From e4d175006e2a941f9c152ff6e064a2fe3051d636 Mon Sep 17 00:00:00 2001
From: Ludwig Lehnert <ludwig@lehnert.dev>
Date: Wed, 18 Feb 2026 18:06:44 +0100
Subject: [PATCH] attempted fix on samba vfs

---
 .gitignore  |  1 +
 Dockerfile  |  1 +
 README.md   | 16 ++++++++++++++++
 app/init.sh | 28 ++++++++++++++++++++++++++++
 4 files changed, 46 insertions(+)

diff --git a/.gitignore b/.gitignore
index 4c49bd7..d50a09f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .env
+__pycache__/
diff --git a/Dockerfile b/Dockerfile
index 53bb462..180d1d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,7 @@ RUN apt-get update \
         libpam-winbind \
         python3 \
         samba \
+        samba-vfs-modules \
         tini \
         winbind \
     && rm -rf /var/lib/apt/lists/*
diff --git a/README.md b/README.md
index 6e4fe83..d519dbf 100644
--- a/README.md
+++ b/README.md
@@ -210,6 +210,22 @@ docker compose exec samba sh -lc 'tail -n 200 /var/log/samba/log.*'
   docker compose exec samba cat /etc/samba/generated/shares.conf
   ```
 
+### `acl_xattr.so` or `full_audit.so` module load error
+
+- If logs show `Error loading module .../vfs/acl_xattr.so` (or `full_audit.so`), your running image is missing Samba VFS modules.
+- Rebuild and restart with the updated image:
+
+  ```bash
+  docker compose down
+  docker compose up -d --build
+  ```
+
+- Verify modules exist:
+
+  ```bash
+  docker compose exec samba sh -lc 'mods="$(smbd -b | sed -n "s/^ *MODULESDIR: //p" | head -n1)/vfs"; ls -1 "$mods"/acl_xattr.so "$mods"/full_audit.so'
+  ```
+
 ### Permissions in Private share are incorrect
 
 - Re-run reconciliation to rebuild private directories and ACLs:
diff --git a/app/init.sh b/app/init.sh
index d9cdfbe..fe78fd5 100755
--- a/app/init.sh
+++ b/app/init.sh
@@ -18,6 +18,33 @@ append_winbind_to_nss() {
   sed -ri '/^group:/ { /winbind/! s/$/ winbind/ }' /etc/nsswitch.conf
 }
 
+detect_modules_dir() {
+  smbd -b | sed -n 's/^ *MODULESDIR: //p' | head -n1
+}
+
+require_vfs_modules() {
+  local modules_dir=""
+  modules_dir="$(detect_modules_dir)"
+  if [[ -z "$modules_dir" ]]; then
+    printf '[init] ERROR: unable to detect Samba MODULESDIR via smbd -b\n' >&2
+    exit 1
+  fi
+
+  local missing=0
+  local module
+  for module in acl_xattr full_audit; do
+    if [[ ! -f "$modules_dir/vfs/${module}.so" ]]; then
+      printf '[init] ERROR: missing VFS module %s at %s/vfs/%s.so\n' "$module" "$modules_dir" "$module" >&2
+      missing=1
+    fi
+  done
+
+  if [[ "$missing" -ne 0 ]]; then
+    printf '[init] Install package samba-vfs-modules and rebuild the image.\n' >&2
+    exit 1
+  fi
+}
+
 derive_netbios_name() {
   local raw_name="${NETBIOS_NAME:-ADSAMBAFSRV}"
   local upper_name="${raw_name^^}"
@@ -205,6 +232,7 @@ mkdir -p /data/private /data/public /data/groups /state /etc/samba/generated /va
 touch /etc/samba/generated/shares.conf /var/log/reconcile.log
 
 append_winbind_to_nss
+require_vfs_modules
 derive_netbios_name
 render_krb5_conf
 render_smb_conf