[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
Rick Hollinbeck
admin at westernwares.com
Wed Mar 26 15:13:09 UTC 2025
Rowland and Michael...
Thanks for the help - it sounds like I should be close to getting this
working.
More troubleshooting...
Here is what my test Samba AD has after being freshly provisioned:
[drwxr-xr-x root root ]
/var/lib/samba/sysvol/sambatest327.com/Policies
├── [drwxr-xr-x root root ] {31B2F340-016D-11D2-945F-00C04FB984F9}
│ ├── [-rwxrwx--- root 3000000 ] GPT.INI
│ ├── [drwxr-xr-x root root ] MACHINE
│ └── [drwxr-xr-x root 3000000 ] USER
└── [drwxr-xr-x root root ] {6AC1786C-016F-11D2-945F-00C04FB984F9}
├── [-rw-r--r-- root root ] GPT.INI
├── [drwxr-xr-x root root ] MACHINE
└── [drwxr-xr-x root root ] USER
Here is what my broken Samba 4.17.12 has:
[drwxr-xr-x root root ]
/var/lib/samba/sysvol/samdom.example.com/Policies
├── [drwxrwx--- root BUILTIN\administrators]
{31B2F340-016D-11D2-945F-00C04FB984F9}
│ ├── [-rwxrwx--- root BUILTIN\administrators] GPT.INI
│ ├── [drwxrwx--- root BUILTIN\administrators] MACHINE
│ └── [drwxrwx--- root BUILTIN\administrators] USER
└── [drwxrwx--- root BUILTIN\administrators]
{6AC1786C-016F-11D2-945F-00C04FB984F9}
├── [-rwxrwx--- root BUILTIN\administrators] GPT.INI
├── [drwxrwx--- root BUILTIN\administrators] MACHINE
└── [drwxrwx--- root BUILTIN\administrators] USER
So... just a slight difference in the group ownership.
Here is the final part of an strace on the sysvolreset attempt:
....
read(17, " policyguid=policyguid,"..., 8192) = 8192
read(17, "session_unix()\n fsacl = getnt"..., 8192) = 8192
read(17, "values for the krbtgt keys\n "..., 8192) = 8192
read(17, " up IPv6 addresses\")\n hos"..., 8192) = 8192
read(17, "rid=next_rid, dc_rid=dc_rid, adm"..., 8192) = 5075
read(17, "", 8192) = 0
close(17) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py",
{st_mode=S_IFREG|0644, st_size=24047, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py",
O_RDONLY|O_CLOEXEC) = 17
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=24047, ...},
AT_EMPTY_PATH) = 0
ioctl(17, TCGETS, 0x7fdf40b8e0) = -1 ENOTTY (Inappropriate ioctl
for device)
lseek(17, 0, SEEK_CUR) = 0
read(17, "# Unix SMB/CIFS implementation.\n"..., 4096) = 4096
read(17, "\n ntacl = ndr_unpack(xatt"..., 8192) = 8192
read(17, "n fdescr\n\n return fdescr.as_s"..., 8192) = 8192
read(17, "nfo, as_sddl=True)\n _"..., 8192) = 3567
read(17, "", 8192) = 0
close(17) = 0
newfstatat(AT_FDCWD, "/usr/bin", {st_mode=S_IFDIR|0755, st_size=45056,
...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11", {st_mode=S_IFDIR|0755,
st_size=20480, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py",
{st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py",
{st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3.11/__pycache__/ast.cpython-311.pyc",
O_RDONLY|O_CLOEXEC) = 17
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...},
AT_EMPTY_PATH) = 0
ioctl(17, TCGETS, 0x7fdf40b550) = -1 ENOTTY (Inappropriate ioctl
for device)
lseek(17, 0, SEEK_CUR) = 0
lseek(17, 0, SEEK_CUR) = 0
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...},
AT_EMPTY_PATH) = 0
read(17,
"\247\r\r\n\0\0\0\0*\202Kg\373\354\0\0\343\0\0\0\0\0\0\0\0\0\0\0\0\21\0\0"...,
108975) = 108974
read(17, "", 1) = 0
close(17) = 0
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f9dff9000
write(2, " File \"/usr/lib/python3/dist-pa"..., 158 File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
...
rest of traceback as before...
It's hard for me to tell how much of this strace is related to output of
the traceback itself after failing.
I'm still stumped here.
More information about the samba
mailing list