[Samba] UID/GID -> SID -> NAME mapping across multiple DCs

Taylor Hammerling thammerling at tcsbasys.com
Fri Dec 15 19:40:51 UTC 2017 

I hadn't seen that page, but I was working off of the first link listed on
that page.  Yes, my sysvols are being synced every 5 minutes.via a cronjob.

On Fri, Dec 15, 2017 at 1:28 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Fri, 15 Dec 2017 13:16:51 -0600
> Taylor Hammerling <thammerling at tcsbasys.com> wrote:
>
> > ok, I followed the directions on that wikipage, made a hot backup,
> > copied the hot backup over to the new DC, renamed the hot backup
> > (thus replacing the existing idmap.ldb) and ran "samba-tool ntacl
> > sysvolreset" and it spat out the following after a minute or 2 of
> > thinking...
> >
> > root at dc1 samba/private# samba-tool ntacl sysvolreset
> > open: error=2 (No such file or directory)
> > ERROR(runtime): uncaught exception - (-1073741823, '{Operation
> > Failed} The requested operation was unsuccessful.')
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> > line 176, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> > 239, in run
> >     lp, use_ntvfs=use_ntvfs)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid,
> > domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1514, in set_gpos_acl passdb=passdb)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1477, in set_dir_acl setntacl(lp, path, acl, domsid,
> > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> > service=service) File
> > "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in
> > setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER |
> > security.SECINFO_GROUP | security.SECINFO_DACL |
> > security.SECINFO_SACL, sd, service=service) root at dc1 samba/private#
> >
> >
> > Please note, DC2 is the DC that has the correct GID mappings, DC1
> > does not, so I'm copying from DC2 to DC1.
> >
>
> I now take it you haven't synced sysvol between the DCs, if you haven't
> see here:
>
> https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
>
> If you have, check that all the sysvol directories contain the same
> contents.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com

More information about the samba mailing list