Stephan Mattecka
2015-May-26 11:51 UTC
[Samba] [SAMBA] Problems with joining a second DC to AD
> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > An: "Stephan Mattecka" <ste-fun_s at gmx.de> > Cc: samba at lists.samba.org > Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > > On 26/05/15 10:42, Stephan Mattecka wrote: > > Gesendet: Donnerstag, 21. Mai 2015 um 19:06 Uhr > > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > > An: samba at lists.samba.org > > Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > > On 21/05/15 17:41, Stephan Mattecka wrote: > >> Hi Rowland and Louis, > >> > >> I did try both of your suggestions, but nothing changed on DC2. I did check all the DNS-settings (resolv.conf and hosts), so that I don't think that this is the reason for the error-messages. > >> > >> I did set the loglevel to 5 and will try to find the differences between both machines. These are just virtual machines to test the building of a AD-Domain before using it in real life. > >> > >> Regards > >> Stephan > >> > >> > >> > >> > >> Gesendet: Donnerstag, 21. Mai 2015 um 10:39 Uhr > >> Von: "L.P.H. van Belle" <belle at bazuin.nl> > >> An: "samba at lists.samba.org" <samba at lists.samba.org> > >> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > >> Hai, > >> > >> I hope, your domain is not .lan ( reserved name for mDNS ) > >> can be used, but can give problemens. > >> > >> in smb.conf > >> change : > >> interfaces = lo, eth0 > >> to > >> interfaces = lo, IP_of_eth0 > >> > >> and make sure your /etc/hosts and /etc/resolv.conf on DC2 are correct. > >> make sure you have in /etc/resolv.conf on DC2. > >> search example.lan > >> nameserver IP_OF_DC1 > >> > >> > >> > >> and try again. > >> > >> Greetz, > >> > >> Louis > >> > >> > >> > >>> -----Oorspronkelijk bericht----- > >>> Van: ste-fun_s at gmx.de [mailto:samba-bounces at lists.samba.org] > >>> Namens Stephan Mattecka > >>> Verzonden: donderdag 21 mei 2015 9:18 > >>> Aan: samba at lists.samba.org > >>> Onderwerp: [Samba] [SAMBA] Problems with joining a second DC to AD > >>> > >>> Hello, > >>> > >>> I try to setup an AD-Domain with the help of Sernet-Samba > >>> packages. Currently I'm using Scientific Linux (SL) 6.6 and > >>> Sernet-Samba 4.1.17 packages. I tried the procedure two times > >>> with fresh minimal SL installations. > >>> > >>> I could successfully install a AD-Domain-Controller. > >>> Now I tried to add a second DC to this AD-Domain and followed > >>> carefully the instructions at the samba wiki. > >>> I could also join the second DC to my domain, but when I try to run > >>> > >>> samba-tool ntacl sysvolreset > >>> > >>> on the 2nd DC I get the following error messages: > >>> > >>> > >>> open: error=2 (No such file or directory) > >>> ERROR(runtime): uncaught exception - (-1073741823, > >>> 'Undetermined error') > >>> File > >>> "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", > >>> line 175, in _run > >>> return self.run(*args, **kwargs) > >>> File > >>> "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", > >>> line 218, in run > >>> lp, use_ntvfs=use_ntvfs) > >>> File > >>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py > >>> ", line 1612, in setsysvolacl > >>> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, > >>> samdb, lp, use_ntvfs, passdb=s4_passdb) > >>> File > >>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py > >>> ", line 1505, in set_gpos_acl > >>> use_ntvfs=use_ntvfs, skip_invalid_chown=True, > >>> passdb=passdb, service=SYSVOL_SERVICE) > >>> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", > >>> line 154, in setntacl > >>> smbd.set_nt_acl(file, security.SECINFO_OWNER | > >>> security.SECINFO_GROUP | security.SECINFO_DACL | > >>> security.SECINFO_SACL, sd, service=service) > >>> > >>> My smb.conf on DC1: > >>> > >>> > >>> # Global parameters > >>> [global] > >>> workgroup = EXAMPLE > >>> realm = EXAMPLE.LAN > >>> netbios name = DC1 > >>> interfaces = lo, eth0 > >>> bind interfaces only = Yes > >>> server role = active directory domain controller > >>> idmap_ldb:use rfc2307 = yes > >>> [netlogon] > >>> path = /var/lib/samba/sysvol/pentracor.lan/scripts > >>> read only = No > >>> [sysvol] > >>> path = /var/lib/samba/sysvol > >>> read only = No > >>> > >>> smb.conf ond DC2: > >>> > >>> > >>> # Global parameters > >>> [global] > >>> workgroup = EXAMPLE > >>> realm = example.lan > >>> netbios name = DC2 > >>> interfaces = lo, eth1 > >>> bind interfaces only = Yes > >>> server role = active directory domain controller > >>> [netlogon] > >>> path = /var/lib/samba/sysvol/example.lan/scripts > >>> read only = No > >>> [sysvol > >>> path = /var/lib/samba/sysvol > >>> read only = No > >>> > >>> I did turn off iptables and SELinux on both machines for > >>> testing purposes. The folder /var/lib/samba/sysvol exists on > >>> DC2. On DC1 I can run the sysvolreset command without any problems. > >>> > >>> Hopefully someone has an idea what might be wrong here. > >>> > >>> Regards > >>> Stephan Mattecka > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >>> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba][https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]] > >> OK, try commenting out the interfaces lines, restart samba on both > >> machines and see how you go on. > >> I do not know if you are trying in anyway to sync sysvol between the 2 > >> DCs, if you are this could give you a problem, as idmap.ldb is different > >> between the DCs, the workaround is to copy idmap.ldb from the first DC > >> to the second and run sysvolreset, but this is where we came in :-D > >> > >> Can you post the command you used to provision the first DC and the > >> command you used to join the second DC to the first. > >> > >> Rowland > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] > > Hello Rowland, > > > > I did comment the interfaces lines but nothing changed for the sysvolcheck on dc2. > > I also get an error message for ntacl sysvolcheck. The loglevel 5 output is the following (for sysvolcheck in this case, I deleted some lines about loglevels being 5): > > > > INFO: Current debug levels: > > all: 5 > > Processing section "[netlogon]" > > Processing section "[sysvol]" > > pm_process() returned Yes > > schema_fsmo_init: we are master[no] updates allowed[no] > > schema_fsmo_init: we are master[no] updates allowed[no] > > lp_load_ex: refreshing parameters > > Initialising global parameters > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > > Processing section "[global]" > > doing parameter workgroup = EXAMPLE > > doing parameter realm = example.lan > > doing parameter netbios name = DC2 > > doing parameter server role = active directory domain controller > > doing parameter log level = 5 > > INFO: Current debug levels: > > all: 5 > > doing parameter idmap_ldb:use rfc2307 = yes > > Processing section "[netlogon]" > > doing parameter path = /var/lib/samba/sysvol/example.lan/scripts > > doing parameter read only = No > > Processing section "[sysvol]" > > doing parameter path = /var/lib/samba/sysvol > > doing parameter read only = No > > pm_process() returned Yes > > Attempting to register passdb backend smbpasswd > > Successfully added passdb backend 'smbpasswd' > > Attempting to register passdb backend tdbsam > > Successfully added passdb backend 'tdbsam' > > Attempting to register passdb backend wbc_sam > > Successfully added passdb backend 'wbc_sam' > > Attempting to register passdb backend samba_dsdb > > Successfully added passdb backend 'samba_dsdb' > > Attempting to register passdb backend samba4 > > Successfully added passdb backend 'samba4' > > Attempting to register passdb backend ldapsam > > Successfully added passdb backend 'ldapsam' > > Attempting to register passdb backend NDS_ldapsam > > Successfully added passdb backend 'NDS_ldapsam' > > Attempting to register passdb backend IPA_ldapsam > > Successfully added passdb backend 'IPA_ldapsam' > > Attempting to find a passdb backend to match samba_dsdb:tdb:///var/lib/samba/private/sam.ldb (samba_dsdb) > > Found pdb backend samba_dsdb > > ldb_wrap open of idmap.ldb > > pdb backend samba_dsdb:tdb:///var/lib/samba/private/sam.ldb has a valid init > > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory') > > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 249, in run > > lp) > > File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1726, in checksysvolacl > > direct_db_access) > > File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl > > domainsid, direct_db_access) > > File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl > > fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE) > > File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in getntacl > > xattr.XATTR_NTACL_NAME) > > > > For provisioning and joining I followed strictly the HowTos on the samba Wiki. I used the following commands: > > > > samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes" (provisioning on DC1) > > > > samba-tool domain join example.lan DC -Uadministrator --realm=example.lan --dns-backend=SAMBA_INTERNAL --option="interfaces=lo eth0" --option="bind interfaces only=yes" (joining DC2) > > > > I just came to the problem because I wanted to sync the sysvol between the two DCs. But then I got this error-message on DC2. > > My first thought was that something was wrong with the imported file, so I started the procedure again, to see if I get the same error-message without importing the data from DC1. > > > > Regards > > Stephan > > Strange, it seems to be saying that you do not have sysvol directory. > > What does 'ls -la /var/lib/samba/sysvol/' show ? > > and 'getfacl /var/lib/samba/sysvol' > > Rowland > >[root at dc2 ~]# ls -alh /var/lib/samba/sysvol/ total 20K drwxrwx---+ 3 root 3000000 4.0K May 26 10:37 . drwxr-xr-x. 10 root root 4.0K May 20 15:28 .. drwxrwx---+ 4 root 3000000 4.0K May 21 14:51 example.lan [root at dc2 ~]# getfacl /var/lib/samba/sysvol getfacl: Removing leading '/' from absolute path names # file: var/lib/samba/sysvol # owner: root # group: 3000000 user::rwx user:root:rwx user:3000000:rwx user:3000001:r-x user:3000002:rwx user:3000003:r-x group::rwx group:3000000:rwx group:3000001:r-x group:3000002:rwx group:3000003:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000000:rwx default:user:3000001:r-x default:user:3000002:rwx default:user:3000003:r-x default:group::--- default:group:3000000:rwx default:group:3000001:r-x default:group:3000002:rwx default:group:3000003:r-x default:mask::rwx default:other::--- I did even try copy the Policies folder from DC1 to DC2 because I thought this might be the missing folder, but this also does not help. Stephan
