[Samba] windows sysvol share

Adriana Moga adriana.gologaneanu at gmail.com
Wed Mar 18 09:03:19 MDT 2015 

Sorry, I have omitted to post the config file.

# cat /usr/local/samba/etc/smb.conf
[global]
        workgroup = myDomain
        realm = myDomain.local
        netbios name = DCLINUX
        server role = active directory domain controller

        dsdb:schema update allowed = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/rcs-rds.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

I have joined samba as a Domain Controller in a windows domain. Directory
replication has no problems, "samba-tool drs showrepl" shows connections
with other DC. Just some time to time "samba-tool show repl" gives a
"NT_STATUS_IO_TIMEOUT". I don't know why.

 # /usr/local/samba/bin/samba-tool drs options
Current DSA options: IS_GC

Replication of the Sysvol isn't implemented, so I manually mounted the
share.

Clients connections:
# /usr/local/samba/bin/net status sessions
PID     Username      Group         Machine
-------------------------------------------------------------------
  12440   3000351       3000023    ...198.200 (ipv4:..198.200:61735)
  12415   3001838       users         ...227.68 (ipv4:...227.68:2647)
  12320   3000376       users         ...197.38 (ipv4:...197.38:64120)
  11746   3001173       3000023     ...14.46 (ipv4:...14.46:57925)

thanks!

On Wed, Mar 18, 2015 at 4:45 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

>  On 18/03/15 14:40, Adriana Moga wrote:
>
>   Of course, the sysvol is located on a windows controller from the
> forest.
>
> mount -t cifs -o username=domain_admin_user
> //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol
>
> and copied the files with -R --preserve to
> /usr/local/samba/var/locks/sysvol/
>
>  Below logs are provided from /usr/local/samba/var/log.smbd file.
>
>  regards,
>
>    On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>> On 18/03/15 13:17, Adriana Moga wrote:
>>
>>> Hello,
>>>
>>> I have manually mounted the SYSVOL share, sync it with samba and run
>>> samba-tool ntacl sysvolreset.
>>>
>>
>>  What do you mean 'manually mounted the SYSVOL share' ? how did you do
>> this ?
>>
>>  But I'm not sure if all windows policies are acceptable by samba because
>>> of
>>> errors logs:
>>>
>>> 2015/03/18 09:30:52.197934,  0]
>>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>>    Oplock break failed for file
>>>
>>> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
>>> -- replying anyway
>>>
>>> [2015/03/18 10:50:01.905964,  0]
>>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>>    Oplock break failed for file
>>>
>>> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
>>> NT/SecEdit/GptTmpl.inf -- replying anyway
>>>    STATUS=daemon 'smbd' finished starting up and ready to serve
>>> connectionsOplock break failed for file
>>>
>>> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
>>> -- replying anyway
>>>
>>
>>  What log is this from?
>>
>> Can you post your smb.conf
>>
>> Rowland
>>
>>
>>
>>> What troubles could give these errors?
>>>
>>> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1
>>> x86_64 GNU/Linux) is joined as a domain controller to an existing windows
>>> domain.
>>> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
>>>
>>> smbstatus:
>>>
>>> Locked files:
>>> Pid          Uid        DenyMode   Access      R/W        Oplock
>>> SharePath   Name   Time
>>>
>>> --------------------------------------------------------------------------------------------------
>>> 9881         3001393    DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH
>>> /usr/local/samba/var/locks/sysvol
>>> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI   Wed
>>> Mar
>>> 18 14:00:41 2015
>>>
>>> 4928         3001476    DENY_WRITE 0x120089    RDONLY     NONE
>>> /usr/local/samba/var/locks/sysvol
>>>
>>> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol
>>>
>>> Also, I don't know what is wrong with sysvolcheck.
>>>
>>> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
>>> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such
>>> file or directory')
>>>    File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>>      return self.run(*args, **kwargs)
>>>    File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>>> line
>>> 249, in run
>>>      lp)
>>>    File
>>>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1726, in checksysvolacl
>>>      direct_db_access)
>>>    File
>>>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1677, in check_gpos_acl
>>>      domainsid, direct_db_access)
>>>    File
>>>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1621, in check_dir_acl
>>>      fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
>>> service=SYSVOL_SERVICE)
>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>>> line
>>> 73, in getntacl
>>>      xattr.XATTR_NTACL_NAME
>>>
>>>
>>> Thanks,
>>>
>>
>>   --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> This raises more questions than what it answers:
>
> Why are you doing this?
> Why do you expect it to work?
> Have you joined the samba4 machine to the domain as a secondary DC?
>
> And lastly (and for the second time of asking) can you post your smb.conf
> from the samba4 machine.
>
> Rowland
>

More information about the samba mailing list