[Samba] SysVol permission error on newly joined DV

Anantha Raghava raghav at exzatech.net
Wed Mar 5 10:45:18 UTC 2025 

Hello Team,

We are currently running with 8 Samba-AD servers in our domain, 
Initially we had 5, looking at the load and the DC - DR needs, we added 
3 more to have 4 Domain Controllers in DC and 4 Domain Controllers in DR.

Original 5 servers are having no issues and same version (4.19.5) is 
working without any issues. However, the 3 new servers, we observe that 
authentication or DNS queries or all other operations are working fine, 
except the below issue:

  "Mar 04 13:46:42 dc5.xxxxxx.com smbd[97680]: [2025/03/04 
13:46:42.911111,  0] 
../../source3/smbd/smb2_service.c:120(chdir_current_service)
Mar 04 13:46:42 dc5.xxxxxx.com smbd[97680]: chdir_current_service: 
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. 
Current tok>
Mar 04 13:46:42 dc5.xxxxxx.com smbd[97680]: [2025/03/04 
13:46:42.914143,  0] 
../../source3/smbd/smb2_service.c:120(chdir_current_service)
Mar 04 13:46:42 dc5.xxxxxx.com smbd[97680]: chdir_current_service: 
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. 
Current tok>"

The folder idmap.ldb is copied from the server holding the PDC Emulator 
FSMO role. The folder /usr/local/samba/var/locks/sysvol has the same 
same permissions - root:3000000 and 770, as in all other servers. On the 
host, selinux is disabled.

smb.conf:

# Global parameters [global] netbios name = dc6 realm = xxxxxxx.COM 
server role = active directory domain controller workgroup = xxxxxxx 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dns, dnsupdate workgroup = xxxxxxxx 
idmap_ldb:use rfc2307 = yes ldap server require strong auth = No allow 
dns updates = nonsecure tls priority = NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 
log level = 1 auth_audit:0 auth_json_audit:3 dsdb_json_audit:5 log file 
= /var/log/samba/dc6.log max log size = 1000000000 [sysvol] path = 
/usr/local/samba/var/locks/sysvol read only = No [netlogon] path = 
/usr/local/samba/var/locks/sysvol/xxxxxxx.com/scripts read only = 
NoAbove error is filling up our logs rapidly. We look forward for help & 
guidance from the community to fix this error. Thanks & regards, Raghav

More information about the samba mailing list