Rowland Penny
2015-May-26 12:44 UTC
[Samba] [SAMBA] Problems with joining a second DC to AD
On 26/05/15 12:51, Stephan Mattecka wrote:>> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr >> Von: "Rowland Penny" <rowlandpenny at googlemail.com> >> An: "Stephan Mattecka" <ste-fun_s at gmx.de> >> Cc: samba at lists.samba.org >> Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD >> >> On 26/05/15 10:42, Stephan Mattecka wrote: >>> Gesendet: Donnerstag, 21. Mai 2015 um 19:06 Uhr >>> Von: "Rowland Penny" <rowlandpenny at googlemail.com> >>> An: samba at lists.samba.org >>> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD >>> On 21/05/15 17:41, Stephan Mattecka wrote: >>>> Hi Rowland and Louis, >>>> >>>> I did try both of your suggestions, but nothing changed on DC2. I did check all the DNS-settings (resolv.conf and hosts), so that I don't think that this is the reason for the error-messages. >>>> >>>> I did set the loglevel to 5 and will try to find the differences between both machines. These are just virtual machines to test the building of a AD-Domain before using it in real life. >>>> >>>> Regards >>>> Stephan >>>> >>>> >>>> >>>> >>>> Gesendet: Donnerstag, 21. Mai 2015 um 10:39 Uhr >>>> Von: "L.P.H. van Belle" <belle at bazuin.nl> >>>> An: "samba at lists.samba.org" <samba at lists.samba.org> >>>> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD >>>> Hai, >>>> >>>> I hope, your domain is not .lan ( reserved name for mDNS ) >>>> can be used, but can give problemens. >>>> >>>> in smb.conf >>>> change : >>>> interfaces = lo, eth0 >>>> to >>>> interfaces = lo, IP_of_eth0 >>>> >>>> and make sure your /etc/hosts and /etc/resolv.conf on DC2 are correct. >>>> make sure you have in /etc/resolv.conf on DC2. >>>> search example.lan >>>> nameserver IP_OF_DC1 >>>> >>>> >>>> >>>> and try again. >>>> >>>> Greetz, >>>> >>>> Louis >>>> >>>> >>>> >>>>> -----Oorspronkelijk bericht----- >>>>> Van: ste-fun_s at gmx.de [mailto:samba-bounces at lists.samba.org] >>>>> Namens Stephan Mattecka >>>>> Verzonden: donderdag 21 mei 2015 9:18 >>>>> Aan: samba at lists.samba.org >>>>> Onderwerp: [Samba] [SAMBA] Problems with joining a second DC to AD >>>>> >>>>> Hello, >>>>> >>>>> I try to setup an AD-Domain with the help of Sernet-Samba >>>>> packages. Currently I'm using Scientific Linux (SL) 6.6 and >>>>> Sernet-Samba 4.1.17 packages. I tried the procedure two times >>>>> with fresh minimal SL installations. >>>>> >>>>> I could successfully install a AD-Domain-Controller. >>>>> Now I tried to add a second DC to this AD-Domain and followed >>>>> carefully the instructions at the samba wiki. >>>>> I could also join the second DC to my domain, but when I try to run >>>>> >>>>> samba-tool ntacl sysvolreset >>>>> >>>>> on the 2nd DC I get the following error messages: >>>>> >>>>> >>>>> open: error=2 (No such file or directory) >>>>> ERROR(runtime): uncaught exception - (-1073741823, >>>>> 'Undetermined error') >>>>> File >>>>> "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", >>>>> line 175, in _run >>>>> return self.run(*args, **kwargs) >>>>> File >>>>> "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", >>>>> line 218, in run >>>>> lp, use_ntvfs=use_ntvfs) >>>>> File >>>>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py >>>>> ", line 1612, in setsysvolacl >>>>> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, >>>>> samdb, lp, use_ntvfs, passdb=s4_passdb) >>>>> File >>>>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py >>>>> ", line 1505, in set_gpos_acl >>>>> use_ntvfs=use_ntvfs, skip_invalid_chown=True, >>>>> passdb=passdb, service=SYSVOL_SERVICE) >>>>> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", >>>>> line 154, in setntacl >>>>> smbd.set_nt_acl(file, security.SECINFO_OWNER | >>>>> security.SECINFO_GROUP | security.SECINFO_DACL | >>>>> security.SECINFO_SACL, sd, service=service) >>>>> >>>>> My smb.conf on DC1: >>>>> >>>>> >>>>> # Global parameters >>>>> [global] >>>>> workgroup = EXAMPLE >>>>> realm = EXAMPLE.LAN >>>>> netbios name = DC1 >>>>> interfaces = lo, eth0 >>>>> bind interfaces only = Yes >>>>> server role = active directory domain controller >>>>> idmap_ldb:use rfc2307 = yes >>>>> [netlogon] >>>>> path = /var/lib/samba/sysvol/pentracor.lan/scripts >>>>> read only = No >>>>> [sysvol] >>>>> path = /var/lib/samba/sysvol >>>>> read only = No >>>>> >>>>> smb.conf ond DC2: >>>>> >>>>> >>>>> # Global parameters >>>>> [global] >>>>> workgroup = EXAMPLE >>>>> realm = example.lan >>>>> netbios name = DC2 >>>>> interfaces = lo, eth1 >>>>> bind interfaces only = Yes >>>>> server role = active directory domain controller >>>>> [netlogon] >>>>> path = /var/lib/samba/sysvol/example.lan/scripts >>>>> read only = No >>>>> [sysvol >>>>> path = /var/lib/samba/sysvol >>>>> read only = No >>>>> >>>>> I did turn off iptables and SELinux on both machines for >>>>> testing purposes. The folder /var/lib/samba/sysvol exists on >>>>> DC2. On DC1 I can run the sysvolreset command without any problems. >>>>> >>>>> Hopefully someone has an idea what might be wrong here. >>>>> >>>>> Regards >>>>> Stephan Mattecka >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba][https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]] >>>> OK, try commenting out the interfaces lines, restart samba on both >>>> machines and see how you go on. >>>> I do not know if you are trying in anyway to sync sysvol between the 2 >>>> DCs, if you are this could give you a problem, as idmap.ldb is different >>>> between the DCs, the workaround is to copy idmap.ldb from the first DC >>>> to the second and run sysvolreset, but this is where we came in :-D >>>> >>>> Can you post the command you used to provision the first DC and the >>>> command you used to join the second DC to the first. >>>> >>>> Rowland >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] >>> Hello Rowland, >>> >>> I did comment the interfaces lines but nothing changed for the sysvolcheck on dc2. >>> I also get an error message for ntacl sysvolcheck. The loglevel 5 output is the following (for sysvolcheck in this case, I deleted some lines about loglevels being 5): >>> >>> INFO: Current debug levels: >>> all: 5 >>> Processing section "[netlogon]" >>> Processing section "[sysvol]" >>> pm_process() returned Yes >>> schema_fsmo_init: we are master[no] updates allowed[no] >>> schema_fsmo_init: we are master[no] updates allowed[no] >>> lp_load_ex: refreshing parameters >>> Initialising global parameters >>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >>> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >>> Processing section "[global]" >>> doing parameter workgroup = EXAMPLE >>> doing parameter realm = example.lan >>> doing parameter netbios name = DC2 >>> doing parameter server role = active directory domain controller >>> doing parameter log level = 5 >>> INFO: Current debug levels: >>> all: 5 >>> doing parameter idmap_ldb:use rfc2307 = yes >>> Processing section "[netlogon]" >>> doing parameter path = /var/lib/samba/sysvol/example.lan/scripts >>> doing parameter read only = No >>> Processing section "[sysvol]" >>> doing parameter path = /var/lib/samba/sysvol >>> doing parameter read only = No >>> pm_process() returned Yes >>> Attempting to register passdb backend smbpasswd >>> Successfully added passdb backend 'smbpasswd' >>> Attempting to register passdb backend tdbsam >>> Successfully added passdb backend 'tdbsam' >>> Attempting to register passdb backend wbc_sam >>> Successfully added passdb backend 'wbc_sam' >>> Attempting to register passdb backend samba_dsdb >>> Successfully added passdb backend 'samba_dsdb' >>> Attempting to register passdb backend samba4 >>> Successfully added passdb backend 'samba4' >>> Attempting to register passdb backend ldapsam >>> Successfully added passdb backend 'ldapsam' >>> Attempting to register passdb backend NDS_ldapsam >>> Successfully added passdb backend 'NDS_ldapsam' >>> Attempting to register passdb backend IPA_ldapsam >>> Successfully added passdb backend 'IPA_ldapsam' >>> Attempting to find a passdb backend to match samba_dsdb:tdb:///var/lib/samba/private/sam.ldb (samba_dsdb) >>> Found pdb backend samba_dsdb >>> ldb_wrap open of idmap.ldb >>> pdb backend samba_dsdb:tdb:///var/lib/samba/private/sam.ldb has a valid init >>> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory') >>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run >>> return self.run(*args, **kwargs) >>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 249, in run >>> lp) >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1726, in checksysvolacl >>> direct_db_access) >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl >>> domainsid, direct_db_access) >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl >>> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE) >>> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in getntacl >>> xattr.XATTR_NTACL_NAME) >>> >>> For provisioning and joining I followed strictly the HowTos on the samba Wiki. I used the following commands: >>> >>> samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes" (provisioning on DC1) >>> >>> samba-tool domain join example.lan DC -Uadministrator --realm=example.lan --dns-backend=SAMBA_INTERNAL --option="interfaces=lo eth0" --option="bind interfaces only=yes" (joining DC2) >>> >>> I just came to the problem because I wanted to sync the sysvol between the two DCs. But then I got this error-message on DC2. >>> My first thought was that something was wrong with the imported file, so I started the procedure again, to