Dirk Laurenz
2020-May-04 20:24 UTC
[Samba] Access Denied to Netlogon Share on secondary DC
Hello $list, i can't access the netlogon share on the second dc. I got this error: Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.037230, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.038283, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.044073, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.045117, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.047328, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.049851, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.051256, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.093661, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:55 dc02 smbd[3321]: [2020/05/04 22:13:55.278366, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:55 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! Mai 04 22:13:55 dc02 smbd[3321]: [2020/05/04 22:13:55.332277, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) Mai 04 22:13:55 dc02 smbd[3321]: change_to_user_internal: chdir_current_service() failed! I checked the rights which are identically on both nodes. Accessing as admin works but not as user. Rights on the working DC: root at dc01:/var/lib/samba# getfacl sysvol/ # file: sysvol/ # owner: root # group: 3000002 user::rwx user:root:rwx user:3000002:rwx user:3000017:r-x user:3000018:rwx user:3000019:r-x group::rwx group:3000002:rwx group:3000017:r-x group:3000018:rwx group:3000019:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000002:rwx default:user:3000017:r-x default:user:3000018:rwx default:user:3000019:r-x default:group::--- default:group:3000002:rwx default:group:3000017:r-x default:group:3000018:rwx default:group:3000019:r-x default:mask::rwx default:other::--- on the not working dc: root at dc02:/var/lib/samba# getfacl sysvol # file: sysvol # owner: root # group: 3000002 user::rwx user:root:rwx user:3000002:rwx user:3000017:r-x user:3000018:rwx user:3000019:r-x group::rwx group:3000002:rwx group:3000017:r-x group:3000018:rwx group:3000019:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000002:rwx default:user:3000017:r-x default:user:3000018:rwx default:user:3000019:r-x default:group::--- default:group:3000002:rwx default:group:3000017:r-x default:group:3000018:rwx default:group:3000019:r-x default:mask::rwx default:other::--- I'm a little bit lost.. Regards, Dirk
Rowland penny
2020-May-04 20:55 UTC
[Samba] Access Denied to Netlogon Share on secondary DC
On 04/05/2020 21:24, Dirk Laurenz via samba wrote:> Hello $list, > > > > i can't access the netlogon share on the second dc. I got this error: > > > > Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964, 0] > ../../source3/smbd/uid.c:448(change_to_user_internal) > > I checked the rights which are identically on both nodes. Accessing as admin > works but not as user.I take it you have synced sysvol and idmap.ldb from the first DC to the second DC and access works on the first DC. Rowland
Andrew Bartlett
2020-May-04 21:10 UTC
[Samba] Access Denied to Netlogon Share on secondary DC
On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba wrote:> Hello $list, > > > > i can't access the netlogon share on the second dc. I got this error: > > > > Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964, 0] > ../../source3/smbd/uid.c:448(change_to_user_internal) > > Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: > chdir_current_service() failed! >> > > I checked the rights which are identically on both nodes. Accessing > as admin > works but not as user. >> I'm a little bit lost.. >How are you syncronising the netlogon share? You need to ensure the NT ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset', particularly if the idmap is not the same on both. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
Dirk Laurenz
2020-May-04 21:18 UTC
[Samba] Access Denied to Netlogon Share on secondary DC
Hello Andrew, i use the rsync script from the wiki.... crontabl -l */5 * * * * rsync -XAavz --delete-after --password-file=/etc/samba/rsync-sysvol.secret rsync://sysvol-replication at dc01.samba.laurenz.ws/SysVol /var/lib/samba/sysvol/ -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Andrew Bartlett via samba Gesendet: Montag, 4. Mai 2020 23:10 An: Dirk Laurenz <samba at laurenz.ws>; samba at lists.samba.org Betreff: Re: [Samba] Access Denied to Netlogon Share on secondary DC On Mon, 2020-05-04 at 22:24 +0200, Dirk Laurenz via samba wrote:> Hello $list, > > > > i can't access the netlogon share on the second dc. I got this error: > > > > Mai 04 22:13:53 dc02 smbd[3321]: [2020/05/04 22:13:53.035964, 0] > ../../source3/smbd/uid.c:448(change_to_user_internal) > > Mai 04 22:13:53 dc02 smbd[3321]: change_to_user_internal: > chdir_current_service() failed! >> > > I checked the rights which are identically on both nodes. Accessing as > admin works but not as user. >> I'm a little bit lost.. >How are you syncronising the netlogon share? You need to ensure the NT ACLs are reset on the new DC, see 'samba-tool ntacl sysvolreset', particularly if the idmap is not the same on both. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba