[Samba] Access Denied to Netlogon Share on secondary DC

Dirk Laurenz samba at laurenz.ws
Mon May 4 21:18:02 UTC 2020

Hello Andrew,

i use the rsync script from the wiki....

crontabl -l

*/5 * * * *  rsync  -XAavz --delete-after

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Andrew Bartlett
via samba
Gesendet: Montag, 4. Mai 2020 23:10
An: Dirk Laurenz <samba at laurenz.ws>; samba at lists.samba.org
Betreff: Re: [Samba] Access Denied to Netlogon Share on secondary DC

On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba wrote:
> Hello $list,
> i can't access the netlogon share on the second dc. I got this error:
> Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964,  0]
> ../../source3/smbd/uid.c:448(change_to_user_internal)
> Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
> chdir_current_service() failed!

> I checked the rights which are identically on both nodes. Accessing as 
> admin works but not as user.

> I'm a little bit lost..

How are you syncronising the netlogon share?  You need to ensure the NT
ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset',
particularly if the idmap is not the same on both.

Andrew Bartlett

Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list