sysvol replication between samba4 AD DCs problems

Daniele Dario d.dario76 at gmail.com
Mon Oct 8 08:20:08 MDT 2012 

Hi again,
just to add some thoughts on this:

On Mon, 2012-10-08 at 15:13 +0200, Daniele Dario wrote:
> Hi list,
> I'm trying to use the sync_dc script from Matthiew Patou (see
> attachment) to sync the sysvol partition between my samba4 AD DCs but I
> have some problems with rsync.
> 
> I added some debug info to better understand what's happening and below
> there's the output which tells me that KDC01$ has no premissions to read
> the sysvol partition on kdc02 DC.
> 
> Can anyone please help me understanding the problem?
> 
> Thanks,
> Daniele.
> 
> [root at kdc01:~]# ./sync_dc 
> random sleep ... done
> getting KDC01 credentials ... done
> skipping sync ourselves
> trying to ping kdc02 ... ok
> syncing from kdc02 ... receiving incremental file list
> rsync: opendir "/usr/local/samba/var/locks/sysvol" failed: Permission
> denied (13)
> sysvol/
> 
> sent 17 bytes  received 452 bytes  312.67 bytes/sec
> total size is 0  speedup is 0.00
> rsync error: some files/attrs were not transferred (see previous errors)
> (code 23) at main.c(1526) [generator=3.0.7]
> failed (code 23)
> starting csync ... done
> 

     1. even if I have idmap_ldb:use rfc2307 = yes on both DCs, the
        standard groups (e.g. Domain Controllers, Domain Admins, ...)
        maps to different gids on the DCs. I posixified them adding the
        objectclass: posixGroup and the gidnumber got with wbinfo
        --group-info cutted so now they map on the same GID on both DCs
     2. would it be right/required to posixify also the DC$ accounts?
     3. the DC$ accounts appear to be part of the Domain Controllers AD
        group but they seem to have no permissions on the sysvol folder

SAITEL\KDC01kdc01:~$ ll /usr/local/samba/var/locks/
total 1364
drwxr-xr-x  4 root root   4096 2012-10-05 17:40 ./
drwxr-xr-x  8 root root   4096 2012-10-05 13:55 ../
-rw-------  1 root root 421888 2012-10-05 13:55 account_policy.tdb
-rw-------  1 root root 528384 2012-10-05 13:55 registry.tdb
-rw-------  1 root root 421888 2012-10-05 13:55 share_info.tdb
drwxrwx---+ 3 root adm    4096 2012-10-08 15:16 staging/
drwxrwx---+ 3 root adm    4096 2012-10-08 15:16 sysvol/

Any help in getting it working would be appreciated.

Daniele.

More information about the samba-technical mailing list