Of course, the sysvol is located on a windows controller from the forest. mount -t cifs -o username=domain_admin_user //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol and copied the files with -R --preserve to /usr/local/samba/var/locks/sysvol/ Below logs are provided from /usr/local/samba/var/log.smbd file. regards, On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 18/03/15 13:17, Adriana Moga wrote: > >> Hello, >> >> I have manually mounted the SYSVOL share, sync it with samba and run >> samba-tool ntacl sysvolreset. >> > > What do you mean 'manually mounted the SYSVOL share' ? how did you do this > ? > > But I'm not sure if all windows policies are acceptable by samba because >> of >> errors logs: >> >> 2015/03/18 09:30:52.197934, 0] >> ../source3/smbd/oplock.c:338(oplock_timeout_handler) >> Oplock break failed for file >> myDomain.local/Policies/{31B2F340-016D-11D2-945F- >> 00C04FB984F9}/USER/Registry.pol >> -- replying anyway >> >> [2015/03/18 10:50:01.905964, 0] >> ../source3/smbd/oplock.c:338(oplock_timeout_handler) >> Oplock break failed for file >> myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/ >> Microsoft/Windows >> NT/SecEdit/GptTmpl.inf -- replying anyway >> STATUS=daemon 'smbd' finished starting up and ready to serve >> connectionsOplock break failed for file >> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F- >> 00C04FB984F9}/USER/Registry.pol >> -- replying anyway >> > > What log is this from? > > Can you post your smb.conf > > Rowland > > > >> What troubles could give these errors? >> >> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian 3.2.65-1 >> x86_64 GNU/Linux) is joined as a domain controller to an existing windows >> domain. >> Windows domain controllers (2003 R2, 2012R2) own FSMO roles. >> >> smbstatus: >> >> Locked files: >> Pid Uid DenyMode Access R/W Oplock >> SharePath Name Time >> ------------------------------------------------------------ >> -------------------------------------- >> 9881 3001393 DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH >> /usr/local/samba/var/locks/sysvol >> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI Wed >> Mar >> 18 14:00:41 2015 >> >> 4928 3001476 DENY_WRITE 0x120089 RDONLY NONE >> /usr/local/samba/var/locks/sysvol >> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/ >> User/Registry.pol >> >> Also, I don't know what is wrong with sysvolcheck. >> >> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck >> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such >> file or directory') >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", >> line 175, in _run >> return self.run(*args, **kwargs) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", >> line >> 249, in run >> lp) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/ >> provision/__init__.py", >> line 1726, in checksysvolacl >> direct_db_access) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/ >> provision/__init__.py", >> line 1677, in check_gpos_acl >> domainsid, direct_db_access) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/ >> provision/__init__.py", >> line 1621, in check_dir_acl >> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, >> service=SYSVOL_SERVICE) >> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", >> line >> 73, in getntacl >> xattr.XATTR_NTACL_NAME >> >> >> Thanks, >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 18/03/15 14:40, Adriana Moga wrote:> Of course, the sysvol is located on a windows controller from the forest. > > mount -t cifs -o username=domain_admin_user > //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol > > and copied the files with -R --preserve to > /usr/local/samba/var/locks/sysvol/ > > Below logs are provided from /usr/local/samba/var/log.smbd file. > > regards, > > On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny > <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote: > > On 18/03/15 13:17, Adriana Moga wrote: > > Hello, > > I have manually mounted the SYSVOL share, sync it with samba > and run > samba-tool ntacl sysvolreset. > > > What do you mean 'manually mounted the SYSVOL share' ? how did you > do this ? > > But I'm not sure if all windows policies are acceptable by > samba because of > errors logs: > > 2015/03/18 09:30:52.197934, 0] > ../source3/smbd/oplock.c:338(oplock_timeout_handler) > Oplock break failed for file > myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol > -- replying anyway > > [2015/03/18 10:50:01.905964, 0] > ../source3/smbd/oplock.c:338(oplock_timeout_handler) > Oplock break failed for file > myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows > NT/SecEdit/GptTmpl.inf -- replying anyway > STATUS=daemon 'smbd' finished starting up and ready to serve > connectionsOplock break failed for file > rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol > -- replying anyway > > > What log is this from? > > Can you post your smb.conf > > Rowland > > > > What troubles could give these errors? > > Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian > 3.2.65-1 > x86_64 GNU/Linux) is joined as a domain controller to an > existing windows > domain. > Windows domain controllers (2003 R2, 2012R2) own FSMO roles. > > smbstatus: > > Locked files: > Pid Uid DenyMode Access R/W Oplock > SharePath Name Time > -------------------------------------------------------------------------------------------------- > 9881 3001393 DENY_NONE 0x20089 RDONLY > EXCLUSIVE+BATCH > /usr/local/samba/var/locks/sysvol > myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI > Wed Mar > 18 14:00:41 2015 > > 4928 3001476 DENY_WRITE 0x120089 RDONLY NONE > /usr/local/samba/var/locks/sysvol > myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol > > Also, I don't know what is wrong with sysvolcheck. > > # /usr/local/samba/bin/samba-tool ntacl sysvolcheck > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, > 'No such > file or directory') > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", > line > 249, in run > lp) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 1726, in checksysvolacl > direct_db_access) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 1677, in check_gpos_acl > domainsid, direct_db_access) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 1621, in check_dir_acl > fsacl = getntacl(lp, path, direct_db_access=direct_db_access, > service=SYSVOL_SERVICE) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line > 73, in getntacl > xattr.XATTR_NTACL_NAME > > > Thanks, > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >This raises more questions than what it answers: Why are you doing this? Why do you expect it to work? Have you joined the samba4 machine to the domain as a secondary DC? And lastly (and for the second time of asking) can you post your smb.conf from the samba4 machine. Rowland
Hi,
we had the same problem with the user profiles and the sysvol share under
debian 7.8 and samba 4.1.17 on the DCs and the file server. But in our case
without any copying from Windows Servers. So these are the samba created
shares and data.
The only way I found to solve the problem was to disable the opportunistic
locks. I've added the following lines to the smb.conf for the shares:
oplocks = no
level2 oplocks = no
This at least solved the problem.
In case of the sysvol some Group Policies were locked and not used during
logon on the client. And in case of the roaming profiles the ntuser.dat was
locked, so on the clients always a local temporary profil was used.
Andreas
Am Mittwoch, 18. M?rz 2015, 16:40:39 schrieb Adriana
Moga:> Of course, the sysvol is located on a windows controller from the forest.
>
> mount -t cifs -o username=domain_admin_user
> //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol
>
> and copied the files with -R --preserve to
> /usr/local/samba/var/locks/sysvol/
>
> Below logs are provided from /usr/local/samba/var/log.smbd file.
>
> regards,
>
> On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <rowlandpenny at
googlemail.com>
> wrote:
> > On 18/03/15 13:17, Adriana Moga wrote:
> >> Hello,
> >>
> >> I have manually mounted the SYSVOL share, sync it with samba and
run
> >> samba-tool ntacl sysvolreset.
> >
> > What do you mean 'manually mounted the SYSVOL share' ? how did
you do this
> > ?
> >
> > But I'm not sure if all windows policies are acceptable by samba
because
> >
> >> of
> >> errors logs:
> >>
> >> 2015/03/18 09:30:52.197934, 0]
> >> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> >>
> >> Oplock break failed for file
> >>
> >> myDomain.local/Policies/{31B2F340-016D-11D2-945F-
> >> 00C04FB984F9}/USER/Registry.pol
> >> -- replying anyway
> >>
> >> [2015/03/18 10:50:01.905964, 0]
> >> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
> >>
> >> Oplock break failed for file
> >>
> >>
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/
> >> Microsoft/Windows
> >> NT/SecEdit/GptTmpl.inf -- replying anyway
> >>
> >> STATUS=daemon 'smbd' finished starting up and ready to
serve
> >>
> >> connectionsOplock break failed for file
> >> rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-
> >> 00C04FB984F9}/USER/Registry.pol
> >> -- replying anyway
> >
> > What log is this from?
