[Samba] Access Denied to Netlogon Share on secondary DC
Andrew Bartlett
abartlet at samba.org
Mon May 4 21:10:23 UTC 2020
On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba wrote:
> Hello $list,
>
>
>
> i can't access the netlogon share on the second dc. I got this error:
>
>
>
> Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964, 0]
> ../../source3/smbd/uid.c:448(change_to_user_internal)
>
> Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal:
> chdir_current_service() failed!
>
>
>
> I checked the rights which are identically on both nodes. Accessing
> as admin
> works but not as user.
>
> I'm a little bit lost..
>
How are you syncronising the netlogon share? You need to ensure the NT
ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset',
particularly if the idmap is not the same on both.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list