S4: upgrade provision problems

Trever L. Adams trever.adams at gmail.com
Fri Oct 15 07:54:35 MDT 2010 

 On 10/09/2010 11:24 AM, Matthieu Patou wrote:
> On 09/10/2010 20:46, Trever L. Adams wrote:
>>
> Well I didn't try to run upgradeprovision latetly and see the impact
> of the new user stuff on the keytab generation.
> I guess it's safer for you to restore and just run upgradeprovision
> --debugall --resetfileacl but not with --full up to the moment when I
> check if it's ok with the dns stuff (which seems not to be the case
> right now).
Ok, one of the two installations shows now errors (this is the one that
has never had the upgradprovision done due to the fact that I had backed
it up and have restored it, the other had had no problems that I saw and
has had it done and I cannot restore from before).

Unable to set ACLs on policies related objects, if not using posix:eadb,
you must be root to do it
Unable to set ACLs on sysvol share, if not usingposix:eadb, you must be
root to do it

> Can you rerun with --debugall and --resetfileacl, if you run as root
> you don't need the posix:eadb (it's a configuration option) especially
> if you also provisionned as root.
> What getfattr -d -m "" /usr/local/samba/locks/sysvol (or the path
> where is stored the sysvol and netlogon).
Machine with errors on --resetfileacl:
#getfattr -d -m "" /usr/local/samba/var/locks/sysvol/
getfattr: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/
security.NTACL=0sAQABAAAAAgABAASQHAAAADgAAAAAAAAASAAAAAEFAAAAAAAFFQAAADelm/49XtEThgGrVfQBAAABAgAAAAAABSAAAAAgAgAABABgAAQAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxgAqQASAAECAAAAAAAFIAAAACUCAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAADFACpABIAAQEAAAAAAAULAAAA
security.selinux="unconfined_u:object_r:usr_t:s0

Machine with no errors on --resetfileacl:
# getfattr -d -m "" /usr/local/samba/var/locks/sysvol/
getfattr: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/
security.NTACL=0sAQABAAAAAgABAASQHAAAADgAAAAAAAAASAAAAAEFAAAAAAAFFQAAAHegJrkUpIxepLnRkfQBAAABAgAAAAAABSAAAAAgAgAABABgAAQAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxgAqQASAAECAAAAAAAFIAAAACUCAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAADFACpABIAAQEAAAAAAAULAAAA
security.selinux="unconfined_u:object_r:usr_t:s0

The unix file permissions (drwxr-xr-x. 3 root wheel) are the same one
both systems.

I am sorry this took me so long. I have been heads down since Saturday
fixing and finding other problems with the integration I am trying to
get going.

Thank you much,
Trever
-- 
"...the measure of a man is what he will do for another man, knowing he
will get nothing in return." -- Unknown

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101015/8482138b/attachment.pgp>

More information about the samba-technical mailing list