[Samba] Sysvol "incorrect parameter" on some new DC's

Adam Tauno Williams awilliam at whitemice.org
Tue Aug 12 08:51:49 MDT 2014

On Tue, 2014-08-12 at 10:02 -0400, Adam Tauno Williams wrote: 
> I have a site with a working Samba4 AD domain with a single DC.  It
> works.
> I've added three new DCs to the domain [using the SerNet packages for
> 4.0.21].  The intention is to then demote the old, original Samba4 DC.
> But problems exist for netlogon/sysvol.  One of the new DCs - the second
> one added - works, clients can access netlogon & sysvol.
> However the other two DCs have ACL errors on their sysvol & netlogon
> volumes.
> ~> smbclient -U XXXXX -W XXXXXX \\\\DC4.example.com\\netlogon
> Enter XXXXXX password: 
> Domain=[BACKBONE] OS=[Unix] Server=[Samba 4.0.21-SerNet-RedHat-7.el6]
> smb: \> ls
> Windows 7 clients see a "The parameter is incorrect" message.
> All three servers have sysvol contents that were rsync'd from the
> original DC in the same manner.
> On a DC where the sysvol does *not* work, the ntacl check seems to
> complete without errors.
> [root at HOST ~]# samba-tool ntacl sysvolreset
> Please note that POSIX permissions have NOT been changed, only the
> stored NT ACL

So if I do a sysvolreset immediately following the rsync now the client
appears to be able to connect - but I have to that reset every time
sysvol is updated.

Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

More information about the samba mailing list