see if I get the same error-message without importing the data from DC1. >>> >>> Regards >>> Stephan >> Strange, it seems to be saying that you do not have sysvol directory. >> >> What does 'ls -la /var/lib/samba/sysvol/' show ? >> >> and 'getfacl /var/lib/samba/sysvol' >> >> Rowland >> >> > [root at dc2 ~]# ls -alh /var/lib/samba/sysvol/ > total 20K > drwxrwx---+ 3 root 3000000 4.0K May 26 10:37 . > drwxr-xr-x. 10 root root 4.0K May 20 15:28 .. > drwxrwx---+ 4 root 3000000 4.0K May 21 14:51 example.lan > > [root at dc2 ~]# getfacl /var/lib/samba/sysvol > getfacl: Removing leading '/' from absolute path names > # file: var/lib/samba/sysvol > # owner: root > # group: 3000000 > user::rwx > user:root:rwx > user:3000000:rwx > user:3000001:r-x > user:3000002:rwx > user:3000003:r-x > group::rwx > group:3000000:rwx > group:3000001:r-x > group:3000002:rwx > group:3000003:r-x > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000001:r-x > default:user:3000002:rwx > default:user:3000003:r-x > default:group::--- > default:group:3000000:rwx > default:group:3000001:r-x > default:group:3000002:rwx > default:group:3000003:r-x > default:mask::rwx > default:other::--- > > I did even try copy the Policies folder from DC1 to DC2 because I thought this might be the missing folder, but this also does not help. > > StephanOK, the above results look ok to me, so I had a look on a test setup I have up and running and on the second DC (running sernet-samba 4.2.1) I found this: root at testdc2:~# ls -la /var/lib/samba/sysvol/ total 12 drwxr-xr-x 3 root root 4096 May 12 14:40 . drwxr-xr-x 10 root root 4096 May 26 09:55 .. drwxr-xr-x 3 root root 4096 May 12 14:40 sambadom.example.com root at testdc2:~# getfacl /var/lib/samba/sysvol getfacl: Removing leading '/' from absolute path names # file: var/lib/samba/sysvol # owner: root # group: root user::rwx group::r-x other::r-x It doesn't seem to have any ACLs So I tried to check them: root at testdc2:~# samba-tool ntacl sysvolcheck ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run lp) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1721, in checksysvolacl fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl xattr.XATTR_NTACL_NAME) Hmm, that doesn't look good, tried to reset them (or in this case set them): root at testdc2:~# samba-tool ntacl sysvolreset open: error=2 (No such file or directory) ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 218, in run lp, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1616, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1509, in set_gpos_acl use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) Well that doesn't appear to have worked, tried restarting samba, checked smb.conf etc, but when I looked at the dir again, I found this: root at testdc2:~# ls -la /var/lib/samba/sysvol/ total 20 drwxrwx---+ 3 root 3000000 4096 May 26 13:20 . drwxr-xr-x 10 root root 4096 May 26 13:20 .. drwxrwx---+ 3 root 3000000 4096 May 12 14:40 sambadom.example.com root at testdc2:~# getfacl /var/lib/samba/sysvol/ getfacl: Removing leading '/' from absolute path names # file: var/lib/samba/sysvol/ # owner: root # group: 3000000 user::rwx user:root:rwx user:3000000:rwx user:3000007:r-x user:3000008:rwx user:3000009:r-x group::rwx group:3000000:rwx group:3000007:r-x group:3000008:rwx group:3000009:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000000:rwx default:user:3000007:r-x default:user:3000008:rwx default:user:3000009:r-x default:group::--- default:group:3000000:rwx default:group:3000007:r-x default:group:3000008:rwx default:group:3000009:r-x default:mask::rwx default:other::--- What! it now has ACLs, tried to check them again: root at testdc2:~# samba-tool ntacl sysvolcheck ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run lp) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1730, in checksysvolacl direct_db_access) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1666, in check_gpos_acl direct_db_access=direct_db_access, service=SYSVOL_SERVICE) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl xattr.XATTR_NTACL_NAME) I am now beginning to think this a samba-tool problem and there isn't anything actually wrong with sysvol. Rowland
Stephan Mattecka
2015-May-26 13:24 UTC
[Samba] [SAMBA] Problems with joining a second DC to AD
