[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE
bellon at axivion.com
Wed Mar 31 12:56:37 UTC 2021
Thanks a lot for helping me with this issue, very much appreciated.
On Wed, 31 Mar, Rowland penny via samba wrote:
> On 31/03/2021 12:03, Stefan Bellon via samba wrote:
> > As soon as I edit a group policy on the windows side, the messages
> > appear in the log and also sysvolcheck reports issues.
> Have you modified your users or groups in any way ?
I have not knowingly. I cannot say for sure regarding people that
worked on the old Samba domain before it was handed over to me to take
care of it.
> > Are the permissions that I showed in my last email correct? Is it
> > expected that on the GNU/Linux side the uid and gid of those
> > folders is something in the 3000000 range?
> Yes, as standard, all users and groups on a Samba AD DC have ID's in
> the '3000000' range.
> > Or is it expected that those belong to
> > root:root below sysvol?
> No it isn't.
Then I'm wondering how the unison sysvol replication is supposed to
work. After following
I ended up getting the sysvol on DC2 with root:root and different UNIX
permissions than on DC1 until I added
to the /root/.unison/default.prf. With that I get an - at least to my
eye - exact identical copy of sysvol on DC2.
> What is the output of 'sudo samba-tool ntacl
> get /var/lib/samba/sysvol --as-sddl'
root at dc1:~# samba-tool ntacl get /var/lib/samba/sysvol --as-sddl
root at dc2:~# samba-tool ntacl get /var/lib/samba/sysvol --as-sddl
More information about the samba