[Samba] sysvol issues

Rowland Penny rpenny at samba.org
Sat Jun 29 17:14:41 UTC 2024 

On Sat, 29 Jun 2024 12:56:16 -0400
Sonic via samba <samba at lists.samba.org> wrote:

> On Sat, Jun 29, 2024 at 12:46 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > So, from the sound of it, you have one DC in one domain that is
> > giving no problems (apart from the Windows problem), but another DC
> > in a different domain that prints the error message. So what is
> > different ? There must be a difference, are they using the same OS
> > and Samba version, are the conf files different ?
> 
> As to the standard (ignoring the idmap issue) sysvolcheck failures -
> if I edit or create a GPO using RSAT from a Windows client, logged on
> as a Domain Admin or the Domain Administrator, then sysvolcheck fails.
> If I delete that GPO then sysvolcheck passes. Or I can leave the
> edited or created GPO and run sysvolreset to fix the issue.

I once did some testing against a w12kR2 DC and the ACLs that a Samba
DC uses were different from the Windows ACLs. It could be that ADUC
expects the Windows ACLs and Samba has set them to the Samba ones. This
shouldn't affect sysvolreset because it should just silently reset them
to what it thinks are correct.

> 
> Is it normal that one needs to run sysvolreset after every GPO edit or
> create? If not, how to fix?

To be honest, it probably is normal.

> 
> The config files are virtually the same (posted earlier), outside of
> address, domain name, etc.
> 
> They both have the GPO issue. Only one of them displays the continuous
> "idmap range not specified for domain '*'" when attempting to run
> sysvolreset while samba is active. That system has been upgraded from
> 4.19.6-Debian to 4.20.2-Debian-4.20.2+dfsg-2~bpo12+2 - the upgrade did
> not solve the issue. I haven't had a time window to upgrade the other
> system which is running 4.19.6-Debian.
> 

The DC I tested on is running 4.20.2 on Debian and I get no output, the
command runs silently.

The error message is coming from the 'testparm' code, so I am unsure
why sysvolreset is outputting it.
 
Rowland

More information about the samba mailing list