David Mulder
2023-Dec-06 13:40 UTC
[Samba] samba-tool gpo admxload loads into the wrong server
On 12/5/23 8:45 PM, bd730c5053df9efb via samba wrote:> Hi! > > I had a samba 4.10.8 (DC1) AD DC which was holding all the FSMO roles and a samba 4.18.9 (DC2) AD DC with one way sysvol replication using rsync from DC1 to DC2. Since I'm trying to get the admx files for group policy editor into de DC I succesfully transfered the FSMO roles from DC1 to DC2 with "samba-tool fsmo transfer role=all -U SAMDOM\\Administrator" which I can confirm with "samba-tool fsmo show" and I reversed the one way synchronization with rsync from DC2 to DC1. > > Now when I try to load admx files into DC2 with the command "samba-tool gpo admxload -H dc2.samdom.example.com -U SAMDOM\\Administrator" I couldn't find the PolicyDefinitions in DC2's sysvol path but I was able to see it briefly in DC1's sysvol path, I assume it disappears on the next run of rsync. Does anybody know why the admx templates would be uploaded to DC1 instead of DC2 even when I specify the -H parameter with DC2's hostname and what could I do differently to get the templates into the correct DC's sysvol share.I just skimmed the code, and I think specifying `samba-tool gpo admxload -H ldap://dc2.samdom.example.com -U SAMDOM\\Administrator` may fix this (note that I added `ldap://` to the front of your target server). If you explicitly specify that this is an ldap server, the code chooses that url, otherwise it sends a request to that server to find a writable directory server (which doesn't make a lot of sense here, since we're just writing to the sysvol share). -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com
Rowland Penny
2023-Dec-06 13:54 UTC
[Samba] samba-tool gpo admxload loads into the wrong server
On Wed, 6 Dec 2023 06:40:09 -0700 David Mulder via samba <samba at lists.samba.org> wrote:> > On 12/5/23 8:45 PM, bd730c5053df9efb via samba wrote: > > Hi! > > > > I had a samba 4.10.8 (DC1) AD DC which was holding all the FSMO > > roles and a samba 4.18.9 (DC2) AD DC with one way sysvol > > replication using rsync from DC1 to DC2. Since I'm trying to get > > the admx files for group policy editor into de DC I succesfully > > transfered the FSMO roles from DC1 to DC2 with "samba-tool fsmo > > transfer role=all -U SAMDOM\\Administrator" which I can confirm > > with "samba-tool fsmo show" and I reversed the one way > > synchronization with rsync from DC2 to DC1. > > > > Now when I try to load admx files into DC2 with the command > > "samba-tool gpo admxload -H dc2.samdom.example.com -U > > SAMDOM\\Administrator" I couldn't find the PolicyDefinitions in > > DC2's sysvol path but I was able to see it briefly in DC1's sysvol > > path, I assume it disappears on the next run of rsync. Does anybody > > know why the admx templates would be uploaded to DC1 instead of DC2 > > even when I specify the -H parameter with DC2's hostname and what > > could I do differently to get the templates into the correct DC's > > sysvol share. > > I just skimmed the code, and I think specifying `samba-tool gpo > admxload -H ldap://dc2.samdom.example.com -U SAMDOM\\Administrator` > may fix this (note that I added `ldap://` to the front of your target > server). If you explicitly specify that this is an ldap server, the > code chooses that url, otherwise it sends a request to that server to > find a writable directory server (which doesn't make a lot of sense > here, since we're just writing to the sysvol share). >I seem to remember we have been here before. Unless you specify which DC to use with 'ldap://' at the start, the code will use any DC it can find and that DC might not be the one you want. Of course once sysvol is replicated it shouldn't matter, but if you think the code is going to one DC and it ends up on another, this can be confusing. Rowland