[Samba] Sysvol "incorrect parameter" on some new DC's
Adam Tauno Williams
awilliam at whitemice.org
Tue Aug 12 08:51:49 MDT 2014
On Tue, 2014-08-12 at 10:02 -0400, Adam Tauno Williams wrote:
> I have a site with a working Samba4 AD domain with a single DC. It
> works.
> I've added three new DCs to the domain [using the SerNet packages for
> 4.0.21]. The intention is to then demote the old, original Samba4 DC.
> But problems exist for netlogon/sysvol. One of the new DCs - the second
> one added - works, clients can access netlogon & sysvol.
> However the other two DCs have ACL errors on their sysvol & netlogon
> volumes.
> ~> smbclient -U XXXXX -W XXXXXX \\\\DC4.example.com\\netlogon
> Enter XXXXXX password:
> Domain=[BACKBONE] OS=[Unix] Server=[Samba 4.0.21-SerNet-RedHat-7.el6]
> smb: \> ls
> NT_STATUS_INVALID_ACL listing \*
> Windows 7 clients see a "The parameter is incorrect" message.
> All three servers have sysvol contents that were rsync'd from the
> original DC in the same manner.
> On a DC where the sysvol does *not* work, the ntacl check seems to
> complete without errors.
> [root at HOST ~]# samba-tool ntacl sysvolreset
> Please note that POSIX permissions have NOT been changed, only the
> stored NT ACL
So if I do a sysvolreset immediately following the rsync now the client
appears to be able to connect - but I have to that reset every time
sysvol is updated.
--
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
More information about the samba
mailing list