bd730c5053df9efb
2023-Dec-06  03:45 UTC
[Samba] samba-tool gpo admxload loads into the wrong server
Hi! I had a samba 4.10.8 (DC1) AD DC which was holding all the FSMO roles and a samba 4.18.9 (DC2) AD DC with one way sysvol replication using rsync from DC1 to DC2. Since I'm trying to get the admx files for group policy editor into de DC I succesfully transfered the FSMO roles from DC1 to DC2 with "samba-tool fsmo transfer role=all -U SAMDOM\\Administrator" which I can confirm with "samba-tool fsmo show" and I reversed the one way synchronization with rsync from DC2 to DC1. Now when I try to load admx files into DC2 with the command "samba-tool gpo admxload -H dc2.samdom.example.com -U SAMDOM\\Administrator" I couldn't find the PolicyDefinitions in DC2's sysvol path but I was able to see it briefly in DC1's sysvol path, I assume it disappears on the next run of rsync. Does anybody know why the admx templates would be uploaded to DC1 instead of DC2 even when I specify the -H parameter with DC2's hostname and what could I do differently to get the templates into the correct DC's sysvol share. Thanks in advance! Best regards, Dave. Sent with Proton Mail secure email.
David Mulder
2023-Dec-06  13:40 UTC
[Samba] samba-tool gpo admxload loads into the wrong server
On 12/5/23 8:45 PM, bd730c5053df9efb via samba wrote:> Hi! > > I had a samba 4.10.8 (DC1) AD DC which was holding all the FSMO roles and a samba 4.18.9 (DC2) AD DC with one way sysvol replication using rsync from DC1 to DC2. Since I'm trying to get the admx files for group policy editor into de DC I succesfully transfered the FSMO roles from DC1 to DC2 with "samba-tool fsmo transfer role=all -U SAMDOM\\Administrator" which I can confirm with "samba-tool fsmo show" and I reversed the one way synchronization with rsync from DC2 to DC1. > > Now when I try to load admx files into DC2 with the command "samba-tool gpo admxload -H dc2.samdom.example.com -U SAMDOM\\Administrator" I couldn't find the PolicyDefinitions in DC2's sysvol path but I was able to see it briefly in DC1's sysvol path, I assume it disappears on the next run of rsync. Does anybody know why the admx templates would be uploaded to DC1 instead of DC2 even when I specify the -H parameter with DC2's hostname and what could I do differently to get the templates into the correct DC's sysvol share.I just skimmed the code, and I think specifying `samba-tool gpo admxload -H ldap://dc2.samdom.example.com -U SAMDOM\\Administrator` may fix this (note that I added `ldap://` to the front of your target server). If you explicitly specify that this is an ldap server, the code chooses that url, otherwise it sends a request to that server to find a writable directory server (which doesn't make a lot of sense here, since we're just writing to the sysvol share). -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com