> Gesendet: Dienstag, 26. Mai 2015 um 14:44 Uhr > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > An: "Stephan Mattecka" <ste-fun_s at gmx.de> > Cc: samba at lists.samba.org > Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > > On 26/05/15 12:51, Stephan Mattecka wrote: > >> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr > >> Von: "Rowland Penny" <rowlandpenny at googlemail.com> > >> An: "Stephan Mattecka" <ste-fun_s at gmx.de> > >> Cc: samba at lists.samba.org > >> Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > >> > >> On 26/05/15 10:42, Stephan Mattecka wrote: > >>> Gesendet: Donnerstag, 21. Mai 2015 um 19:06 Uhr > >>> Von: "Rowland Penny" <rowlandpenny at googlemail.com> > >>> An: samba at lists.samba.org > >>> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > >>> On 21/05/15 17:41, Stephan Mattecka wrote: > >>>> Hi Rowland and Louis, > >>>> > >>>> I did try both of your suggestions, but nothing changed on DC2. I did check all the DNS-settings (resolv.conf and hosts), so that I don't think that this is the reason for the error-messages. > >>>> > >>>> I did set the loglevel to 5 and will try to find the differences between both machines. These are just virtual machines to test the building of a AD-Domain before using it in real life. > >>>> > >>>> Regards > >>>> Stephan > >>>> > >>>> > >>>> > >>>> > >>>> Gesendet: Donnerstag, 21. Mai 2015 um 10:39 Uhr > >>>> Von: "L.P.H. van Belle" <belle at bazuin.nl> > >>>> An: "samba at lists.samba.org" <samba at lists.samba.org> > >>>> Betreff: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > >>>> Hai, > >>>> > >>>> I hope, your domain is not .lan ( reserved name for mDNS ) > >>>> can be used, but can give problemens. > >>>> > >>>> in smb.conf > >>>> change : > >>>> interfaces = lo, eth0 > >>>> to > >>>> interfaces = lo, IP_of_eth0 > >>>> > >>>> and make sure your /etc/hosts and /etc/resolv.conf on DC2 are correct. > >>>> make sure you have in /etc/resolv.conf on DC2. > >>>> search example.lan > >>>> nameserver IP_OF_DC1 > >>>> > >>>> > >>>> > >>>> and try again. > >>>> > >>>> Greetz, > >>>> > >>>> Louis > >>>> > >>>> > >>>> > >>>>> -----Oorspronkelijk bericht----- > >>>>> Van: ste-fun_s at gmx.de [mailto:samba-bounces at lists.samba.org] > >>>>> Namens Stephan Mattecka > >>>>> Verzonden: donderdag 21 mei 2015 9:18 > >>>>> Aan: samba at lists.samba.org > >>>>> Onderwerp: [Samba] [SAMBA] Problems with joining a second DC to AD > >>>>> > >>>>> Hello, > >>>>> > >>>>> I try to setup an AD-Domain with the help of Sernet-Samba > >>>>> packages. Currently I'm using Scientific Linux (SL) 6.6 and > >>>>> Sernet-Samba 4.1.17 packages. I tried the procedure two times > >>>>> with fresh minimal SL installations. > >>>>> > >>>>> I could successfully install a AD-Domain-Controller. > >>>>> Now I tried to add a second DC to this AD-Domain and followed > >>>>> carefully the instructions at the samba wiki. > >>>>> I could also join the second DC to my domain, but when I try to run > >>>>> > >>>>> samba-tool ntacl sysvolreset > >>>>> > >>>>> on the 2nd DC I get the following error messages: > >>>>> > >>>>> > >>>>> open: error=2 (No such file or directory) > >>>>> ERROR(runtime): uncaught exception - (-1073741823, > >>>>> 'Undetermined error') > >>>>> File > >>>>> "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", > >>>>> line 175, in _run > >>>>> return self.run(*args, **kwargs) > >>>>> File > >>>>> "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", > >>>>> line 218, in run > >>>>> lp, use_ntvfs=use_ntvfs) > >>>>> File > >>>>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py > >>>>> ", line 1612, in setsysvolacl > >>>>> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, > >>>>> samdb, lp, use_ntvfs, passdb=s4_passdb) > >>>>> File > >>>>> "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py > >>>>> ", line 1505, in set_gpos_acl > >>>>> use_ntvfs=use_ntvfs, skip_invalid_chown=True, > >>>>> passdb=passdb, service=SYSVOL_SERVICE) > >>>>> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", > >>>>> line 154, in setntacl > >>>>> smbd.set_nt_acl(file, security.SECINFO_OWNER | > >>>>> security.SECINFO_GROUP | security.SECINFO_DACL | > >>>>> security.SECINFO_SACL, sd, service=service) > >>>>> > >>>>> My smb.conf on DC1: > >>>>> > >>>>> > >>>>> # Global parameters > >>>>> [global] > >>>>> workgroup = EXAMPLE > >>>>> realm = EXAMPLE.LAN > >>>>> netbios name = DC1 > >>>>> interfaces = lo, eth0 > >>>>> bind interfaces only = Yes > >>>>> server role = active directory domain controller > >>>>> idmap_ldb:use rfc2307 = yes > >>>>> [netlogon] > >>>>> path = /var/lib/samba/sysvol/pentracor.lan/scripts > >>>>> read only = No > >>>>> [sysvol] > >>>>> path = /var/lib/samba/sysvol > >>>>> read only = No > >>>>> > >>>>> smb.conf ond DC2: > >>>>> > >>>>> > >>>>> # Global parameters > >>>>> [global] > >>>>> workgroup = EXAMPLE > >>>>> realm = example.lan > >>>>> netbios name = DC2 > >>>>> interfaces = lo, eth1 > >>>>> bind interfaces only = Yes > >>>>> server role = active directory domain controller > >>>>> [netlogon] > >>>>> path = /var/lib/samba/sysvol/example.lan/scripts > >>>>> read only = No > >>>>> [sysvol > >>>>> path = /var/lib/samba/sysvol > >>>>> read only = No > >>>>> > >>>>> I did turn off iptables and SELinux on both machines for > >>>>> testing purposes. The folder /var/lib/samba/sysvol exists on > >>>>> DC2. On DC1 I can run the sysvolreset command without any problems. > >>>>> > >>>>> Hopefully someone has an idea what might be wrong here. > >>>>> > >>>>> Regards > >>>>> Stephan Mattecka > >>>>> -- > >>>>> To unsubscribe from this list go to the following URL and read the > >>>>> instructions: https://lists.samba.org/mailman/options/samba > >>>>> > >>>> -- > >>>> To unsubscribe from this list go to the following URL and