ntacl sysvolreset fails: no such file or directory

Pekka L.J. Jalkanen pekka.jalkanen at vihreat.fi
Thu Oct 11 07:04:53 MDT 2012 

On 11.10.2012 14:23, Daniele Dario wrote:
> Hi Andrew,
> 
> On Thu, 2012-10-11 at 20:20 +1100, Andrew Bartlett wrote:
>> On Thu, 2012-10-11 at 10:36 +0200, Daniele Dario wrote:
>>> Hi Pekka,
>>
>>>
>>> from what I know, sysvol replication is not present neither in rc1 nor
>>> rc2.
>>>
>>> Missing the sysvol replication implies that also Policies branch is
>>> missing and the script would fail.
>>>
>>> The workaround I've found was to copy the sysvol content from the
>>> primary DC to the joined one (using rsync or other way). Than samba-tool
>>> ntacl sysvolreset didn't fail.
>>
>> That's exactly what you need to do.  Thanks Daniele!
>>
>> (If you don't, you won't have GPOs if your clients access the 2nd DC)
>>
>> Andrew Bartlett

OK, many thanks Daniele and Andrew, and sorry for bothering the list
with such a silly question.

I admit that there has been so much talk about s3fs, acls, netlogon and
sysvol on this list and in changelogs that I had completely missed that
the actual replication bits aren't there yet. So thanks for correcting me!

> wouldn't it be possible to add (maybe as samba-tool domain sync-sysvol
> command) a function that performs the replication of sysvol?
> 
> From smbclient man (had a look over smbclient -V 3.5.4 on my ubuntu
> laptop) I've seen that it would be possible to use it like
> 
> smbclient //primaryDC//sysvol -U DC2join$ -k -c "prompt OFF;recurse
> ON;mask dns.domain;mget *;exit"
> 
> requiring only to kinit for DC2join$ account. Than, after the sync a
> sysvolreset command should re-fix the correct acls.
> 
> I know that this would only be a workaround until the team develop the
> folder synchronization support but I think it would be helpful for the
> users.

I would at least see it being very useful for many setups if there would
be an easy way to synchronise sysvol and netlogon directories between
Win DCs and Samba DCs, even if it would actually happen in a non-regular
fashion (i.e. not with FRS or DFS replication). Anyone migrating their
AD from Windows to Samba 4 is going to have at least an intermediate
step where there are both Windows and Samba 4 DCs in the network. In
pure Samba 4 networks rsync should of course solve this problem quite
easily.

Pekka

More information about the samba-technical mailing list