> >
> > Can you post your smb.conf
> >
> > Rowland
> >
> >> What troubles could give these errors?
> >>
> >> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian
3.2.65-1
> >> x86_64 GNU/Linux) is joined as a domain controller to an existing
windows
> >> domain.
> >> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
> >>
> >> smbstatus:
> >>
> >> Locked files:
> >> Pid Uid DenyMode Access R/W Oplock
> >> SharePath Name Time
> >> ------------------------------------------------------------
> >> --------------------------------------
> >> 9881 3001393 DENY_NONE 0x20089 RDONLY
EXCLUSIVE+BATCH
> >> /usr/local/samba/var/locks/sysvol
> >> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI
Wed
> >> Mar
> >> 18 14:00:41 2015
> >>
> >> 4928 3001476 DENY_WRITE 0x120089 RDONLY NONE
> >> /usr/local/samba/var/locks/sysvol
> >> myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/
> >> User/Registry.pol
> >>
> >> Also, I don't know what is wrong with sysvolcheck.
> >>
> >> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> >> ERROR(<type 'exceptions.TypeError'>): uncaught
exception - (2, 'No such
> >> file or directory')
> >>
> >> File
> >>
> >>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >> line 175, in _run
> >>
> >> return self.run(*args, **kwargs)
> >>
> >> File
> >>
> >>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> >> line
> >> 249, in run
> >>
> >> lp)
> >>
> >> File
> >>
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1726, in checksysvolacl
> >>
> >> direct_db_access)
> >>
> >> File
> >>
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1677, in check_gpos_acl
> >>
> >> domainsid, direct_db_access)
> >>
> >> File
> >>
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/
> >> provision/__init__.py",
> >> line 1621, in check_dir_acl
> >>
> >> fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
> >>
> >> service=SYSVOL_SERVICE)
> >>
> >> File
"/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
> >>
> >> line
> >> 73, in getntacl
> >>
> >> xattr.XATTR_NTACL_NAME
> >>
> >> Thanks,
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
Sorry, I have omitted to post the config file.
# cat /usr/local/samba/etc/smb.conf
[global]
workgroup = myDomain
realm = myDomain.local
netbios name = DCLINUX
server role = active directory domain controller
dsdb:schema update allowed = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/rcs-rds.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
I have joined samba as a Domain Controller in a windows domain. Directory
replication has no problems, "samba-tool drs showrepl" shows
connections
with other DC. Just some time to time "samba-tool show repl" gives a
"NT_STATUS_IO_TIMEOUT". I don't know why.
# /usr/local/samba/bin/samba-tool drs options
Current DSA options: IS_GC
Replication of the Sysvol isn't implemented, so I manually mounted the
share.
Clients connections:
# /usr/local/samba/bin/net status sessions
PID Username Group Machine
-------------------------------------------------------------------
12440 3000351 3000023 ...198.200 (ipv4:..198.200:61735)
12415 3001838 users ...227.68 (ipv4:...227.68:2647)
12320 3000376 users ...197.38 (ipv4:...197.38:64120)
11746 3001173 3000023 ...14.46 (ipv4:...14.46:57925)
thanks!
On Wed, Mar 18, 2015 at 4:45 PM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
> On 18/03/15 14:40, Adriana Moga wrote:
>
> Of course, the sysvol is located on a windows controller from the
> forest.
