to convert you can then run:
samba-tool ntacl sysvolreset --use-s3fs
and all seems fine at the moment.
ntvfs still has the SMB sign bug. But I guess this is deprecated an will not be fixed.
So samba-tool should not be so restrictive but that's a different topic.
p.s. up to you how to set that bug now.
As this was with the NTVFS server, I close it as won't fix