S4: upgrade provision problems
Matthieu Patou
mat at samba.org
Fri Oct 15 08:31:55 MDT 2010
On 15/10/2010 17:54, Trever L. Adams wrote:
> Well I didn't try to run upgradeprovision latetly and see the impact
>> of the new user stuff on the keytab generation.
>> I guess it's safer for you to restore and just run upgradeprovision
>> --debugall --resetfileacl but not with --full up to the moment when I
>> check if it's ok with the dns stuff (which seems not to be the case
>> right now).
Can you post me the full log of the debugall ?
>> Can you rerun with --debugall and --resetfileacl, if you run as root
>> you don't need the posix:eadb (it's a configuration option) especially
>> if you also provisionned as root.
>> What getfattr -d -m "" /usr/local/samba/locks/sysvol (or the path
>> where is stored the sysvol and netlogon).
> Machine with errors on --resetfileacl:
> #getfattr -d -m "" /usr/local/samba/var/locks/sysvol/
> getfattr: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol/
> security.NTACL=0sAQABAAAAAgABAASQHAAAADgAAAAAAAAASAAAAAEFAAAAAAAFFQAAADelm/49XtEThgGrVfQBAAABAgAAAAAABSAAAAAgAgAABABgAAQAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxgAqQASAAECAAAAAAAFIAAAACUCAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAADFACpABIAAQEAAAAAAAULAAAA
> security.selinux="unconfined_u:object_r:usr_t:s0
>
Ok this means that you have something in the security.NTACL, it's where
we store the NT ACLS, this test was done to be sure that you are able
somehow to store extended attributes. Could it be selinux playing some
nasty trick on us ? Can you desactivate it and retry ?
If not ok still I'll make a small patch for debug.
Apart from the error message, is there a real pb (ie. gpo broken).
Matthieu
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list