[Samba] classic upgrade, splitting servers

Stefan G. Weichinger lists at xunil.at
Tue May 23 18:34:26 UTC 2017 

Am 2017-05-23 um 20:28 schrieb Rowland Penny:

> That one, what version of windows are you using, 8.8, 8.1 or 10 ?
> If you have a win 7 machine, try it from that.

I have a win10 machine here for tests. They only run 10 anymore ... I
would have to dig for a legacy system at their site next week or so.

>>> In which case, what happened to 'netbios name =' ?
>>
>> good question. maybe obsolete as it is the default?
>>
> 
> It may be the default, but I have never seen a DC smb.conf without it.


here the file:


# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = BUERO
realm = my.tld
netbios name = DC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
load printers = No
printcap name = /dev/null

[netlogon]
path = /var/lib/samba/sysvol/my.tld/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acls = Yes # just a try ...

---

I can't logon to the PC still with some users - that error with the user
login service, maybe related to some serverbased profile setting
somewhere (?)

--- the GPO error:


root at dc:/var/lib/samba/sysvol/my.tld/Policies# samba-tool  ntacl sysvolcheck
                                                ERROR(<class
'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory
/var/lib/samba/sysvol/my.tld/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
from GPO object
                                                  File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,
in _run
                                                      return
self.run(*args, **kwargs)
                                                        File
"/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
                                                            lp)
                                                              File
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
1730, in checksysvolacl

direct_db_access)
                                                                    File
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
1681, in check_gpos_acl

domainsid, direct_db_access)

 File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1628, in check_dir_acl

     raise ProvisioningError('%s ACL on GPO directory %s %s does not
match expected value %s from GPO object' % (acl_type(direct_db_access),
path, fsacl_sddl, acl))


--- thanks so far, I get out of office now for some time .. late here

More information about the samba mailing list