[Samba] smb.conf different between first DC and replica DC
Brian Candler
b.candler at pobox.com
Mon Dec 12 21:50:16 UTC 2016
Rowland Penny wrote:
>>> Now, I think it's worked OK. However I see there are two lines in
>>> smb.conf on the first server which aren't in the second server:
>>>
>>> idmap_ldb:use rfc2307 = yes
>>> xattr_tdb:file = /usr/local/samba/var/locks/xattr.tdb
>>>
>>> Should I add these to the second machine?
>> In theory yes, but the presence of the second line shows you are not
>> using the system ACLs, you are using a tdb file. You may have to run
>> the provision again;-)
I think I know what happened - I had forgotten to delete smb.conf before
re-running the provisioning step. (Previously I had provisioned in an
unprivileged lxd container, and that was why Samba was trying to use the
xattr_tdb file)
Andrew Bartlett wrote:
> There is no need to re-run provision. Just take out that line and run
> the 'samba-tool ntacl sysvolreset' command (assuming no shares other
> than [sysvol] and [netlogon] are used).
That's really helpful, thank you. All looks good now.
Aside: I had to rsync the sysvol over first, otherwise I got an exception:
root at wrn-dc2:~# samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line 239, in run
lp, use_ntvfs=use_ntvfs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1609, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1502, in set_gpos_acl
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
service=SYSVOL_SERVICE)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL,
sd, service=service)
Using strace showed it was trying to access
/usr/local/samba/var/locks/sysvol/ad.example.net/Policies/ which didn't
exist yet.
Cheers,
Brian.
More information about the samba
mailing list