Hi,
i have two DCs and they are replicate find. No errors. I use rsync to replicate
the sysvol folder. If I have a Windows 7 Machine over time it both DCs are used
to load the GPOs. When the Second DCs is used I get a GPO error. I found that
the folders and files are not with the correct xattr acls. I user rsync with -X
to sync xattr acls. I sed getfacl to compare the uids. I use sernet 4.1.9 but I
think i had also this problem with 4.1.7. maybe its not a samba problem but ...
e.g.
dc1 (PDC)
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: 3000005
# group: 3000005
user::rwx
user:3000003:rwx
user:3000011:r-x
user:3000018:rwx
user:3000019:r-x
group::rwx
group:3000003:rwx
group:3000005:rwx
group:3000011:r-x
group:3000018:rwx
group:3000019:r-x
mask::rwx
other::---
default:user::rwx
default:user:3000003:rwx
default:user:3000005:rwx
default:user:3000011:r-x
default:user:3000018:rwx
default:user:3000019:r-x
default:group::---
default:group:3000003:rwx
default:group:3000005:rwx
default:group:3000011:r-x
default:group:3000018:rwx
default:group:3000019:r-x
default:mask::rwx
default:other::---
dc2 (bdc)
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: 3000005
# group: 3000005
user::rwx
user:root:rwx
user:3000000:rwx
user:3000011:r-x
user:3000017:r-x
user:3000018:rwx
group::---
group:3000000:rwx
group:3000011:r-x
group:3000017:r-x
group:3000018:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000011:r-x
default:user:3000017:r-x
default:user:3000018:rwx
default:group::---
default:group:3000000:rwx
default:group:3000011:r-x
default:group:3000017:r-x
default:group:3000018:rwx
default:mask::rwx
default:other::---
when we compare these lines they are very different and translate them into sids
when we can see that.
dc1
-----------
dc1:/var/lib/samba/sysvol/swi.local/Policies # wbinfo --uid-to-sid=3000003
S-1-5-21-1143642306-2581635645-836595807-519
dc1:/var/lib/samba/sysvol/swi.local/Policies # wbinfo -s
S-1-5-21-1143642306-2581635645-836595807-519
SWI\Enterprise Admins 2
orion:/var/lib/samba/sysvol/swi.local/Policies #
dc2
-----------
dc2:/var/lib/samba/sysvol/swi.local # wbinfo --uid-to-sid=3000003
S-1-5-21-1143642306-2581635645-836595807-514
dc2:/var/lib/samba/sysvol/swi.local # wbinfo -s
S-1-5-21-1143642306-2581635645-836595807-514
SWI\Domain Guests 2
When I use gpupdate I on that win 7 I get
Updating Policy...
User policy could not be updated successfully. The following errors were
encountered:
The processing of Group Policy failed. Windows attempted to read the file
\\swi.local\SysVol\swi.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy s
ettings may not be applied until this event is resolved. This issue may be trans
ient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Is there anybody who can explain thze problem or can help?
Thanks
Sven
On Wed, 2014-07-02 at 15:30 +0000, Vogel, Sven wrote:> Hi, > > i have two DCs and they are replicate find.Mmm. Hi The best way to fix this is to copy the idmap db from dc1 to dc2 and issue sysvolreset. HTH Steve