>
> mount -t cifs -o username=domain_admin_user
> //windowsDC.myDomain.local/SYSVOL /mnt/smb/sysvol
>
> and copied the files with -R --preserve to
> /usr/local/samba/var/locks/sysvol/
>
> Below logs are provided from /usr/local/samba/var/log.smbd file.
>
> regards,
>
> On Wed, Mar 18, 2015 at 3:36 PM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>> On 18/03/15 13:17, Adriana Moga wrote:
>>
>>> Hello,
>>>
>>> I have manually mounted the SYSVOL share, sync it with samba and
run
>>> samba-tool ntacl sysvolreset.
>>>
>>
>> What do you mean 'manually mounted the SYSVOL share' ? how did
you do
>> this ?
>>
>> But I'm not sure if all windows policies are acceptable by samba
because
>>> of
>>> errors logs:
>>>
>>> 2015/03/18 09:30:52.197934, 0]
>>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>> Oplock break failed for file
>>>
>>>
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
>>> -- replying anyway
>>>
>>> [2015/03/18 10:50:01.905964, 0]
>>> ../source3/smbd/oplock.c:338(oplock_timeout_handler)
>>> Oplock break failed for file
>>>
>>>
myDomain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows
>>> NT/SecEdit/GptTmpl.inf -- replying anyway
>>> STATUS=daemon 'smbd' finished starting up and ready to
serve
>>> connectionsOplock break failed for file
>>>
>>>
rcs-rds.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Registry.pol
>>> -- replying anyway
>>>
>>
>> What log is this from?
>>
>> Can you post your smb.conf
>>
>> Rowland
>>
>>
>>
>>> What troubles could give these errors?
>>>
>>> Samba version 4.1.15 - Debian 7.8 (3.2.0-4-amd64 #1 SMP Debian
3.2.65-1
>>> x86_64 GNU/Linux) is joined as a domain controller to an existing
windows
>>> domain.
>>> Windows domain controllers (2003 R2, 2012R2) own FSMO roles.
>>>
>>> smbstatus:
>>>
>>> Locked files:
>>> Pid Uid DenyMode Access R/W Oplock
>>> SharePath Name Time
>>>
>>>
--------------------------------------------------------------------------------------------------
>>> 9881 3001393 DENY_NONE 0x20089 RDONLY
EXCLUSIVE+BATCH
>>> /usr/local/samba/var/locks/sysvol
>>> myDomain/Policies/{8F6D6798-D5A0-4BED-9548-88E45918ADA0}/GPT.INI
Wed
>>> Mar
>>> 18 14:00:41 2015
>>>
>>> 4928 3001476 DENY_WRITE 0x120089 RDONLY NONE
>>> /usr/local/samba/var/locks/sysvol
>>>
>>>
myDomain/Policies/{7AAC2031-1B06-487B-9520-603666A7F00D}/User/Registry.pol
>>>
>>> Also, I don't know what is wrong with sysvolcheck.
>>>
>>> # /usr/local/samba/bin/samba-tool ntacl sysvolcheck
>>> ERROR(<type 'exceptions.TypeError'>): uncaught
exception - (2, 'No such
>>> file or directory')
>>> File
>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>> return self.run(*args, **kwargs)
>>> File
>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>>> line
>>> 249, in run
>>> lp)
>>> File
>>>
>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1726, in checksysvolacl
>>> direct_db_access)
>>> File
>>>
>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1677, in check_gpos_acl
>>> domainsid, direct_db_access)
>>> File
>>>
>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>> line 1621, in check_dir_acl
>>> fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
>>> service=SYSVOL_SERVICE)
>>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>>> line
>>> 73, in getntacl
>>> xattr.XATTR_NTACL_NAME
>>>
>>>
>>> Thanks,
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
> This raises more questions than what it answers:
>
> Why are you doing this?
> Why do you expect it to work?
> Have you joined the samba4 machine to the domain as a secondary DC?
>
> And lastly (and for the second time of asking) can you post your smb.conf
> from the samba4 machine.
>
> Rowland
>