[Samba] sysvol permission errors on newly joined DC

Carlos Gardel carlosito2021 at outlook.com
Mon Mar 21 09:53:01 UTC 2022 

Hello Rowland and Louis,

Thank you so much for your help!

I think we have found the problem (and hopefully soon the solution).

Regarding the sysvol sync process I set everything up according to the tutorial at: https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround

Therefore I have the following in crontab (on DC3):

# Rsync Sysvol folder from DC1 to local
*/5 * * * * rsync -XAavz --delete-after --password-file=/usr/local/samba/etc/rsync-sysvol.secret rsync://sysvol-replication@192.168.xxx.xxx/SysVol/ /usr/local/samba/var/locks/sysvol

As you can see the rsync options are correctly set to: -XAavz.

What I have discovered now is that if I run the above crontab rsync command manually (as root) the extended attributes are synced.

This is the permissions on the /usr/local/samba/var/locks/sysvol/example.samdom.com folder after the manual rsync:

[root at dc3 sysvol]# ls -al
total 8
drwxrwx---+ 3 root 3000000  38 Feb  4  2015 .
drwxr-xr-x  4 root root    141 Mar 18 14:43 ..
drwxrwx---+ 4 root 3000000  37 Feb  4  2015 example.samdom.com

I.e. the extended attributes are there.

But if I wait for the scheduled crontab entry to run (every 5 minutes) the permissions are reverted to:

[root at dc3 sysvol]# ls -al
total 8
drwxrwx--- 3 root 3000000  38 Feb  4  2015 .
drwxr-xr-x 4 root root    141 Mar 18 14:43 ..
drwxrwx--- 4 root 3000000  37 Feb  4  2015 example.samdom.com

I.e. the extended attributes are gone.

I don’t understand why this is happening since it is the exact same rsync command that is run? Do you have any thoughts on this?

Kind regards,
Carlos


Från: Rowland Penny via samba<mailto:samba at lists.samba.org>
Skickat: den 21 mars 2022 10:15
Till: samba at lists.samba.org<mailto:samba at lists.samba.org>
Kopia: Rowland Penny<mailto:rpenny at samba.org>
Ämne: Re: [Samba] sysvol permission errors on newly joined DC

On Mon, 2022-03-21 at 08:56 +0000, spindles seven via samba wrote:
> On 21 March 2022 07:50 L. van Belle wrote:
> > Yes
> >
> > Rsync cant copy the extrended attributes, as far i now.
> > You can test it with : rsync -aX srv/ dst/
> >
> >
> > Greetz,
> >
> > Louis
> >
> Hi Louis,
> If this is the case why does the WiKi suggest using rsync/unison for
> example to synchronise sysvol?    From the WiKi the command
> uses:    /usr/bin/rsync -XAavz   ... etc    I've been using this and
> it works for me.
>
> Regards,
> Roy

If you are using rsync with '-XAavz' you are actually doing this:

-X                preserve extended attributes
-A                preserve ACLs (implies -p)
    -p             preserve permissions
-a                archive mode; equals -rlptgoD (no -H,-A,-X)
    -r             recurse into directories
    -l             copy symlinks as symlinks
    -p             preserve permissions
    -t             preserve modification times
    -g             preserve group
    -o             preserve owner (super-user only)
    -D             same as --devices --specials
        --devices               preserve device files (super-user only)
        --specials              preserve special files
-v              increase verbosity
-z              compress file data during the transfer

Note that '-X' preserves Extended Attributes.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list