[Samba] Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Sina Owolabi
notify.sina at gmail.com
Mon Nov 13 08:59:23 UTC 2017
Hi List!
I am working my way through getting familiar with samba and I have two
domain controllers now with an additional samba file server.
The servers are CentOS 7.4.1708;
the domain controllers are built from source with samba-4.7.1;
and the file server, installed winbind, smb and nmb from CentOS repos.
My problem is after bringing up the second domain controller and
successfully joining it to the domain, as the wiki directs I tried to
run samba-tool ntacl sysvolreset and this fails.
[root at testdc2 private]# samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed}
The requested operation was unsuccessful.')
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py",
line 239, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1609, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1502, in set_gpos_acl
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
service=SYSVOL_SERVICE)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py",
line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL |
security.SECINFO_SACL, sd, service=service)
Please what am I doing wrong?
"Primary" DC config file:
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = TESTBOX
realm = SAMDOM.TESTING.COM
server role = active directory domain controller
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/%m.log
log level = 3
tls enabled = yes
winbind enum groups = Yes
winbind enum users = Yes
template shell = /bin/bash
template homedir = /share/%U
[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.testing.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
New DC config file:
# Global parameters
[global]
netbios name = TESTDC2
realm = SAMDOM.TESTING.COM
server role = active directory domain controller
workgroup = SAMDOM
[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.testing.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
File server config file (thank you Roland!):
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.TESTING.COM
server string = Samba Server Version %v
winbind use default domain = yes
winbind expand groups = 4
winbind refresh tickets = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-9999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
template shell = /bin/bash
template homedir = /share/%U
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Share Setting Globally
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
log file = /var/log/samba/log.%m
max log size = 50
username map = /etc/samba/user.map
[homes]
comment = Home Directories
browseable = no
read only = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
More information about the samba
mailing list