[Samba] windows sysvol share
Rowland Penny
rowlandpenny at googlemail.com
Wed Mar 18 08:45:49 MDT 2015
On 18/03/15 14:40, Adriana Moga wrote:
> Of course, the sysvol is located on a windows controller from the forest.
>
> mount -t cifs -o username=domain_admin_user
> //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol
>
> and copied the files with -R --preserve to
> /usr/local/samba/var/locks/sysvol/
>
> Below logs are provided from /usr/local/samba/var/log.smbd file.
>
> regards,
>
> On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 18/03/15 13:17, Adriana Moga wrote:
>
> Hello,
>
> I have manually mounted the SYSVOL share, sync it with samba
> and run
> samba-tool ntacl sysvolreset.
>
>
> What do you mean 'manually mounted the SYSVOL share' ? how did you
> do this ?
>
> But I'm not sure if all windows policies are acceptable by
> samba because of
> errors logs:
>
> 2015/03/18 09:30:52.197934, 0]
> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> Oplock break failed for file
> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
> -- replying anyway
>
> [2015/03/18 10:50:01.905964, 0]
> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> Oplock break failed for file
> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
> NT/SecEdit/GptTmpl.inf -- replying anyway
> STATUS=daemon 'smbd' finished starting up and ready to serve
> connectionsOplock break failed for file
> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
> -- replying anyway
>
>
> What log is this from?
>
> Can you post your smb.conf
>
> Rowland
>
>
>
> What troubles could give these errors?
>
> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian
> 3.2.65-1
> x86_64 GNU/Linux) is joined as a domain controller to an
> existing windows
> domain.
> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
>
> smbstatus:
>
> Locked files:
> Pid Uid DenyMode Access R/W Oplock
> SharePath Name Time
> --------------------------------------------------------------------------------------------------
> 9881 3001393 DENY_NONE 0x20089 RDONLY
> EXCLUSIVE+BATCH
> /usr/local/samba/var/locks/sysvol
> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI
> Wed Mar
> 18 14:00:41 2015
>
> 4928 3001476 DENY_WRITE 0x120089 RDONLY NONE
> /usr/local/samba/var/locks/sysvol
> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol
>
> Also, I don't know what is wrong with sysvolcheck.
>
> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2,
> 'No such
> file or directory')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> line
> 249, in run
> lp)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1726, in checksysvolacl
> direct_db_access)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1621, in check_dir_acl
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
> service=SYSVOL_SERVICE)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line
> 73, in getntacl
> xattr.XATTR_NTACL_NAME
>
>
> Thanks,
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
This raises more questions than what it answers:
Why are you doing this?
Why do you expect it to work?
Have you joined the samba4 machine to the domain as a secondary DC?
And lastly (and for the second time of asking) can you post your
smb.conf from the samba4 machine.
Rowland
More information about the samba
mailing list