[Samba] sysvol permission errors on newly joined DC

[L. van Belle]

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Carlos Gardel via samba
> Verzonden: zaterdag 19 maart 2022 1:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] sysvol permission errors on newly joined DC
> 
> Hello Rowland and thank you for your reply!
> 
> Yes, I have synced idmap.ldb from the DC holding the FSMO 
> role (DC1). Output from "history" command on DC3:
>   288  rsync -av -e ssh 
> root at DC1:/usr/local/samba/private/idmap.ldb.bak 
> /usr/local/samba/private/
>   289  mv /usr/local/samba/private/idmap.ldb.bak 
> /usr/local/samba/private/idmap.ldb
>   290  net cache flush
>   303  samba-tool ntacl sysvolreset
> 
> When comparing the permissions of the 
> /usr/local/samba/var/locks/sysvol folders on DC1 and DC3 i 
> noticed the following.
> 
> The sysvol folder itself has identical permissions on both DC:s:
> 
> DC1:
> drwxrwx---+ 3 root 3000000  4096 Feb  4  2015 sysvol
> 
> DC3:
> drwxrwx---+ 3 root 3000000  38 Feb  4  2015 sysvol
> 
> But the subfolder, named as the domain, has the following 
> permissions (real domain name is of course other than 
> samdom.example.com):
> 
> DC1:
> drwxrwx---+ 4 root 3000000  4096 Feb  4  2015 samdom.example.com
> 
> DC3:
> drwxrwx--- 4 root 3000000  37 Feb  4  2015 samdom.example.com
> 
> I.e the trailing "+" is missing on DC3.
> 
> Same again with next subfolders:
> 
> DC1:
> drwxrwx---+ 27 root 3000000 4096 Mar 18 14:26 Policies
> drwxrwx---+  2 root 3000000 4096 Jul  9  2015 scripts
> 
> DC3:
> drwxrwx--- 27 root 3000000 4096 Mar 18 14:26 Policies
> drwxrwx---  2 root 3000000   23 Jul  9  2015 scripts
> 
> Could this be the problem?

Yes

Rsync cant copy the extrended attributes, as far i now. 
You can test it with : rsync -aX srv/ dst/ 


Greetz, 

Louis