[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
L.P.H. van Belle
belle at bazuin.nl
Tue Mar 26 11:07:46 UTC 2019
Please run this on both your DC's, it answers Rowlands question.
ls -al $(samba -b | grep STATEDIR | awk {' print $NF '})/sysvol
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stephen via samba
> Verzonden: dinsdag 26 maart 2019 12:00
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problem achieving manual
> synchronisation of idmap.ldb and the associated User and
> Group ID mappings between two Samba 4 AD DCs
>
> Oops, I think my eyes glazed over. I am pretty sure that idmap.ldb
> should be owned by root and in group root. This is easily
> fixed, though
>
> pi at ad2:/var/lib/samba/private $ sudo chown root:root
> /var/lib/samba/private/idmap.ldb
>
> Another ls command then confirms the updated privileges.
>
> pi at ad2:/var/lib/samba/private $ ls -al
> total 10124
> drwxr-xr-x 7 root root 4096 Mar 26 10:55 .
> drwxr-xr-x 8 root root 4096 Mar 26 10:09 ..
> -rw------- 1 root root 2069 Mar 25 16:43 dns_update_cache
> -rw-r--r-- 1 root root 3663 Mar 25 16:42 dns_update_list
> -rw------- 1 root root 1286144 Mar 25 16:42 hklm.ldb
> -rw------- 1 root root 61440 Mar 26 09:57 idmap.ldb
> -rw-r--r-- 1 root root 99 Mar 25 16:42 krb5.conf
> srwxrwxrwx 1 root root 0 Mar 26 10:09 ldapi
> drwxr-x--- 2 root root 4096 Mar 26 10:09 ldap_priv
> drwx------ 2 root root 4096 Mar 26 10:54 msg.sock
> -r--r--r-- 1 root root 300 Mar 25 16:43 named.conf.update
> -rw------- 1 root root 696 Mar 26 10:09 netlogon_creds_cli.tdb
> -rw------- 1 root root 421888 Mar 25 16:42 passdb.tdb
> -rw------- 1 root root 1286144 Mar 25 16:42 privilege.ldb
> -rw------- 1 root root 4247552 Mar 25 16:43 sam.ldb
> drwx------ 2 root root 4096 Mar 25 16:43 sam.ldb.d
> -rw------- 1 root root 696 Mar 26 10:08 schannel_store.tdb
> -rw------- 1 root root 1182 Mar 25 16:43 secrets.keytab
> -rw------- 1 root root 1286144 Mar 25 16:43 secrets.ldb
> -rw------- 1 root root 430080 Mar 25 16:43 secrets.tdb
> -rw------- 1 root root 1286144 Mar 25 16:42 share.ldb
> drwxr-xr-x 2 root root 4096 Mar 25 16:43 smbd.tmp
> -rw-r--r-- 1 root root 955 Mar 25 16:42 spn_update_list
> drwx------ 2 root root 4096 Mar 25 16:44 tls
>
> Sadly even with this change, I still see the originally
> described issue, ie
>
> pi at ad2:/var/lib/samba/private $ sudo systemctl restart samba-ad-dc
> pi at ad2:/var/lib/samba/private $ sudo samba-tool ntacl sysvolreset
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823,
> 'Undetermined error')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> 239, in run
> lp, use_ntvfs=use_ntvfs)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1609, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1502, in set_gpos_acl
> use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
> line 162, in
> setntacl
> smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL,
> sd, service=service)
>
> If anyone knows what might be causing this I would appreciate
> the heads-up.
>
> Thanks in Advance
> Stephen Ellwood
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list