read the > >>>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba][https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]] > >>>> OK, try commenting out the interfaces lines, restart samba on both > >>>> machines and see how you go on. > >>>> I do not know if you are trying in anyway to sync sysvol between the 2 > >>>> DCs, if you are this could give you a problem, as idmap.ldb is different > >>>> between the DCs, the workaround is to copy idmap.ldb from the first DC > >>>> to the second and run sysvolreset, but this is where we came in :-D > >>>> > >>>> Can you post the command you used to provision the first DC and the > >>>> command you used to join the second DC to the first. > >>>> > >>>> Rowland > >>>> -- > >>>> To unsubscribe from this list go to the following URL and read the > >>>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba] > >>> Hello Rowland, > >>> > >>> I did comment the interfaces lines but nothing changed for the sysvolcheck on dc2. > >>> I also get an error message for ntacl sysvolcheck. The loglevel 5 output is the following (for sysvolcheck in this case, I deleted some lines about loglevels being 5): > >>> > >>> INFO: Current debug levels: > >>> all: 5 > >>> Processing section "[netlogon]" > >>> Processing section "[sysvol]" > >>> pm_process() returned Yes > >>> schema_fsmo_init: we are master[no] updates allowed[no] > >>> schema_fsmo_init: we are master[no] updates allowed[no] > >>> lp_load_ex: refreshing parameters > >>> Initialising global parameters > >>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > >>> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > >>> Processing section "[global]" > >>> doing parameter workgroup = EXAMPLE > >>> doing parameter realm = example.lan > >>> doing parameter netbios name = DC2 > >>> doing parameter server role = active directory domain controller > >>> doing parameter log level = 5 > >>> INFO: Current debug levels: > >>> all: 5 > >>> doing parameter idmap_ldb:use rfc2307 = yes > >>> Processing section "[netlogon]" > >>> doing parameter path = /var/lib/samba/sysvol/example.lan/scripts > >>> doing parameter read only = No > >>> Processing section "[sysvol]" > >>> doing parameter path = /var/lib/samba/sysvol > >>> doing parameter read only = No > >>> pm_process() returned Yes > >>> Attempting to register passdb backend smbpasswd > >>> Successfully added passdb backend 'smbpasswd' > >>> Attempting to register passdb backend tdbsam > >>> Successfully added passdb backend 'tdbsam' > >>> Attempting to register passdb backend wbc_sam > >>> Successfully added passdb backend 'wbc_sam' > >>> Attempting to register passdb backend samba_dsdb > >>> Successfully added passdb backend 'samba_dsdb' > >>> Attempting to register passdb backend samba4 > >>> Successfully added passdb backend 'samba4' > >>> Attempting to register passdb backend ldapsam > >>> Successfully added passdb backend 'ldapsam' > >>> Attempting to register passdb backend NDS_ldapsam > >>> Successfully added passdb backend 'NDS_ldapsam' > >>> Attempting to register passdb backend IPA_ldapsam > >>> Successfully added passdb backend 'IPA_ldapsam' > >>> Attempting to find a passdb backend to match samba_dsdb:tdb:///var/lib/samba/private/sam.ldb (samba_dsdb) > >>> Found pdb backend samba_dsdb > >>> ldb_wrap open of idmap.ldb > >>> pdb backend samba_dsdb:tdb:///var/lib/samba/private/sam.ldb has a valid init > >>> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory') > >>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run > >>> return self.run(*args, **kwargs) > >>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 249, in run > >>> lp) > >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1726, in checksysvolacl > >>> direct_db_access) > >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl > >>> domainsid, direct_db_access) > >>> File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl > >>> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE) > >>> File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in getntacl > >>> xattr.XATTR_NTACL_NAME) > >>> > >>> For provisioning and joining I followed strictly the HowTos on the samba Wiki. I used the following commands: > >>> > >>> samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes" (provisioning on DC1) > >>> > >>> samba-tool domain join example.lan DC -Uadministrator --realm=example.lan --dns-backend=SAMBA_INTERNAL --option="interfaces=lo eth0" --option="bind interfaces only=yes" (joining DC2) > >>> > >>> I just came to the problem because I wanted to sync the sysvol between the two DCs. But then I got this error-message on DC2. > >>> My first thought was that something was wrong with the imported file, so I started the procedure again, to see if I get the same error-message without importing the data from DC1. > >>> > >>> Regards > >>> Stephan > >> Strange, it seems to be saying that you do not have sysvol directory. > >> > >> What does 'ls -la /var/lib/samba/sysvol/' show ? > >> > >> and 'getfacl /var/lib/samba/sysvol' > >> > >> Rowland > >> > >> > > [root