[Samba] Proper sysvol replication solution...
Marc Muehlfeld
mmuehlfeld at samba.org
Fri Aug 22 12:35:01 MDT 2014
Am 22.08.2014 17:45, schrieb James:
> I'm currently using rsync per the wiki instructions to sync sysvol
> and I receive an error message when running "samba-tool ntacl
> sysvolcheck" on all my DC's. So is this "normal" behavior when using rsync?
>
> samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO file
> /usr/local/samba/var/locks/sysvol/domain.local/Policies/{31B2F340-016D
> -11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
> NT/SecEdit/GptTmpl.inf
> O:BAG:DUD:(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;;0x001f01ff;;;SY)(A;;0x001200a9;
> ;;AU)(A;;0x001200a9;;;ED) does not match expected value
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f
> 01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> line 249, in run
> lp)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1695, in checksysvolacl
> direct_db_access)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1646, in check_gpos_acl
> domainsid, direct_db_access)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1603, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO file %s %s does not match
> expected value %s from GPO object' % (acl_type(direct_db_access),
> os.path.join(root, name), fsacl_sddl, acl))
There are some uncaught exceptions in 'samba-tool ntacl sysvolcheck' (or
all are related).
https://bugzilla.samba.org/show_bug.cgi?id=10606
https://bugzilla.samba.org/show_bug.cgi?id=10321
But the 'sysvolreset' works.
Regards,
Marc
More information about the samba
mailing list