Stephen
2019-Mar-26 11:14 UTC
[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
Cheers Louis, i just ran the diagnostic snippet you sent me:
pi at ad1:/var/lib/samba/private $ sudo ls -al $(samba -b | grep STATEDIR |
awk {' print $NF '})/sysvol
total 20
drwxrwx---+ 3 root 3000000 4096 Mar 25 16:36 .
drwxr-xr-x 8 root root 4096 Mar 25 17:31 ..
drwxrwx---+ 4 root 3000000 4096 Mar 25 16:36 samdom.example.com
pi at ad2:/var/lib/samba/private $ sudo ls -al $(samba -b | grep STATEDIR |
awk {' print $NF '})/sysvol
total 20
drwxrwx---+ 3 root 3000000 4096 Mar 26 10:55 .
drwxr-xr-x 8 root root 4096 Mar 26 10:55 ..
drwxrwx---+ 3 root 3000000 4096 Mar 25 16:42 samdom.example.com
Im guessing the empty folders here suggests that I have not synced SysVol?
Cheers
Stephen
Jonathon Reinhart
2019-Mar-26 11:37 UTC
[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
I recently went through these steps from the wiki and took the following
notes which I had not yet shared / suggested for the wiki.
(This is from mobile, sorry for the terse message.)
- You need to clear the idmap cache after copying idmap.ldb ("net cache
clear") otherwise you could have stale entries hanging around.
- You need to sync SysVol before running sysvol reset, because samba-tool
falls on its face if that directory is empty.
- The initial permissions of the the stuff in Sysvol didn't match what
"sysvol reset" wanted. I'm not sure who initially created the
stuff with
bad permissions.
Jonathon
On Tue, Mar 26, 2019, 07:14 Stephen via samba <samba at lists.samba.org>
wrote:
> Cheers Louis, i just ran the diagnostic snippet you sent me:
>
> pi at ad1:/var/lib/samba/private $ sudo ls -al $(samba -b | grep STATEDIR |
> awk {' print $NF '})/sysvol
> total 20
> drwxrwx---+ 3 root 3000000 4096 Mar 25 16:36 .
> drwxr-xr-x 8 root root 4096 Mar 25 17:31 ..
> drwxrwx---+ 4 root 3000000 4096 Mar 25 16:36 samdom.example.com
>
> pi at ad2:/var/lib/samba/private $ sudo ls -al $(samba -b | grep STATEDIR |
> awk {' print $NF '})/sysvol
> total 20
> drwxrwx---+ 3 root 3000000 4096 Mar 26 10:55 .
>
> drwxr-xr-x 8 root root 4096 Mar 26 10:55 ..
>
> drwxrwx---+ 3 root 3000000 4096 Mar 25 16:42 samdom.example.com
>
> Im guessing the empty folders here suggests that I have not synced SysVol?
>
> Cheers
> Stephen
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Rowland Penny
2019-Mar-26 11:39 UTC
[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
On Tue, 26 Mar 2019 11:14:07 +0000 Stephen via samba <samba at lists.samba.org> wrote:> Cheers Louis, i just ran the diagnostic snippet you sent me: > > pi at ad1:/var/lib/samba/private $ sudo ls -al $(samba -b | grep > STATEDIR | awk {' print $NF '})/sysvol > total 20 > drwxrwx---+ 3 root 3000000 4096 Mar 25 16:36 . > drwxr-xr-x 8 root root 4096 Mar 25 17:31 .. > drwxrwx---+ 4 root 3000000 4096 Mar 25 16:36 samdom.example.com > > pi at ad2:/var/lib/samba/private $ sudo ls -al $(samba -b | grep > STATEDIR | awk {' print $NF '})/sysvol > total 20 > drwxrwx---+ 3 root 3000000 4096 Mar 26 10:55 . > > drwxr-xr-x 8 root root 4096 Mar 26 10:55 .. > > drwxrwx---+ 3 root 3000000 4096 Mar 25 16:42 samdom.example.com > > Im guessing the empty folders here suggests that I have not synced > SysVol? > > Cheers > Stephen > >Yes, this is what I was trying to get at, on a newly joined DC, Sysvol is virtually empty. Rowland
Rowland Penny
2019-Mar-26 11:56 UTC
[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
On Tue, 26 Mar 2019 07:37:54 -0400 Jonathon Reinhart via samba <samba at lists.samba.org> wrote:> I recently went through these steps from the wiki and took the > following notes which I had not yet shared / suggested for the wiki. > (This is from mobile, sorry for the terse message.) > > - You need to clear the idmap cache after copying idmap.ldb ("net > cache clear") otherwise you could have stale entries hanging around.I have added that.> > - You need to sync SysVol before running sysvol reset, because > samba-tool falls on its face if that directory is empty.This has also been added.> > - The initial permissions of the the stuff in Sysvol didn't match what > "sysvol reset" wanted. I'm not sure who initially created the stuff > with bad permissions.I have been saying this for years, the permissions set on a Samba AD DC do not appear to match what a Windows DC uses. Rowland
Possibly Parallel Threads
- Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
- Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
- Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
- Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
- Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs