[Samba] SYSVOL ACL errors after rsync replication

Michal Sládek michal at sladkovi.eu
Sat Oct 8 13:53:20 UTC 2022

Hello Rowland!

Now I have both AD servers indentical:

Rocky Linux release 8.6 (Green Obsidian)
samba-4.16.5-0.el8.x86_64 (from Tanquill IT repo)

and the problem persists:

[root at ads1 /]# samba-tool ntacl sysvolcheck

[root at ads2 ~]# samba-tool ntacl sysvolreset
[root at ads2 ~]# samba-tool ntacl sysvolcheck
[root at ads2 ~]# rsync -XAavz --delete-after
--password-file=/etc/samba/rsync.passwd rsync://
sysvolrepuser at /var/lib/samba/sysvol/
[root at ads2 ~]# samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: VFS ACL on sysvol directory /var/lib/samba/sysvol/
does not match expected value
from provision
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line
186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/samba/netcmd/ntacl.py", line
446, in run
  File "/usr/lib64/python3.6/site-packages/samba/provision/__init__.py",
line 1873, in checksysvolacl
    raise ProvisioningError('%s ACL on sysvol directory %s %s does not
match expected value %s from provision' % (acl_type(direct_db_access),
dir_path, fsacl_sddl, SYSVOL_ACL))

Rsyncd configuration on ads1 is:

path = /var/lib/samba/sysvol/
comment = Samba Sysvol Share
uid = root
gid = root
read only = yes
auth users = sysvolrepuser
secrets file = /etc/samba/rsyncd.secret

Should I just add sysvolreset to rsync command in cron and let it be?
*/5 * * * *     rsync -XAavz --delete-after
--password-file=/etc/samba/rsync.passwd rsync://
sysvolrepuser at /var/lib/samba/sysvol/ && samba-tool
ntacl sysvolreset

Best regards


More information about the samba mailing list