[Samba] multiple DCs / rsync / sysvol / xattr acls
Vogel, Sven
Sven.Vogel at kupper-computer.com
Wed Jul 2 09:30:21 MDT 2014
Hi,
i have two DCs and they are replicate find. No errors. I use rsync to replicate the sysvol folder. If I have a Windows 7 Machine over time it both DCs are used to load the GPOs. When the Second DCs is used I get a GPO error. I found that the folders and files are not with the correct xattr acls. I user rsync with -X to sync xattr acls. I sed getfacl to compare the uids. I use sernet 4.1.9 but I think i had also this problem with 4.1.7. maybe its not a samba problem but ...
e.g.
dc1 (PDC)
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: 3000005
# group: 3000005
user::rwx
user:3000003:rwx
user:3000011:r-x
user:3000018:rwx
user:3000019:r-x
group::rwx
group:3000003:rwx
group:3000005:rwx
group:3000011:r-x
group:3000018:rwx
group:3000019:r-x
mask::rwx
other::---
default:user::rwx
default:user:3000003:rwx
default:user:3000005:rwx
default:user:3000011:r-x
default:user:3000018:rwx
default:user:3000019:r-x
default:group::---
default:group:3000003:rwx
default:group:3000005:rwx
default:group:3000011:r-x
default:group:3000018:rwx
default:group:3000019:r-x
default:mask::rwx
default:other::---
dc2 (bdc)
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: 3000005
# group: 3000005
user::rwx
user:root:rwx
user:3000000:rwx
user:3000011:r-x
user:3000017:r-x
user:3000018:rwx
group::---
group:3000000:rwx
group:3000011:r-x
group:3000017:r-x
group:3000018:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000011:r-x
default:user:3000017:r-x
default:user:3000018:rwx
default:group::---
default:group:3000000:rwx
default:group:3000011:r-x
default:group:3000017:r-x
default:group:3000018:rwx
default:mask::rwx
default:other::---
when we compare these lines they are very different and translate them into sids when we can see that.
dc1
-----------
dc1:/var/lib/samba/sysvol/swi.local/Policies # wbinfo --uid-to-sid=3000003
S-1-5-21-1143642306-2581635645-836595807-519
dc1:/var/lib/samba/sysvol/swi.local/Policies # wbinfo -s S-1-5-21-1143642306-2581635645-836595807-519
SWI\Enterprise Admins 2
orion:/var/lib/samba/sysvol/swi.local/Policies #
dc2
-----------
dc2:/var/lib/samba/sysvol/swi.local # wbinfo --uid-to-sid=3000003
S-1-5-21-1143642306-2581635645-836595807-514
dc2:/var/lib/samba/sysvol/swi.local # wbinfo -s S-1-5-21-1143642306-2581635645-836595807-514
SWI\Domain Guests 2
When I use gpupdate I on that win 7 I get
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\swi.local\SysVol\swi.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy s
ettings may not be applied until this event is resolved. This issue may be trans
ient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Is there anybody who can explain thze problem or can help?
Thanks
Sven
More information about the samba
mailing list