[Samba] DC replications of FreeBSD samba-4.10.15

James B. Byrne byrnejb at harte-lyne.ca
Thu Jul 9 19:36:29 UTC 2020 

Following the wiki replication guide precisely I got to this step.

[root at smb4-2 ~ (master)]# rsync -XAavz --delete-after
smb4-1.brockley.harte-lyne.ca:/var/db/samba4/sysvol/ /var/db/samba4/sysvol/
receiving file list ... done
./
brockley.harte-lyne.ca/
. . .
brockley.harte-lyne.ca/scripts/

sent 142 bytes  received 1,683 bytes  3,650.00 bytes/sec
total size is 182  speedup is 0.10

[root at smb4-2 ~ (master)]# samba-tool ntacl sysvolreset
Processing section "[sysvol]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[netlogon]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service Unknown Service (snum == -1)
Processing section "[sysvol]"
Processing section "[netlogon]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service sysvol
set_canon_ace_list: sys_acl_set_file type file failed for file
/var/db/samba4/sysvol (Invalid argument).
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER.
ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was
passed to a service or function.')
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line
185, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/ntacl.py", line
283, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py",
line 1735, in setsysvolacl
    _setntacl(sysvol)
  File "/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py",
line 1732, in _setntacl
    service=SYSVOL_SERVICE, session_info=session_info)
  File "/usr/local/lib/python3.7/site-packages/samba/ntacls.py", line 232, in
setntacl
    service=service, session_info=session_info)


However, when I check the acls on smb4-2 I see this:

[root at smb4-2 ~ (master)]# getfacl /var/db/samba4/sysvol
# file: /var/db/samba4/sysvol
# owner: root
# group: 3000000
            owner@:rwxp----------:-------:deny
            owner@:------aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

Which appears not to match smb4-1:

[root at smb4-1 ~ (master)]# getfacl /var/db/samba4/sysvol
# file: /var/db/samba4/sysvol
# owner: root
# group: 3000000
     group:3000000:rwxpDdaARWcCo-:fd-----:allow
     group:3000001:r-x---a-R-c---:fd-----:allow
     group:3000002:rwxpDdaARWcCo-:fd-----:allow
     group:3000003:r-x---a-R-c---:fd-----:allow

So, I am not sure where to go from here.



-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list