[Samba] sysvol maintenance/fix
Rowland Penny
rpenny at samba.org
Tue May 23 10:30:48 UTC 2023
On 23/05/2023 11:15, d tbsky via samba wrote:
> Hi:
> I am using samba 4.18.2 as domain controller. It is working fine
> with no problems.
> My samba data is 10 years old after many migrate/upgrade(both os and
> samba) . normally I only run "samba-tool dbcheck" after samba upgrade.
> today I want to spent some time to sysvol and found it failed
> immediately:
>
> /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> ERROR(<class 'OSError'>): Could not access
> /usr/local/samba/var/locks/sysvol/ad.example.com: No data available -
> [Errno 61] No data available:
> '/usr/local/samba/var/locks/sysvol/ad.example.com'
>
> searching the list I realized my problem is similar to the discussion below:
> https://lists.samba.org/archive/samba/2023-April/244714.html
>
> I don't have ntacl extend attribute for directories below(getfattr -d
> -m- return no ntacl):
> "/usr/local/samba/var/locks/sysvol/ad.example.com"
> "/usr/local/samba/var/locks/sysvol/ad.example.com/scripts"
> "/usr/local/samba/var/locks/sysvol/ad.example.com/Policies"
>
> but sub-directories under "Policies" seem fine. They have ntacl
> extended attributes and all my group policies work fine.
>
> I wonder how to fix the ntacl of the three directories? I don't know
> what "samba-tool ntacl sysvolrest" do so I don't want to execute that
> command blindly.
>
What sysvolreset does is basically what it says, it resets the
permissions on the sysvol directories. It is the fix you require,
provided the GPO's are there and that idmap.ldb is in sync on all DC's.
If you still have doubts, just ask and I will go into it in much deeper.
Rowland
More information about the samba
mailing list