at dc2 ~]# ls -alh /var/lib/samba/sysvol/ > > total 20K > > drwxrwx---+ 3 root 3000000 4.0K May 26 10:37 . > > drwxr-xr-x. 10 root root 4.0K May 20 15:28 .. > > drwxrwx---+ 4 root 3000000 4.0K May 21 14:51 example.lan > > > > [root at dc2 ~]# getfacl /var/lib/samba/sysvol > > getfacl: Removing leading '/' from absolute path names > > # file: var/lib/samba/sysvol > > # owner: root > > # group: 3000000 > > user::rwx > > user:root:rwx > > user:3000000:rwx > > user:3000001:r-x > > user:3000002:rwx > > user:3000003:r-x > > group::rwx > > group:3000000:rwx > > group:3000001:r-x > > group:3000002:rwx > > group:3000003:r-x > > mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:3000000:rwx > > default:user:3000001:r-x > > default:user:3000002:rwx > > default:user:3000003:r-x > > default:group::--- > > default:group:3000000:rwx > > default:group:3000001:r-x > > default:group:3000002:rwx > > default:group:3000003:r-x > > default:mask::rwx > > default:other::--- > > > > I did even try copy the Policies folder from DC1 to DC2 because I thought this might be the missing folder, but this also does not help. > > > > Stephan > > OK, the above results look ok to me, so I had a look on a test setup I > have up and running and on the second DC (running sernet-samba 4.2.1) I > found this: > > root at testdc2:~# ls -la /var/lib/samba/sysvol/ > total 12 > drwxr-xr-x 3 root root 4096 May 12 14:40 . > drwxr-xr-x 10 root root 4096 May 26 09:55 .. > drwxr-xr-x 3 root root 4096 May 12 14:40 sambadom.example.com > root at testdc2:~# getfacl /var/lib/samba/sysvol > getfacl: Removing leading '/' from absolute path names > # file: var/lib/samba/sysvol > # owner: root > # group: root > user::rwx > group::r-x > other::r-x > > It doesn't seem to have any ACLs > > So I tried to check them: > > root at testdc2:~# samba-tool ntacl sysvolcheck > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data > available') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 249, in run > lp) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1721, in checksysvolacl > fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, > service=SYSVOL_SERVICE) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in > getntacl > xattr.XATTR_NTACL_NAME) > > Hmm, that doesn't look good, tried to reset them (or in this case set them): > > root at testdc2:~# samba-tool ntacl sysvolreset > open: error=2 (No such file or directory) > ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 218, in run > lp, use_ntvfs=use_ntvfs) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1616, in setsysvolacl > set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, > use_ntvfs, passdb=s4_passdb) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1509, in set_gpos_acl > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, > service=SYSVOL_SERVICE) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in > setntacl > smbd.set_nt_acl(file, security.SECINFO_OWNER | > security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, > sd, service=service) > > Well that doesn't appear to have worked, tried restarting samba, checked > smb.conf etc, but when I looked at the dir again, I found this: > > root at testdc2:~# ls -la /var/lib/samba/sysvol/ > total 20 > drwxrwx---+ 3 root 3000000 4096 May 26 13:20 . > drwxr-xr-x 10 root root 4096 May 26 13:20 .. > drwxrwx---+ 3 root 3000000 4096 May 12 14:40 sambadom.example.com > root at testdc2:~# getfacl /var/lib/samba/sysvol/ > getfacl: Removing leading '/' from absolute path names > # file: var/lib/samba/sysvol/ > # owner: root > # group: 3000000 > user::rwx > user:root:rwx > user:3000000:rwx > user:3000007:r-x > user:3000008:rwx > user:3000009:r-x > group::rwx > group:3000000:rwx > group:3000007:r-x > group:3000008:rwx > group:3000009:r-x > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000007:r-x > default:user:3000008:rwx > default:user:3000009:r-x > default:group::--- > default:group:3000000:rwx > default:group:3000007:r-x > default:group:3000008:rwx > default:group:3000009:r-x > default:mask::rwx > default:other::--- > > What! it now has ACLs, tried to check them again: > > root at testdc2:~# samba-tool ntacl sysvolcheck > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such > file or directory') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 249, in run > lp) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1730, in checksysvolacl > direct_db_access) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1666, in check_gpos_acl > direct_db_access=direct_db_access, service=SYSVOL_SERVICE) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in > getntacl > xattr.XATTR_NTACL_NAME) > > I am now beginning to think this a samba-tool problem and there isn't > anything actually wrong with sysvol. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Do you think this is a sernet-specific issue? I just was on my way to try the same setup as before with sernet-samba 2.1, but it now seems unlikely that it would work. Do you think it's worth to compile samba myself? Stephan