[Samba] windows sysvol share

Andreas Hauffe andreas.hauffe at tu-dresden.de
Wed Mar 18 08:57:25 MDT 2015 

Hi,

we had the same problem with the user profiles and the sysvol share under 
debian 7.8 and samba 4.1.17 on the DCs and the file server. But in our case 
without any copying from Windows Servers. So these are the samba created 
shares and data.

The only way I found to solve the problem was to disable the opportunistic 
locks. I've added the following lines to the smb.conf for the shares:

        oplocks = no
        level2 oplocks = no

This at least solved the problem.

In case of the sysvol some Group Policies were locked and not used during 
logon on the client. And in case of the roaming profiles the ntuser.dat was 
locked, so on the clients always a local temporary profil was used.

Andreas



Am Mittwoch, 18. März 2015, 16:40:39 schrieb Adriana Moga:
> Of course, the sysvol is located on a windows controller from the forest.
> 
> mount -t cifs -o username=domain_admin_user
> //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol
> 
> and copied the files with -R --preserve to
> /usr/local/samba/var/locks/sysvol/
> 
> Below logs are provided from /usr/local/samba/var/log.smbd file.
> 
> regards,
> 
> On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <rowlandpenny at googlemail.com>
> wrote:
> > On 18/03/15 13:17, Adriana Moga wrote:
> >> Hello,
> >> 
> >> I have manually mounted the SYSVOL share, sync it with samba and run
> >> samba-tool ntacl sysvolreset.
> > 
> > What do you mean 'manually mounted the SYSVOL share' ? how did you do this
> > ?
> > 
> >  But I'm not sure if all windows policies are acceptable by samba because
> >  
> >> of
> >> errors logs:
> >> 
> >> 2015/03/18 09:30:52.197934,  0]
> >> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> >> 
> >>    Oplock break failed for file
> >> 
> >> myDomain.local/Policies/{31B2F340-016D-11D2-945F-
> >> 00C04FB984F9}/USER/Registry.pol
> >> -- replying anyway
> >> 
> >> [2015/03/18 10:50:01.905964,  0]
> >> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> >> 
> >>    Oplock break failed for file
> >> 
> >> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/
> >> Microsoft/Windows
> >> NT/SecEdit/GptTmpl.inf -- replying anyway
> >> 
> >>    STATUS=daemon 'smbd' finished starting up and ready to serve
> >> 
> >> connectionsOplock break failed for file
> >> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-
> >> 00C04FB984F9}/USER/Registry.pol
> >> -- replying anyway
> > 
> > What log is this from?
> > 
> > Can you post your smb.conf
> > 
> > Rowland
> > 
> >> What troubles could give these errors?
> >> 
> >> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1
> >> x86_64 GNU/Linux) is joined as a domain controller to an existing windows
> >> domain.
> >> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
> >> 
> >> smbstatus:
> >> 
> >> Locked files:
> >> Pid          Uid        DenyMode   Access      R/W        Oplock
> >> SharePath   Name   Time
> >> ------------------------------------------------------------
> >> --------------------------------------
> >> 9881         3001393    DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH
> >> /usr/local/samba/var/locks/sysvol
> >> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI   Wed
> >> Mar
> >> 18 14:00:41 2015
> >> 
> >> 4928         3001476    DENY_WRITE 0x120089    RDONLY     NONE
> >> /usr/local/samba/var/locks/sysvol
> >> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/
> >> User/Registry.pol
> >> 
> >> Also, I don't know what is wrong with sysvolcheck.
> >> 
> >> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> >> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such
> >> file or directory')
> >> 
> >>    File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >> line 175, in _run
> >> 
> >>      return self.run(*args, **kwargs)
> >>    
> >>    File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> >> line
> >> 249, in run
> >> 
> >>      lp)
> >>    
> >>    File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1726, in checksysvolacl
> >> 
> >>      direct_db_access)
> >>    
> >>    File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1677, in check_gpos_acl
> >> 
> >>      domainsid, direct_db_access)
> >>    
> >>    File
> >> 
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1621, in check_dir_acl
> >> 
> >>      fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
> >> 
> >> service=SYSVOL_SERVICE)
> >> 
> >>    File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
> >> 
> >> line
> >> 73, in getntacl
> >> 
> >>      xattr.XATTR_NTACL_NAME
> >> 
> >> Thanks,
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list