[Samba] SYSVOL ACL errors after rsync replication
rpenny at samba.org
Sat Oct 8 15:25:44 UTC 2022
On 08/10/2022 14:53, Michal Sládek via samba wrote:
> Hello Rowland!
> Now I have both AD servers indentical:
> Rocky Linux release 8.6 (Green Obsidian)
> samba-4.16.5-0.el8.x86_64 (from Tanquill IT repo)
> and the problem persists:
> Should I just add sysvolreset to rsync command in cron and let it be?
> */5 * * * * rsync -XAavz --delete-after
> --password-file=/etc/samba/rsync.passwd rsync://
> sysvolrepuser at 192.168.222.111/SysVol/ /var/lib/samba/sysvol/ && samba-tool
> ntacl sysvolreset
You need to ensure that idmap.ldb and sysvol on all DC's are kept in
sync, then run sysvolreset. Running sysvolreset ensures that all the
directories/files in sysvol have the permissions that Windows expects.
Now that you are running 4.16.x on all DC's, you have removed multiple
CVE's that your old 4.9.x was vulnerable to and you are now using a much
newer version of Heimdal, 8.0pre to be precise. You are now much safer.
More information about the samba