[Samba] SYSVOL ACL errors after rsync replication
Michal Sládek
michal at sladkovi.eu
Fri Oct 7 13:43:33 UTC 2022
Hello!
I am trying to setup new secondary DC in Samba domain and I face strange
problem with SYSVOL ACL. Each time I do rsync, I got ACL errors:
samba-tool ntacl sysvolreset
samba-tool ntacl sysvolcheck
rsync -XAavz --delete-after --password-file=/etc/samba/rsync.passwd rsync://
sysvolrepuser at 192.168.222.111/SysVol/ /var/lib/samba/sysvol/
samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: VFS ACL on sysvol directory /var/lib/samba/sysvol/
ad.brotel.cz
O:LAG:BAD:(A;;0x001f01ff;;;LA)(A;;0x001f01ff;;;BA)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)
does not match expected value
O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
from provision
File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line
186, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.6/site-packages/samba/netcmd/ntacl.py", line
446, in run
lp)
File "/usr/lib64/python3.6/site-packages/samba/provision/__init__.py",
line 1873, in checksysvolacl
raise ProvisioningError('%s ACL on sysvol directory %s %s does not
match expected value %s from provision' % (acl_type(direct_db_access),
dir_path, fsacl_sddl, SYSVOL_ACL))
I can fix the error with sysvolreset but since I synchronize SYSVOL
regularly, it gets broken again very soon.
I have compared ID mapping with:
ldbsearch -H /var/lib/samba/private/idmap.ldb
and databases on both servers are indentical.
Samba is 4.9.18 on primary DC and 4.16.5 on secondary DC.
I saw similar problem reported here:
https://askubuntu.com/questions/1274367/sysvolcheck-returns-error-on-backup-dc-upon-each-replication
Any help would be appreciated.
Best regards
Michal
More information about the samba
mailing list