[Samba] replicating sysvol to a 2008r2 server
Neil Price
nprice at gibb.co.za
Wed Sep 16 09:43:59 UTC 2015
I don't see any info in the wiki on this. Anybody done it? This is what I''ve done so far. Comments
appreciated.
Newly installed Samba 4.2.3, sernet packages on debian jessie.
Provsioned as per wiki instructions. Added test users and group policies with windows tools. Works
great.
Joined 2008r2 server as another dc. No errors.
samba-tool drs replicate works fine
I created the sysvol share via the registry as per the wiki.
To sync sysvol I used deltacopy rsync server on the windows box. No acl support. Would cwrsync be
better?
Extended acl's obviously did not work so I rsynced sysvol without the acls and then ran secedit to
restore default acls on the Windows sysvol as per
https://technet.microsoft.com/en-us/library/cc816750(v=ws.10).aspx
<https://technet.microsoft.com/en-us/library/cc816750%28v=ws.10%29.aspx>
Then I manually created the NETLOGON share. Netlogon service starts ok.
dcdiag /test:logons reports all good but dcdiag reports some errors. I haven't tried to fix them yet.
Starting test: VerifyReferences
Some objects relating to the DC WIN-AD-TEST have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=WIN-AD-TEST,CN=Servers,CN=Default-First-Site-Nam
,CN=Sites,CN=Configuration,DC=ad,DC=gibb,DC=co,DC=za
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=WIN-AD-TEST,OU=Domain Controllers,DC=ad,DC=gibb,DC=co,DC=za
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... WIN-AD-TEST failed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
The application directory partition
DC=DomainDnsZones,DC=ad,DC=gibb,DC=co,DC=za is missing a security
descriptor reference domain. The administrator should set the
msDS-SD-Reference-Domain attribute on the cross reference object
CN=86a2d720-bbe7-4744-8aec-8f426666e08a,CN=Partitions,CN=Configurati
on,DC=ad,DC=gibb,DC=co,DC=za
to the DN of a domain.
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
The application directory partition
DC=ForestDnsZones,DC=ad,DC=gibb,DC=co,DC=za is missing a security
descriptor reference domain. The administrator should set the
msDS-SD-Reference-Domain attribute on the cross reference object
CN=d96faa07-bc45-418b-9404-eed8baef11b4,CN=Partitions,CN=Configurati
on,DC=ad,DC=gibb,DC=co,DC=za
to the DN of a domain.
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
More information about the samba
mailing list