[Samba] sysvol permission errors on newly joined DC
L. van Belle
belle at samba.org
Mon Mar 21 07:50:04 UTC 2022
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos Gardel via samba
> Verzonden: zaterdag 19 maart 2022 1:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] sysvol permission errors on newly joined DC
>
> Hello Rowland and thank you for your reply!
>
> Yes, I have synced idmap.ldb from the DC holding the FSMO
> role (DC1). Output from "history" command on DC3:
> 288 rsync -av -e ssh
> root at DC1:/usr/local/samba/private/idmap.ldb.bak
> /usr/local/samba/private/
> 289 mv /usr/local/samba/private/idmap.ldb.bak
> /usr/local/samba/private/idmap.ldb
> 290 net cache flush
> 303 samba-tool ntacl sysvolreset
>
> When comparing the permissions of the
> /usr/local/samba/var/locks/sysvol folders on DC1 and DC3 i
> noticed the following.
>
> The sysvol folder itself has identical permissions on both DC:s:
>
> DC1:
> drwxrwx---+ 3 root 3000000 4096 Feb 4 2015 sysvol
>
> DC3:
> drwxrwx---+ 3 root 3000000 38 Feb 4 2015 sysvol
>
> But the subfolder, named as the domain, has the following
> permissions (real domain name is of course other than
> samdom.example.com):
>
> DC1:
> drwxrwx---+ 4 root 3000000 4096 Feb 4 2015 samdom.example.com
>
> DC3:
> drwxrwx--- 4 root 3000000 37 Feb 4 2015 samdom.example.com
>
> I.e the trailing "+" is missing on DC3.
>
> Same again with next subfolders:
>
> DC1:
> drwxrwx---+ 27 root 3000000 4096 Mar 18 14:26 Policies
> drwxrwx---+ 2 root 3000000 4096 Jul 9 2015 scripts
>
> DC3:
> drwxrwx--- 27 root 3000000 4096 Mar 18 14:26 Policies
> drwxrwx--- 2 root 3000000 23 Jul 9 2015 scripts
>
> Could this be the problem?
Yes
Rsync cant copy the extrended attributes, as far i now.
You can test it with : rsync -aX srv/ dst/
Greetz,
Louis
More information about the samba
mailing list