thr3ads.net - samba - [Samba] Access Denied to Netlogon Share on secondary DC [May 2020]

If this information is useful, please help other people find it:
Share via:

Dirk Laurenz

2020-May-04 20:24 UTC

[Samba] Access Denied to Netlogon Share on secondary DC

Hello $list,

 

i can't access the netlogon share on the second dc. I got this error:

 

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.037230,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.038283,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.044073,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.045117,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.047328,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.049851,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.051256,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.093661,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:55 dc02 smbd[3321]: [2020/05/04 22:13:55.278366,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:55 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

Mai 04 22:13:55 dc02 smbd[3321]: [2020/05/04 22:13:55.332277,  0]
../../source3/smbd/uid.c:448(change_to_user_internal)

Mai 04 22:13:55 dc02 smbd[3321]:   change_to_user_internal:
chdir_current_service() failed!

 

I checked the rights which are identically on both nodes. Accessing as admin
works but not as user.

 

Rights on the working DC:

 

root at dc01:/var/lib/samba# getfacl sysvol/

# file: sysvol/

# owner: root

# group: 3000002

user::rwx

user:root:rwx

user:3000002:rwx

user:3000017:r-x

user:3000018:rwx

user:3000019:r-x

group::rwx

group:3000002:rwx

group:3000017:r-x

group:3000018:rwx

group:3000019:r-x

mask::rwx

other::---

default:user::rwx

default:user:root:rwx

default:user:3000002:rwx

default:user:3000017:r-x

default:user:3000018:rwx

default:user:3000019:r-x

default:group::---

default:group:3000002:rwx

default:group:3000017:r-x

default:group:3000018:rwx

default:group:3000019:r-x

default:mask::rwx

default:other::---

 

on the not working dc:

 

root at dc02:/var/lib/samba# getfacl sysvol

# file: sysvol

# owner: root

# group: 3000002

user::rwx

user:root:rwx

user:3000002:rwx

user:3000017:r-x

user:3000018:rwx

user:3000019:r-x

group::rwx

group:3000002:rwx

group:3000017:r-x

group:3000018:rwx

group:3000019:r-x

mask::rwx

other::---

default:user::rwx

default:user:root:rwx

default:user:3000002:rwx

default:user:3000017:r-x

default:user:3000018:rwx

default:user:3000019:r-x

default:group::---

default:group:3000002:rwx

default:group:3000017:r-x

default:group:3000018:rwx

default:group:3000019:r-x

default:mask::rwx

default:other::---

 

I'm a little bit lost..

 

 

Regards,

 

Dirk

Rowland penny

2020-May-04 20:55 UTC

head link

[Samba] Access Denied to Netlogon Share on secondary DC

On 04/05/2020 21:24, Dirk Laurenz via samba wrote:> Hello $list,
>
>   
>
> i can't access the netlogon share on the second dc. I got this error:
>
>   
>
> Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964,  0]
> ../../source3/smbd/uid.c:448(change_to_user_internal)
>
> I checked the rights which are identically on both nodes. Accessing as
admin
> works but not as user.
I take it you have synced sysvol and idmap.ldb from the first DC to the 
second DC and access works on the first DC.

Rowland

Andrew Bartlett

2020-May-04 21:10 UTC

head link

[Samba] Access Denied to Netlogon Share on secondary DC

On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba
wrote:> Hello $list,
> 
>  
> 
> i can't access the netlogon share on the second dc. I got this error:
> 
>  
> 
> Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964,  0]
> ../../source3/smbd/uid.c:448(change_to_user_internal)
> 
> Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
> chdir_current_service() failed!
> 
>  
> 
> I checked the rights which are identically on both nodes. Accessing
> as admin
> works but not as user.
> 
> I'm a little bit lost..
> 
How are you syncronising the netlogon share?  You need to ensure the NT
ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset',
particularly if the idmap is not the same on both.

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba

Dirk Laurenz

2020-May-04 21:18 UTC

head link

[Samba] Access Denied to Netlogon Share on secondary DC

Hello Andrew,

i use the rsync script from the wiki....

crontabl -l

*/5 * * * *  rsync  -XAavz --delete-after
--password-file=/etc/samba/rsync-sysvol.secret
rsync://sysvol-replication at dc01.samba.laurenz.ws/SysVol
/var/lib/samba/sysvol/



-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Andrew
Bartlett
via samba
Gesendet: Montag, 4. Mai 2020 23:10
An: Dirk Laurenz <samba at laurenz.ws>; samba at lists.samba.org
Betreff: Re: [Samba] Access Denied to Netlogon Share on secondary DC

On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba
wrote:> Hello $list,
> 
>  
> 
> i can't access the netlogon share on the second dc. I got this error:
> 
>  
> 
> Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964,  0]
> ../../source3/smbd/uid.c:448(change_to_user_internal)
> 
> Mai 04 22:13:53 dc02 smbd[3321]:   change_to_user_internal:
> chdir_current_service() failed!
> 
>  
> 
> I checked the rights which are identically on both nodes. Accessing as 
> admin works but not as user.
> 
> I'm a little bit lost..
> 
How are you syncronising the netlogon share?  You need to ensure the NT
ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset',
particularly if the idmap is not the same on both.

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Maybe Matching Threads

Search for more possibly parallel threads

samba - May 2020 - Access Denied to Netlogon Share on secondary DC

[Samba] Access Denied to Netlogon Share on secondary DC

[Samba] Access Denied to Netlogon Share on secondary DC

[Samba] Access Denied to Netlogon Share on secondary DC

[Samba] Access Denied to Netlogon Share on secondary DC

Maybe Matching Threads