[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 31 14:33:37 UTC 2021
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny via
> samba
> Verzonden: woensdag 31 maart 2021 16:03
> Aan: sambalist
> Onderwerp: Re: [Samba] Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE
>
> On 31/03/2021 14:56, Stefan Bellon wrote:
> > On Wed, 31 Mar, Rowland penny via samba wrote:
> >
> >> OK, I 'think' I may know what is going on here with unison and if I
> >> am correct, unless we can come up with a fix, we may have to
> >> recommend not using unison.
> >>
> >> O:LAG:BA is:
> >> O = owner
> >> LA = local Administrator
> >> G = group
> >> BA = BUILTIN\Administrators
> >>
> >> I 'think' unison is somehow mapping 'BUILTIN\Administrators' to 'root'
> > Ok, so I should be using the osync approach from
> >
> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_re
> plication_workaround instead of unison?
> >
> > Greetings,
> > Stefan
> >
> No, it is an artefact of Louis's script, the group on
> /var/lib/samba/sysvol should not be 'root', but Louis's script is
> showing it as such and to get the correct 'name', you will have to set
> up /etc/nsswitch.conf and the winbind links on the DC.
>
> Rowland
>
An artefact? Heheh.. i think, i need to add that nsswitch part also in the setup but yes, i think thats missing also, nsswitch setup.
This is my output. (Version 4.13.7-Debian)
Still from the same script (as used above)
getfacl /var/lib/samba/sysvol/
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol/
# owner: root
# group: BUILTIN\\administrators
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---
Greetz,
Louis
More information about the samba
mailing list