[Samba] Sysvol issues after DC migration

Oleg Blyahher oleg.blyahher at bluetest.se
Tue Mar 16 15:41:26 UTC 2021


Yup, you are absolutely right, in both GPO management and 'samba-tool 
gpo listall' I get 4 GPOs, but only 3 are listed in 
/var/lib/samba/sysvol/domain.com/Policies

The one missing there is "*Default Domain Controllers Policy*", aka 
{6AC1786C-016F-11D2-945F-00C04FB984F9}

If I rerun samba-tool ntacl sysvolreset, I get the same error:

connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' 
and 'force unknown acl user = true' for service sysvol set_nt_acl_conn: 
init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND 
ERROR(runtime): uncaught exception - (3221225524, 'The object name is 
not found.') File 
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in 
_run return self.run(*args, **kwargs) File 
"/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 415, in run 
lp, use_ntvfs=use_ntvfs) File 
"/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1782, 
in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, 
samdb, lp, use_ntvfs, passdb=s4_passdb) File 
"/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1676, 
in set_gpos_acl passdb=passdb) File 
"/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1637, 
in set_dir_acl setntacl(lp, path, acl, domsid, session_info, 
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, 
service=service) File "/usr/lib/python3/dist-packages/samba/ntacls.py", 
line 238, in setntacl service=service, session_info=session_info)

Should I delete this policy from AD? Or maybe recreate the internal 
structure somehow? 'samba-tool gpo create ....'?

Oleg


More information about the samba mailing list