S4: upgrade provision problems

Matthieu Patou mat at samba.org
Fri Oct 15 08:31:55 MDT 2010

On 15/10/2010 17:54, Trever L. Adams wrote:
> Well I didn't try to run upgradeprovision latetly and see the impact
>> of the new user stuff on the keytab generation.
>> I guess it's safer for you to restore and just run upgradeprovision
>> --debugall --resetfileacl but not with --full up to the moment when I
>> check if it's ok with the dns stuff (which seems not to be the case
>> right now).
Can you post me the full log of the debugall ?
>> Can you rerun with --debugall and --resetfileacl, if you run as root
>> you don't need the posix:eadb (it's a configuration option) especially
>> if you also provisionned as root.
>> What getfattr -d -m "" /usr/local/samba/locks/sysvol (or the path
>> where is stored the sysvol and netlogon).
> Machine with errors on --resetfileacl:
> #getfattr -d -m "" /usr/local/samba/var/locks/sysvol/
> getfattr: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol/
> security.selinux="unconfined_u:object_r:usr_t:s0
Ok this means that you have something in the security.NTACL, it's where 
we store the NT ACLS, this test was done to be sure that you are able 
somehow to store extended attributes. Could it be selinux playing some 
nasty trick on us ? Can you desactivate it and retry ?

  If not ok still I'll make a small patch for debug.
Apart from the error message, is there a real pb (ie. gpo broken).

Matthieu Patou
Samba Team        http://samba.org

More information about the samba-technical mailing list