Created attachment 11765 [details] samba.log When I want to create a new GPO with Windows 2008R2 windows reports: The programm issued a command but the command lengh is incorrect. Checking samba log this translates to: Bad SMB2 signature for message of size XXX Other operrations are fine. So might be a problem with special smb2 package sizes or whatever.
Created attachment 11766 [details] tcpdump
Created attachment 11767 [details] smb.conf
Hi, anybody had the chance to look at it yet. I would like to get rid of my Windows 2003 just to edit GPO.
Still present in 4.4.2 would be nice if anyone could take a look at it. Thank you
still present in 4.4.4
(In reply to Jan Holzhüter from comment #3) Why are you explicitly using the following options? server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc As you're using "smb" instead of "s3fs", you're getting experimental discontinued "ntvfs" based smb server, which was a prototype of the early Samba 4 development. Typically you should just comment these lines out (or remove them).
(In reply to Stefan Metzmacher from comment #6) the config options does come from calling: samba-tool domain provision --use-rfc2307 --interactive --use-ntvfs This is a Solaris 11 Server with zfs samba-tool without use-ntvfs fails: Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] Initialising custom vfs hooks from [acl_xattr] Module 'acl_xattr' loaded Initialising custom vfs hooks from [dfs_samba4] Module 'dfs_samba4' loaded connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1) ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Samba was compiled without the posix ACL support that s3fs requires. Try installing libacl1-dev or libacl-devel, then re-run configure and make. Not sure if I could build libacl on solaris. (could try) but actually that will not help as zfs does not use posix acl. It should probably just pull nfsv4_acl vfs hook (which is what zfs uses for acl) I guess. How to archive this with s3fs? Or is this not possible yet? Greetings Jan
ok after hacking more today. I got it to work with s3fs. Found this old mail thread: http://markmail.org/message/n3iqsplcermy6ast#query:+page:1+mid:uu2drll22g2eo5jl+state:results with patches to hack around the samba-tool posix acl checks. This is of cause not a fix and you still need to add. vfs objects = zfsacl to your sysvol share. to convert you can then run: samba-tool ntacl sysvolreset --use-s3fs and all seems fine at the moment. ntvfs still has the SMB sign bug. But I guess this is deprecated an will not be fixed. So samba-tool should not be so restrictive but that's a different topic. Thanks Jan p.s. up to you how to set that bug now.
As this was with the NTVFS server, I close it as won't fix