[Samba] Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Rowland Penny
rpenny at samba.org
Mon Nov 13 09:43:59 UTC 2017
On Mon, 13 Nov 2017 09:59:23 +0100
Sina Owolabi via samba <samba at lists.samba.org> wrote:
> Hi List!
>
> I am working my way through getting familiar with samba and I have two
> domain controllers now with an additional samba file server.
> The servers are CentOS 7.4.1708;
> the domain controllers are built from source with samba-4.7.1;
> and the file server, installed winbind, smb and nmb from CentOS
> repos.
>
> My problem is after bringing up the second domain controller and
> successfully joining it to the domain, as the wiki directs I tried to
> run samba-tool ntacl sysvolreset and this fails.
>
> [root at testdc2 private]# samba-tool ntacl sysvolreset
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed}
> The requested operation was unsuccessful.')
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py",
> line 239, in run lp, use_ntvfs=use_ntvfs)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid,
> domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 1502, in set_gpos_acl use_ntvfs=use_ntvfs,
> skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py",
> line 162, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL, sd, service=service)
>
> Please what am I doing wrong?
Have you added any other GPO's to your first DC ?
If so, you need to 'sync' them to the second DC.
>
>
> "Primary" DC config file:
>
> # Global parameters
> [global]
> dns forwarder = 8.8.8.8
> netbios name = TESTBOX
> realm = SAMDOM.TESTING.COM
> server role = active directory domain controller
> workgroup = SAMDOM
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/%m.log
> log level = 3
> tls enabled = yes
> winbind enum groups = Yes
> winbind enum users = Yes
You should remove the two lines above, you do not need them.
>
> template shell = /bin/bash
> template homedir = /share/%U
>
> [netlogon]
> path
> = /usr/local/samba/var/locks/sysvol/samdom.testing.com/scripts read
> only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> New DC config file:
> # Global parameters
> [global]
> netbios name = TESTDC2
> realm = SAMDOM.TESTING.COM
> server role = active directory domain controller
> workgroup = SAMDOM
You need to add 'idmap_ldb:use rfc2307 = yes'
Rowland
More information about the samba
mailing list