[Samba] sysvol permissions

Rowland penny rpenny at samba.org
Thu Jul 9 16:45:25 UTC 2020

On 09/07/2020 17:35, James B. Byrne via samba wrote:
> At this point I have a DC2 joined to a DC1 that has all the FMSO roles.  I have
> confirmed that 'samba-tool drs showrepl' on both DCs produces the expected
> results without error.
> I am now looking at sysvol replication. On FreeBSD the sysvol is located at
> /var/db/samba4/sysvol.  Here is the problem.  On DC1 I see this:
> [root at smb4-1 ~ (master)]# ll /var/db/samba4/sysvol
> total 1
> d---rwx---+ 4 root  3000000  4 Jun  8 12:27 brockley.harte-lyne.ca
> On DC2 I see this:
> [root at smb4-2 ~ (master)]# ll /var/db/samba4/sysvol
> total 1
> drwxr-xr-x  3 root  wheel  3 Jun 25 14:26 brockley.harte-lyne.ca
> I have not yet attempted a replication, which will use rsync when it is
> attempted.  Are the settings on DC2 expected or should they match those on DC1?
> Thanks,
When you first join a DC to a domain, sysvol is virtually empty, so you 
need to sync sysvol from the original DC to the new one, but there is a 
gotcha, idmap.ldb on each DC is different, so you also need to sync 
idmap.ldb from the original DC to the new one, but you need to do this 
before you sync sysvol.


More information about the samba mailing list