[Samba] SYSVOL ACL errors after rsync replication

Rowland Penny rpenny at samba.org
Sat Oct 8 15:25:44 UTC 2022

On 08/10/2022 14:53, Michal Sládek via samba wrote:
> Hello Rowland!
> Now I have both AD servers indentical:
> Rocky Linux release 8.6 (Green Obsidian)
> samba-4.16.5-0.el8.x86_64 (from Tanquill IT repo)
> and the problem persists:
> Should I just add sysvolreset to rsync command in cron and let it be?
> */5 * * * *     rsync -XAavz --delete-after
> --password-file=/etc/samba/rsync.passwd rsync://
> sysvolrepuser at /var/lib/samba/sysvol/ && samba-tool
> ntacl sysvolreset

You need to ensure that idmap.ldb and sysvol on all DC's are kept in 
sync, then run sysvolreset. Running sysvolreset ensures that all the 
directories/files in sysvol have the permissions that Windows expects.

Now that you are running 4.16.x on all DC's, you have removed multiple 
CVE's that your old 4.9.x was vulnerable to and you are now using a much 
newer version of Heimdal, 8.0pre to be precise. You are now much safer.


More information about the samba mailing list