[Samba] Sysvol Replication workaround seems not work

Thomas Kempf listen at hueper.de
Fri Jul 30 06:29:55 UTC 2021

Hello all,
i'm in a network with about 40 OSX-Clients, a couple of Linux and 
Freebsd Servers and a growing number of win10 machines. I have two Samba 
Servers 4.9.5.-Debian on Debian-Buster running as DCs. For ID-Mapping 
i'm using the RFC-2307 ad.
I set up  the bidirectional sysvol Replication as documented in the Wiki 
with unison/rsync workaround.

As samba-tool complained about some sysvol permissions error, i've done 
a sysvolreset as advised in the wiki 
https://wiki.samba.org/index.php/Sysvolreset. because my Domain Admins 
group had a gidNumber.

The Sysvol seems ok on the machine to which i connected, but the 
ACL-changes during the sysvolreset don't get synchronized to the other DC.
When i create a new Policy Object synchronization seems to work.
Did i miss something here, or is it correct that ACL-only changes do not 
trigger resynchronisation via unison/rsync.
Kind regards

More information about the samba mailing list