[Samba] UID/GID -> SID -> NAME mapping across multiple DCs
Rowland Penny
rpenny at samba.org
Fri Dec 15 19:28:54 UTC 2017
On Fri, 15 Dec 2017 13:16:51 -0600
Taylor Hammerling <thammerling at tcsbasys.com> wrote:
> ok, I followed the directions on that wikipage, made a hot backup,
> copied the hot backup over to the new DC, renamed the hot backup
> (thus replacing the existing idmap.ldb) and ran "samba-tool ntacl
> sysvolreset" and it spat out the following after a minute or 2 of
> thinking...
>
> root at dc1 samba/private# samba-tool ntacl sysvolreset
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, '{Operation
> Failed} The requested operation was unsuccessful.')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> 239, in run
> lp, use_ntvfs=use_ntvfs)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid,
> domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1514, in set_gpos_acl passdb=passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1477, in set_dir_acl setntacl(lp, path, acl, domsid,
> use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> service=service) File
> "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in
> setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL, sd, service=service) root at dc1 samba/private#
>
>
> Please note, DC2 is the DC that has the correct GID mappings, DC1
> does not, so I'm copying from DC2 to DC1.
>
I now take it you haven't synced sysvol between the DCs, if you haven't
see here:
https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
If you have, check that all the sysvol directories contain the same
contents.
Rowland
More information about the samba
mailing list