[Samba] Sysvol access after running osync
Bob Thomas
bthomas at cybernetics.com
Tue Oct 4 14:44:07 UTC 2016
Hey Samba team - Thanks for all your work
I have three production samba 4 DCs 2 running on Ubuntu 16.04 (Samba
4.4.5 and 4.4.4) and one on 14.04 (Samba 4.3.3) all working well for the
most part. However to keep everything in sync I setup osync for syncing
Sysvol. As recent conversations on the list indicate following the sync
operation I lose access to sysvol until I run 'samba-tool ntacl
sysvolreset' - thats not my concern.
While looking into the issue, I have found that the three
/var/lib/samba/private/idmap.ldp files are drastically different between
the three controllers with the first DC having the most complete.
So my first question is, can I simply copy the first DC's idmap.ldp to
the other DCs to get them the same?
My second question is, based on Rowland's repeated advice about
smb.conf - Should I remove the idmap config lines from the DC's, and if
so will it have any impact on their operation?
All three smb.conf files are the same except for "netbios name":
[global]
netbios name = CY-DC2
realm = CY.DOMAIN.COM
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = CY
server role = active directory domain controller
server services = -dns
ldap server require strong auth = no
allow dns updates = nonsecure and secure
idmap_ldb:use rfc2307 = yes
log level = 3
# Default idmap config used for BUILTIN and local accounts/groups
idmap config * : backend = tdb
idmap config * : range = 2000-9999
# idmap config for domain CY
idmap config CY : backend = ad
idmap config CY : range = 10000-99999
winbind nss info = rfc2307
[netlogon]
path = /var/lib/samba/sysvol/cy.cybernetics.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
_________
Thanks again,
Bob Thomas
More information about the samba
mailing list