[Samba] [SAMBA] Problems with joining a second DC to AD
Rowland Penny
rowlandpenny at googlemail.com
Thu May 21 02:36:29 MDT 2015
On 21/05/15 08:17, Stephan Mattecka wrote:
> Hello,
>
> I try to setup an AD-Domain with the help of Sernet-Samba packages. Currently I'm using Scientific Linux (SL) 6.6 and Sernet-Samba 4.1.17 packages. I tried the procedure two times with fresh minimal SL installations.
>
> I could successfully install a AD-Domain-Controller.
> Now I tried to add a second DC to this AD-Domain and followed carefully the instructions at the samba wiki.
> I could also join the second DC to my domain, but when I try to run
>
> samba-tool ntacl sysvolreset
>
> on the 2nd DC I get the following error messages:
>
>
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
> File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 218, in run
> lp, use_ntvfs=use_ntvfs)
> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1612, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1505, in set_gpos_acl
> use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 154, in setntacl
> smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
>
> My smb.conf on DC1:
>
>
> # Global parameters
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.LAN
> netbios name = DC1
> interfaces = lo, eth0
> bind interfaces only = Yes
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> [netlogon]
> path = /var/lib/samba/sysvol/pentracor.lan/scripts
> read only = No
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> smb.conf ond DC2:
>
>
> # Global parameters
> [global]
> workgroup = EXAMPLE
> realm = example.lan
> netbios name = DC2
> interfaces = lo, eth1
> bind interfaces only = Yes
> server role = active directory domain controller
> [netlogon]
> path = /var/lib/samba/sysvol/example.lan/scripts
> read only = No
> [sysvol
> path = /var/lib/samba/sysvol
> read only = No
>
> I did turn off iptables and SELinux on both machines for testing purposes. The folder /var/lib/samba/sysvol exists on DC2. On DC1 I can run the sysvolreset command without any problems.
>
> Hopefully someone has an idea what might be wrong here.
>
> Regards
> Stephan Mattecka
it is probably the lack of this line in your second DC:
idmap_ldb:use rfc2307 = yes
Why this line isn't added when you join a secondary DC I do not know.
Rowland
More information about the samba
mailing list