ntacl sysvolreset fails: no such file or directory

Daniele Dario d.dario76 at gmail.com
Thu Oct 11 05:23:12 MDT 2012

Hi Andrew,

On Thu, 2012-10-11 at 20:20 +1100, Andrew Bartlett wrote:
> On Thu, 2012-10-11 at 10:36 +0200, Daniele Dario wrote:
> > Hi Pekka,
> > 
> > from what I know, sysvol replication is not present neither in rc1 nor
> > rc2.
> > 
> > Having a look into the python scripts involved in ntacl sysvolreset
> > command you can see that it calls set_gpo_acl (look into
> > samba4/samba-master/source4/scripting/python/samba/provision/__init__.py) which expects the presence of the Policy folder (and subfolders).
> > 
> > During a join (not on the provisioned DC) it seems that the Policies
> > folder is not created.
> > Missing the sysvol replication implies that also Policies branch is
> > missing and the script would fail.
> > 
> > The workaround I've found was to copy the sysvol content from the
> > primary DC to the joined one (using rsync or other way). Than samba-tool
> > ntacl sysvolreset didn't fail.
> That's exactly what you need to do.  Thanks Daniele!
> (If you don't, you won't have GPOs if your clients access the 2nd DC)
> Andrew Bartlett

wouldn't it be possible to add (maybe as samba-tool domain sync-sysvol
command) a function that performs the replication of sysvol?

>From smbclient man (had a look over smbclient -V 3.5.4 on my ubuntu
laptop) I've seen that it would be possible to use it like

smbclient //primaryDC//sysvol -U DC2join$ -k -c "prompt OFF;recurse
ON;mask dns.domain;mget *;exit"

requiring only to kinit for DC2join$ account. Than, after the sync a
sysvolreset command should re-fix the correct acls.

I know that this would only be a workaround until the team develop the
folder synchronization support but I think it would be helpful for the


More information about the samba-technical mailing list