[Samba] Joining a new Samba AD DC
Rowland Penny
rpenny at samba.org
Fri Jul 28 18:29:59 UTC 2023
On 28/07/2023 19:04, Mark Foley via samba wrote:
>
> After checking with the previous run, these sysvolreset errors are the same as
> before, so syncing the sysvol didn't make any different.
>
> You wrote: "It looks to me that you have more GPO's in AD than you have on
> disk, ...". So, where are the "AD" versus "on disk" GPOs located? Is one of
> these locations /var/lib/samba/sysvol/hprs.local/policies/? I've rsync'ed the
> sysvol again. They are identical between the machines.
>
> Is this error possibly ignorable? I've checked and the rsync did copy the ACL
> attributes to the sysvol files and folders, so maybe this "ntacl sysvolreset"
> isn't really making any changes?
>
> Thanks --Mark
>
The Policies are stored in AD under 'CN=Policies,CN=System....', so to
see them you need to run something like this (changed to match your
setup) on a DC:
sudo ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Policies,CN=System,DC=samdom,DC=example,DC=com" -s one dn
You should get lines like this:
dn:
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=samdom,DC=example,DC=com
There should be one for every GPO stored on disk in sysvol.
Rowland
More information about the samba
mailing list