[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs

Tue Mar 26 11:00:10 UTC 2019

Oops, I think my eyes glazed over. I am pretty sure that idmap.ldb 
should be owned by root and in group root. This is easily fixed, though

pi at ad2:/var/lib/samba/private $ sudo chown root:root 
/var/lib/samba/private/idmap.ldb

Another ls command then confirms the updated privileges.

pi at ad2:/var/lib/samba/private $ ls -al
total 10124
drwxr-xr-x 7 root root    4096 Mar 26 10:55 .
drwxr-xr-x 8 root root    4096 Mar 26 10:09 ..
-rw------- 1 root root    2069 Mar 25 16:43 dns_update_cache
-rw-r--r-- 1 root root    3663 Mar 25 16:42 dns_update_list
-rw------- 1 root root 1286144 Mar 25 16:42 hklm.ldb
-rw------- 1 root root   61440 Mar 26 09:57 idmap.ldb
-rw-r--r-- 1 root root      99 Mar 25 16:42 krb5.conf
srwxrwxrwx 1 root root       0 Mar 26 10:09 ldapi
drwxr-x--- 2 root root    4096 Mar 26 10:09 ldap_priv
drwx------ 2 root root    4096 Mar 26 10:54 msg.sock
-r--r--r-- 1 root root     300 Mar 25 16:43 named.conf.update
-rw------- 1 root root     696 Mar 26 10:09 netlogon_creds_cli.tdb
-rw------- 1 root root  421888 Mar 25 16:42 passdb.tdb
-rw------- 1 root root 1286144 Mar 25 16:42 privilege.ldb
-rw------- 1 root root 4247552 Mar 25 16:43 sam.ldb
drwx------ 2 root root    4096 Mar 25 16:43 sam.ldb.d
-rw------- 1 root root     696 Mar 26 10:08 schannel_store.tdb
-rw------- 1 root root    1182 Mar 25 16:43 secrets.keytab
-rw------- 1 root root 1286144 Mar 25 16:43 secrets.ldb
-rw------- 1 root root  430080 Mar 25 16:43 secrets.tdb
-rw------- 1 root root 1286144 Mar 25 16:42 share.ldb
drwxr-xr-x 2 root root    4096 Mar 25 16:43 smbd.tmp
-rw-r--r-- 1 root root     955 Mar 25 16:42 spn_update_list
drwx------ 2 root root    4096 Mar 25 16:44 tls

Sadly even with this change, I still see the originally described issue, ie

pi at ad2:/var/lib/samba/private $ sudo systemctl restart samba-ad-dc
pi at ad2:/var/lib/samba/private $ sudo samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 
239, in run
     lp, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 1609, in setsysvolacl
     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, 
use_ntvfs, passdb=s4_passdb)
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 1502, in set_gpos_acl
     use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, 
service=SYSVOL_SERVICE)
   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in 
setntacl
     smbd.set_nt_acl(file, security.SECINFO_OWNER | 
security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, 
sd, service=service)

If anyone knows what might be causing this I would appreciate the heads-up.

Thanks in Advance
Stephen Ellwood