On Mon, 15 May 2017 22:02:30 +0200 "Dirk Laurenz" <samba at laurenz.ws> wrote:> Any idea? > > > > root at samba01:~# uname -a > Linux samba01 4.9.14-v7+ #977 SMP Mon Mar 13 18:25:19 GMT 2017 armv7l > GNU/Linux > > root at samba01:~# cat /etc/debian_version > 8.7 > > root at samba01:~# samba -V > Version 4.6.3I take that you have built Samba yourself and you are using Bind9. How did you build Samba, did you follow the Samba wiki or follow another webpage, if the later which one ? What was your configure line ? What filesystem are you using ? Please post /etc/hosts, /etc/resolv.conf, /etc/hostname, /etc/krb5.conf and all your named.conf files. Rowland
Good moring, i investigated last night in this issue and was able to solve it. Short: Reason was a missing GPO file ===================== Long Version (how i think the failure occours) I have 3 samba ad services (all raspberry pi's) Because one pi crashed months ago (unreadable sd card) i move all roles from samba01 to samba02, demoted samba02 as bad dc and rejoined it as fresh install. I have sysvol replication from samba01 to ..02 and 03 (one way via rsync - as described in your wiki) So sysvol replication from 01 to 02 / 03 but pdc role on 02 Then i added a new GPO (with windows tool - which chooses the pdc...) and creates a gpo which is deleted via rsync Samba-tool ntacl sysvolcheck then fails (a reference for a gpo in ldap, but none in filesystem) ======================= What did i do to fix it? Move pdc role back to samba01 (and all other roles - via samba-tool fsmo) Deleted the gpo - i added and recreated it - now it works What would a suggest? Samba-tool should be more specific - if this failure occurs, as it is user risen and not a samba bug - somehting like gpo file is missing or so... In the long term - multi-master sysvol replication.... To answer your questions... My build optiosn are: ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --enable-fhs --with-systemd Make checkinstall make install -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny via samba Gesendet: Montag, 15. Mai 2017 22:36 An: samba at lists.samba.org Betreff: Re: [Samba] Problems with samba-tool ntacl sysvol reset On Mon, 15 May 2017 22:02:30 +0200 "Dirk Laurenz" <samba at laurenz.ws> wrote:> Any idea? > > > > root at samba01:~# uname -a > Linux samba01 4.9.14-v7+ #977 SMP Mon Mar 13 18:25:19 GMT 2017 armv7l > GNU/Linux > > root at samba01:~# cat /etc/debian_version > 8.7 > > root at samba01:~# samba -V > Version 4.6.3I take that you have built Samba yourself and you are using Bind9. How did you build Samba, did you follow the Samba wiki or follow another webpage, if the later which one ? What was your configure line ? What filesystem are you using ? Please post /etc/hosts, /etc/resolv.conf, /etc/hostname, /etc/krb5.conf and all your named.conf files. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
And i was only able to find about the missing file, using strace with samba-tool -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Dirk Laurenz via samba Gesendet: Dienstag, 16. Mai 2017 07:45 An: samba at lists.samba.org Betreff: Re: [Samba] Problems with samba-tool ntacl sysvol reset Good moring, i investigated last night in this issue and was able to solve it. Short: Reason was a missing GPO file ===================== Long Version (how i think the failure occours) I have 3 samba ad services (all raspberry pi's) Because one pi crashed months ago (unreadable sd card) i move all roles from samba01 to samba02, demoted samba02 as bad dc and rejoined it as fresh install. I have sysvol replication from samba01 to ..02 and 03 (one way via rsync - as described in your wiki) So sysvol replication from 01 to 02 / 03 but pdc role on 02 Then i added a new GPO (with windows tool - which chooses the pdc...) and creates a gpo which is deleted via rsync Samba-tool ntacl sysvolcheck then fails (a reference for a gpo in ldap, but none in filesystem) ======================= What did i do to fix it? Move pdc role back to samba01 (and all other roles - via samba-tool fsmo) Deleted the gpo - i added and recreated it - now it works What would a suggest? Samba-tool should be more specific - if this failure occurs, as it is user risen and not a samba bug - somehting like gpo file is missing or so... In the long term - multi-master sysvol replication.... To answer your questions... My build optiosn are: ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --enable-fhs --with-systemd Make checkinstall make install -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny via samba Gesendet: Montag, 15. Mai 2017 22:36 An: samba at lists.samba.org Betreff: Re: [Samba] Problems with samba-tool ntacl sysvol reset On Mon, 15 May 2017 22:02:30 +0200 "Dirk Laurenz" <samba at laurenz.ws> wrote:> Any idea? > > > > root at samba01:~# uname -a > Linux samba01 4.9.14-v7+ #977 SMP Mon Mar 13 18:25:19 GMT 2017 armv7l > GNU/Linux > > root at samba01:~# cat /etc/debian_version > 8.7 > > root at samba01:~# samba -V > Version 4.6.3I take that you have built Samba yourself and you are using Bind9. How did you build Samba, did you follow the Samba wiki or follow another webpage, if the later which one ? What was your configure line ? What filesystem are you using ? Please post /etc/hosts, /etc/resolv.conf, /etc/hostname, /etc/krb5.conf and all your named.conf files. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba