[Samba] [SAMBA] Problems with joining a second DC to AD

Stephan Mattecka ste-fun_s at gmx.de
Thu May 21 01:17:34 MDT 2015 

Hello,
 
I try to setup an AD-Domain with the help of Sernet-Samba packages. Currently I'm using Scientific Linux (SL) 6.6 and Sernet-Samba 4.1.17 packages. I tried the procedure two times with fresh minimal SL installations.
 
I could successfully install a AD-Domain-Controller.
Now I tried to add a second DC to this AD-Domain and followed carefully the instructions at the samba wiki.
I could also join the second DC to my domain, but when I try to run
 
samba-tool ntacl sysvolreset
 
on the 2nd DC I get the following error messages:
 

open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 218, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1612, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1505, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 154, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
 
My smb.conf on DC1:
 

# Global parameters
[global]
        workgroup = EXAMPLE
        realm = EXAMPLE.LAN
        netbios name = DC1
        interfaces = lo, eth0
        bind interfaces only = Yes
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
[netlogon]
        path = /var/lib/samba/sysvol/pentracor.lan/scripts
        read only = No
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
 
smb.conf ond DC2:
 

# Global parameters
[global]
        workgroup = EXAMPLE
        realm = example.lan
        netbios name = DC2
        interfaces = lo, eth1
        bind interfaces only = Yes
        server role = active directory domain controller
[netlogon]
        path = /var/lib/samba/sysvol/example.lan/scripts
        read only = No
[sysvol
        path = /var/lib/samba/sysvol
        read only = No
 
I did turn off iptables and SELinux on both machines for testing purposes. The folder /var/lib/samba/sysvol exists on DC2. On DC1 I can run the sysvolreset command without any problems.
 
Hopefully someone has an idea what might be wrong here.
 
Regards
Stephan Mattecka

More information about the samba mailing list