Good evening list,
I host a small samba AD domain with three DC:s (DC1, DC2 and DC3).
DC1 and DC2 are running on CentOS 6 with samba 4.9.8, so quite old.
Beginning of january this year I set up a new DC (DC3) on CentOS 8 with samba
4.15.3 which i joined to the existing domain (following the guide at
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory).
Domain join etc went fine and replication has been working without problems.
Sysvol is syncing from DC1 (rsync).
When going through the logs on the new DC3 (/var/log/messages) the other day I
noticed the following entries, which seems to have been showing up for quite
some time (the following are just a few examples):
Mar 18 15:22:14 dc3 smbd[1141366]: [2022/03/18 15:22:14.540124, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 15:22:14 dc3 smbd[1141366]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30500, gid=20513, 8 groups: 20513 3000016 3000021 3000012 3000013
3000003 3000008 3000015
Mar 18 15:22:25 dc3 smbd[1141366]: [2022/03/18 15:22:25.184581, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 15:22:25 dc3 smbd[1141366]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30500, gid=20513, 8 groups: 20513 3000016 3000021 3000012 3000013
3000003 3000008 3000015
Mar 18 15:24:34 dc3 smbd[1141394]: [2022/03/18 15:24:34.431021, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 16:34:24 dc3 smbd[1142706]: [2022/03/18 16:34:24.254799, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 16:34:24 dc3 smbd[1142706]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30521, gid=20513, 6 groups: 20513 3000012 3000013 3000003 3000008
3000015
Mar 18 16:34:34 dc3 smbd[1142706]: [2022/03/18 16:34:34.934111, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 16:34:34 dc3 smbd[1142706]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30521, gid=20513, 6 groups: 20513 3000012 3000013 3000003 3000008
3000015
Mar 18 20:44:47 dc3 smbd[1147430]: [2022/03/18 20:44:47.046280, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 20:44:47 dc3 smbd[1147430]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30506, gid=20513, 8 groups: 20513 3000021 3000016 3000012 3000013
3000003 3000008 3000015
Mar 18 20:44:57 dc3 smbd[1147430]: [2022/03/18 20:44:57.668028, 0]
../../source3/smbd/service.c:171(chdir_current_service)
Mar 18 20:44:57 dc3 smbd[1147430]: chdir_current_service:
vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
token: uid=30506, gid=20513, 8 groups: 20513 3000021 3000016 3000012 3000013
3000003 3000008 3000015
The UID:s and GID (20513) in the lines above are for various domain users and
the ?domain users? group.
Following the thread at
https://lists.samba.org/archive/samba/2020-October/232743.html I have checked
that the permissions of the sysvol directory is identical for DC1 (FSMO role
holder) and the new DC3. I have also tried running samba-tool ntacl sysvolreset
on DC3 which did not help (since the above log entries kept showing up).
If anyone could provide some thoughts on this I would be very grateful.
Kind regards,
Carlos