[Samba] sysvol acl's broken beyond repair

Krutskikh Ivan stein.hak at gmail.com
Sun Oct 4 11:00:22 UTC 2015 

ok, I've investigated the problem more closely. First of all, I didn't
mention that I have 2 domain controllers: dc(initial) and bdc (backup).
Rsync command

/usr/bin/rsync -XAavz --delete-after dc:/usr/local/samba/var/locks/sysvol/*
/usr/local/samba/var/locks/sysvol/

fires every 5 minutes on bdc.

However, if I try to gpupdate from bdc I get the above error. Gpupdating
from dc works fine. The strangest thing is that when I try reseting sysvol
on bdc I get

root at bdc:/lib/systemd/system# samba-tool ntacl sysvolreset
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Module 'acl_xattr' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service Unknown Service (snum == -1)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service Unknown Service (snum == -1)
Processing section "[netlogon]"
Processing section "[sysvol]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service sysvol
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service sysvol

And more repeating lines about xattrs and idmap. I think, this is due to
some misconfiguration on bdc.

2015-10-03 18:46 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 03/10/15 16:20, Krutskikh Ivan wrote:
>
>> Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error
>> and misses something more severe later on.
>>
>> 2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>>
>>
> You need to look further, I don't think your DC is broken, I think
> sysvolcheck is broken. Try raising the log level on the DC to 10 and see if
> anything pops up in the logs, also check the logs on the connecting PCs,
> this may be a windows error.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list