[Samba] errors restoring samba

Tue Jul 23 07:51:39 UTC 2019

On 22/07/19 16:54, Rowland penny via samba wrote:

> On 22/07/2019 16:12, Adam Weremczuk via samba wrote:
>> Following deeper analysis I have found some permission differences in 
>> sysvol policies files.
>>
>> Would it be enough to justify the error below and cause a complete 
>> DNS failure?
> I wouldn't have thought so.
It's not just policy files, it's everything under sysvol inclusive, 98 
directories and 25 files it total.
I don't have any better ideas but to try to manually re-craft 
permissions on restored samba folder to match the original.
>>
>>>
>>> Jul 22 14:39:39 dc1 named[27846]: generating session key for dynamic 
>>> DNS
>>> Jul 22 14:39:39 dc1 named[27846]: sizing zone task pool based on 5 
>>> zones
>>> Jul 22 14:39:39 dc1 named[27846]: Loading 'AD DNS Zone' using driver 
>>> dlopen
>>> Jul 22 14:39:39 dc1 named[27846]: samba_dlz: Failed to connect to 
>>> /var/lib/samba/private/dns/sam.ldb
>
> Does /var/lib/samba/private/dns/sam.ldb exist, or is it (like mine 
> now) /var/lib/samba/bind-dns/dns/sam.ldb ?
>
> Rowland

On mine /var/lib/samba/bind-dns doesn't exist.

I have 2 copies of sam.ldb:

dc1:/var/lib# stat samba/private/dns/sam.ldb
   File: `samba/private/dns/sam.ldb'
   Size: 3018752       Blocks: 5896       IO Block: 4096   regular file
Device: fe02h/65026d    Inode: 1714945     Links: 1
Access: (0660/-rw-rw----)  Uid: (    0/    root)   Gid: (  107/ bind)
Access: 2019-07-22 14:45:36.885766349 +0100
Modify: 2013-08-10 21:43:05.729185228 +0100
Change: 2019-07-22 14:45:21.725526719 +0100
  Birth: -

dc1:/var/lib# stat samba/private/sam.ldb
   File: `samba/private/sam.ldb'
   Size: 4251648       Blocks: 8304       IO Block: 4096   regular file
Device: fe02h/65026d    Inode: 1714969     Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/ root)
Access: 2019-07-22 14:45:43.565871938 +0100
Modify: 2013-08-10 21:43:06.017189683 +0100
Change: 2019-07-22 14:45:21.829528365 +0100
  Birth: -

Needless to say my main concern now is lack of a working restore / 
disaster recovery mechanism :(