[Samba] SYSVOL ACL errors after rsync replication

Michal Sládek michal at sladkovi.eu
Fri Oct 7 13:43:33 UTC 2022


I am trying to setup new secondary DC in Samba domain and I face strange
problem with SYSVOL ACL. Each time I do rsync, I got ACL errors:

samba-tool ntacl sysvolreset
samba-tool ntacl sysvolcheck
rsync -XAavz --delete-after --password-file=/etc/samba/rsync.passwd rsync://
sysvolrepuser at /var/lib/samba/sysvol/
samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: VFS ACL on sysvol directory /var/lib/samba/sysvol/
does not match expected value
from provision
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line
186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/ntacl.py", line
446, in run
  File "/usr/lib64/python3.6/site-packages/samba/provision/__init__.py",
line 1873, in checksysvolacl
    raise ProvisioningError('%s ACL on sysvol directory %s %s does not
match expected value %s from provision' % (acl_type(direct_db_access),
dir_path, fsacl_sddl, SYSVOL_ACL))

I can fix the error with sysvolreset but since I synchronize SYSVOL
regularly, it gets broken again very soon.

I have compared ID mapping with:
ldbsearch -H /var/lib/samba/private/idmap.ldb
and databases on both servers are indentical.

Samba is 4.9.18 on primary DC and 4.16.5 on secondary DC.

I saw similar problem reported here:

Any help would be appreciated.

Best regards


More information about the samba mailing list