thr3ads.net - samba - [Samba] windows sysvol share [Mar 2015]

If this information is useful, please help other people find it:
Share via:

Adriana Moga

2015-Mar-18 13:17 UTC

[Samba] windows sysvol share

Hello,

I have manually mounted the SYSVOL share, sync it with samba and run
samba-tool ntacl sysvolreset.
But I'm not sure if all windows policies are acceptable by samba because of
errors logs:

2015/03/18 09:30:52.197934,  0]
../source3/smbd/oplock.c:338(oplock_timeout_handler)
  Oplock break failed for file
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
-- replying anyway

[2015/03/18 10:50:01.905964,  0]
../source3/smbd/oplock.c:338(oplock_timeout_handler)
  Oplock break failed for file
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
NT/SecEdit/GptTmpl.inf -- replying anyway
  STATUS=daemon 'smbd' finished starting up and ready to serve
connectionsOplock break failed for file
rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
-- replying anyway

What troubles could give these errors?

Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1
x86_64 GNU/Linux) is joined as a domain controller to an existing windows
domain.
Windows domain controllers (2003 R2, 2012R2) own FSMO roles.

smbstatus:

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock
SharePath   Name   Time
--------------------------------------------------------------------------------------------------
9881         3001393    DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH
/usr/local/samba/var/locks/sysvol
myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI   Wed Mar
18 14:00:41 2015

4928         3001476    DENY_WRITE 0x120089    RDONLY     NONE
/usr/local/samba/var/locks/sysvol
myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol

Also, I don't know what is wrong with sysvolcheck.

# /usr/local/samba/bin/samba-tool ntacl sysvolcheck
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2,
'No such
file or directory')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line
249, in run
    lp)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1726, in checksysvolacl
    direct_db_access)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1677, in check_gpos_acl
    domainsid, direct_db_access)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1621, in check_dir_acl
    fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
service=SYSVOL_SERVICE)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
line
73, in getntacl
    xattr.XATTR_NTACL_NAME


Thanks,

Rowland Penny

2015-Mar-18 13:36 UTC

head link

[Samba] windows sysvol share

On 18/03/15 13:17, Adriana Moga wrote:> Hello,
>
> I have manually mounted the SYSVOL share, sync it with samba and run
> samba-tool ntacl sysvolreset.
What do you mean 'manually mounted the SYSVOL share' ? how did you do
this ?
> But I'm not sure if all windows policies are acceptable by samba
because of
> errors logs:
>
> 2015/03/18 09:30:52.197934,  0]
> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>    Oplock break failed for file
>
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
> -- replying anyway
>
> [2015/03/18 10:50:01.905964,  0]
> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>    Oplock break failed for file
>
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
> NT/SecEdit/GptTmpl.inf -- replying anyway
>    STATUS=daemon 'smbd' finished starting up and ready to serve
> connectionsOplock break failed for file
>
rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
> -- replying anyway
What log is this from?

Can you post your smb.conf

Rowland
>
> What troubles could give these errors?
>
> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1
> x86_64 GNU/Linux) is joined as a domain controller to an existing windows
> domain.
> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
>
> smbstatus:
>
> Locked files:
> Pid          Uid        DenyMode   Access      R/W        Oplock
> SharePath   Name   Time
>
--------------------------------------------------------------------------------------------------
> 9881         3001393    DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH
> /usr/local/samba/var/locks/sysvol
> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI   Wed Mar
> 18 14:00:41 2015
>
> 4928         3001476    DENY_WRITE 0x120089    RDONLY     NONE
> /usr/local/samba/var/locks/sysvol
> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol
>
> Also, I don't know what is wrong with sysvolcheck.
>
> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> ERROR(<type 'exceptions.TypeError'>): uncaught exception -
(2, 'No such
> file or directory')
>    File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line
> 249, in run
>      lp)
>    File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1726, in checksysvolacl
>      direct_db_access)
>    File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1677, in check_gpos_acl
>      domainsid, direct_db_access)
>    File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> line 1621, in check_dir_acl
>      fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
> service=SYSVOL_SERVICE)
>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line
> 73, in getntacl
>      xattr.XATTR_NTACL_NAME
>
>
> Thanks,

Adriana Moga

2015-Mar-18 14:40 UTC

head link

[Samba] windows sysvol share

Of course, the sysvol is located on a windows controller from the forest.

mount -t cifs -o username=domain_admin_user
//windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol

and copied the files with -R --preserve to
/usr/local/samba/var/locks/sysvol/

Below logs are provided from /usr/local/samba/var/log.smbd file.

regards,

On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
> On 18/03/15 13:17, Adriana Moga wrote:
>
>> Hello,
>>
>> I have manually mounted the SYSVOL share, sync it with samba and run
>> samba-tool ntacl sysvolreset.
>>
>
> What do you mean 'manually mounted the SYSVOL share' ? how did you
do this
> ?
>
>  But I'm not sure if all windows policies are acceptable by samba
because
>> of
>> errors logs:
>>
>> 2015/03/18 09:30:52.197934,  0]
>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>    Oplock break failed for file
>> myDomain.local/Policies/{31B2F340-016D-11D2-945F-
>> 00C04FB984F9}/USER/Registry.pol
>> -- replying anyway
>>
>> [2015/03/18 10:50:01.905964,  0]
>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>    Oplock break failed for file
>> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/
>> Microsoft/Windows
>> NT/SecEdit/GptTmpl.inf -- replying anyway
>>    STATUS=daemon 'smbd' finished starting up and ready to serve
>> connectionsOplock break failed for file
>> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-
>> 00C04FB984F9}/USER/Registry.pol
>> -- replying anyway
>>
>
> What log is this from?
>
> Can you post your smb.conf
>
> Rowland
>
>
>
>> What troubles could give these errors?
>>
>> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1
>> x86_64 GNU/Linux) is joined as a domain controller to an existing
windows
>> domain.
>> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
>>
>> smbstatus:
>>
>> Locked files:
>> Pid          Uid        DenyMode   Access      R/W        Oplock
>> SharePath   Name   Time
>> ------------------------------------------------------------
>> --------------------------------------
>> 9881         3001393    DENY_NONE  0x20089     RDONLY    
EXCLUSIVE+BATCH
>> /usr/local/samba/var/locks/sysvol
>> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI   Wed
>> Mar
>> 18 14:00:41 2015
>>
>> 4928         3001476    DENY_WRITE 0x120089    RDONLY     NONE
>> /usr/local/samba/var/locks/sysvol
>> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/
>> User/Registry.pol
>>
>> Also, I don't know what is wrong with sysvolcheck.
>>
>> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
>> ERROR(<type 'exceptions.TypeError'>): uncaught exception
- (2, 'No such
>> file or directory')
>>    File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>      return self.run(*args, **kwargs)
>>    File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>> line
>> 249, in run
>>      lp)
>>    File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/
>> provision/__init__.py",
>> line 1726, in checksysvolacl
>>      direct_db_access)
>>    File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/
>> provision/__init__.py",
>> line 1677, in check_gpos_acl
>>      domainsid, direct_db_access)
>>    File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/
>> provision/__init__.py",
>> line 1621, in check_dir_acl
>>      fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
>> service=SYSVOL_SERVICE)
>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>> line
>> 73, in getntacl
>>      xattr.XATTR_NTACL_NAME
>>
>>
>> Thanks,
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Reasonably Related Threads

Search for more seemingly similar threads

samba - Mar 2015 - windows sysvol share

[Samba] windows sysvol share

[Samba] windows sysvol share

[Samba] windows sysvol share

Reasonably Related Threads