[Samba-it] sostituzione server
Giuseppe Arvati
giuseppe.arvati at gmail.com
Fri Oct 9 13:46:26 UTC 2020
Il 10/12/2019 14:07, Marco Gaiarin ha scritto:
> Mandi! Giuseppe Arvati
> In chel di` si favelave...
>
>> la 4.8.8 perchè i DC sono in quella versione e non vorrei avere problemi
>> usando versioni diverse di samba tra DC e DC/DM
> AFAIK non c'è nessun problema ad usare DC e DM di versioni diverse...
>
>
>
>> Cmq poi avanzerò di versione dopo aver stabilizzato tutto alla 4.8.8
> ...ma per sanità mentale, ti capisco. ;-)
>
Buonasera a tutti
putroppo non riesco a liberarmi di questo vecchio
server perchè con il nuovo DC trovo sempre qualche problema
Ora ho trovato che lo share sysvol ha le ACL messe male
samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO file /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/Policies/{EC3ED1BC-4318-4D0D-B4F6-8BECB33A8E9F}/Group Policy/GPE.INI O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
lp)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1800, in checksysvolacl
direct_db_access)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1751, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1708, in check_dir_acl
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
se faccio un
samba-tool ntacl sysvolreset
entra in una specie di loop
[root at dc1piopp ~]# samba-tool ntacl sysvolreset
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
....
Dal server "vecchio"
[root at apamfs2 sysvol]# getfacl apam-ad.apam.it/
# file: apam-ad.apam.it/
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
group::rwx
group:BUILTIN\134administrators:rwx
group:BUILTIN\134server\040operators:r-x
group:NT\040AUTHORITY\134system:rwx
group:NT\040AUTHORITY\134authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000001:r-x
default:user:3000002:rwx
default:user:3000003:r-x
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:BUILTIN\134server\040operators:r-x
default:group:NT\040AUTHORITY\134system:rwx
default:group:NT\040AUTHORITY\134authenticated\040users:r-x
default:mask::rwx
default:other::---
dal server "nuovo"
[root at dc1piopp sysvol]# getfacl apam-ad.apam.it/
# file: apam-ad.apam.it/
# owner: root
# group: BUILTIN\134administrators
user::rwx
group::rwx
other::---
suggerimenti per sistemarle ?
Grazie
More information about the samba-it
mailing list